Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Subscriber Policies for VPLS Network Interfaces Overview
The router associates a VPLS network interface, as it does a bridge group interface, with a default subscriber policy that enables intelligent flooding of packets within a VPLS domain. This section describes how subscriber policies work and explains some important considerations when you use subscriber policies for VPLS instances. The requirements and procedures for subscriber policies are the same whether you employ BGP or LDP signaling for VPLS.
- Network Interface Types
- Default Subscriber Policies
- Modifying Subscriber Policies
- Considerations for VPLS Network Interfaces
Network Interface Types
VPLS instances, like bridge groups, support two types of network interfaces:
- Subscriber (client)—A subscriber (client) interface is downstream from the traffic flow; that is, the traffic flow direction is from the server (trunk) to the client (subscriber). This is the default network interface type for both VPLS instances and bridge groups.
- Trunk (server)—A trunk (server) interface is upstream from the traffic flow; that is, the traffic flow direction is from the client (subscriber) to the server (trunk). To configure a trunk interface, you must specify the subscriber-trunk keyword as part of the bridge-group command. The VPLS virtual core interface always acts as a trunk interface, and cannot be configured as a subscriber interface.
Default Subscriber Policies
Each network interface is associated with a default subscriber policy for that interface type. The subscriber policy is a set of forwarding and filtering rules that defines how the specified interface handles various packet or attribute types, as follows:
- For each packet type listed in Table 113, the subscriber policy specifies whether the network interface permits (forwards) or denies (filters or drops) packets of that type.
- For the relearn attribute, the subscriber policy specifies whether the network interface can relearn a MAC address entry on a different interface from the one initially associated with this entry in the forwarding table. Permit indicates that relearning is allowed; deny indicates that relearning is prohibited.
Table 113 lists the default values for each packet or attribute type defined in the policies for subscriber interfaces and trunk interfaces. The default subscriber policy differs in one way from the default trunk policy: broadcast packets and packets with unknown unicast destination addresses (DAs) are denied in the subscriber policy and permitted in the trunk policy.
Table 113: Default Subscriber Policies for VPLS Network Interfaces
Packet/Attribute Type | Default Subscriber Policy | Default Trunk Policy |
|---|---|---|
ARP | Permit | Permit |
Broadcast | Deny | Permit |
IP | Permit | Permit |
MPLS | Permit | Permit |
Multicast | Permit | Permit |
PPPoE | Permit | Permit |
Relearn | Permit | Permit |
Unicast (user-to-user) | Permit | Permit |
Unknown unicast DA | Deny | Permit |
Unknown protocol | Permit | Permit |
Modifying Subscriber Policies
For a network interface configured as a subscriber (client) interface, you can modify the default subscriber policy to change the default permit or deny value for one or more of the packet or attribute types listed in Table 113.
You cannot, however, change the default trunk policy for a network interface configured as a trunk interface or for the VPLS virtual core interface. Trunk interfaces and the VPLS virtual core interface always use the default trunk policy, which forwards packets of all types and permits relearning.
Table 114 lists the commands that you can use to modify subscriber policies for subscriber (client) interfaces associated with either a VPLS instance or a standard bridge group.
Table 114: Commands to Configure Subscriber Policies
arp | pppoe |
bridge subscriber-policy | relearn |
broadcast | subscriber-policy |
ip | unicast |
mpls | unknown-destination |
multicast | unknown-protocol |
Considerations for VPLS Network Interfaces
When you configure network interfaces for a VPLS instance, you must ensure that the subscriber policy in effect for the interface is appropriate for your network configuration.
To ensure that the network interface permits relearning and forwards (permits) packets for all of the protocol types listed in Table 113, be sure to configure the network interface as a trunk (server) interface so that it always uses the default trunk policy. For example, the following commands associate a 10-Gigabit Ethernet interface with a VPLS instance named vplsBoston, and configure the interface as a trunk.
If you configure a VPLS network interface as a subscriber (client) interface, use care if you modify the default subscriber policy in effect for that interface. For example, if you use the arp command to change the default value for ARP packets from permit (forward) to deny (filter or drop), make sure you also use the bridge address command to add the appropriate static (nonlearned) ARP entry to the forwarding table. If an ARP entry expires from the forwarding table and the subscriber policy is configured to deny ARP packets, the router cannot properly forward subsequent ARP packets.
For information about using these commands, see Configuring Secure Policies in the JunosE Link Layer Configuration Guide.
