Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Layer 2 Bridge Domains on ACX Series

A bridge domain is a set of logical interfaces that share the same flooding or broadcast characteristics. Layer 2 logical interfaces are created by defining one or more logical units on a physical interface with encapsulation as ethernet-bridge or vlan-bridge. All the member ports of the bridge domain participate in Layer 2 learning and forwarding. You can configure one or more bridge domains on ACX Series routers to perform Layer 2 bridging. The Layer 2 bridging functions of ACX Series routers include integrated routing and bridging (IRB) support for Layer 2 bridging and Layer 3 IP routing on the same interface. IRB enables you to route packets to another routed interface or to another bridge domain that has a Layer 3 protocol configured

Note:

ACX Series routers do not support the creation of bridge domains by using access and trunk ports.

You can configure E-LAN and E-LINE services by using bridge domains.

On ACX Series routers, you can configure bridge domains by using the following methods:

  • Bridge domain without a vlan-id number statement

  • Bridge domain with the vlan-id value set to none

  • Bridge domain with a single vlan-id

  • Bridge domain with a vlan-id-list

Note:

The Layer 2 CLI configurations and show commands for ACX5048 and ACX5096 routers differ compared to other ACX Series routers. For more information, see Layer 2 Next Generation Mode for ACX Series.

When you configure E-LAN and E-LINE services using a bridge domain without a vlan-id number statement, the bridge domain should explicitly be normalized to a service VLAN ID and TPID by configuring an input VLAN map under a logical interface. Explicit normalization is required when a logical interface’s outer VLAN ID and TPID is not the same as the service VLAN ID and TPID of the service being configured using a bridge domain.

The following input VLAN map functions are supported in ACX Series routers:

  • push—Add a new VLAN tag to the top of the VLAN stack.

  • swap—Replace the outer VLAN tag of the VLAN stack in a frame.

  • pop—Remove a VLAN tag from the top of the VLAN tag stack.

  • swap-swap—Replace both the outer and inner VLAN tags of the frame.

  • push-push—Push two VLAN tags on top of the VLAN stack.

    Note:

    push-push does not work on ACX Series routers if the incoming packet already has a VLAN tag.

The following VLAN map functions are not supported in ACX Series routers:

  • swap-push—Replace the outer VLAN tag of the frame and add a new VLAN tag to the top of the VLAN stack.

  • pop-swap—Remove the outer VLAN tag of the frame and replace the inner VLAN tag of the frame.

  • pop-pop—Remove both the outer and inner VLAN tags of the frame.

Note:

You can configure Q-in-Q tunneling by explicitly configuring an input VLAN map with the push function on the ingress logical interface.

A bridge domain can also be created by using aggregated Ethernet interfaces. Aggregated Ethernet interfaces are considered as logical interfaces in a bridge domain.

The following steps outline the process for bridging a packet received over a Layer 2 logical interface:

  1. When a packet is received on a physical port, it is accepted only if the VLAN identifier of the packet matches the VLAN identifier of one of the logical interfaces configured on that port.

  2. If the bridge domain is configured without a vlan-id number statement, then the VLAN tags are rewritten based on the input VLAN map configured on the logical interface and normalized to a service VLAN ID.

  3. If the bridge domain is configured with a normalizing VLAN identifier by using the vlan-id number statement, the VLAN tags of the received packet are compared with the normalizing VLAN identifier. If the VLAN tags of the packet are different from the normalizing VLAN identifier, the VLAN tags are rewritten as described in Table 1.

  4. If the source MAC address of the received packet is not present in the source MAC table, it is learned based on the normalizing VLAN identifier.

  5. The packet is then forwarded toward one or more outbound Layer 2 logical interfaces based on the destination MAC address. A packet with a known unicast destination MAC address is forwarded only to one outbound logical interface.

  6. If the bridge domain is configured without a vlan-id number statement, then for each outbound Layer 2 logical interface, the VLAN tags are rewritten based on the output VLAN map configured on that logical interface.

  7. If the bridge domain is configured with a normalizing VLAN identifier by using the vlan-id number statement, for each outbound Layer 2 logical interface, the normalizing VLAN identifier configured for the bridge domain is compared with the VLAN tags configured on that logical interface. If the VLAN tags associated with an outbound logical interface do not match the normalizing VLAN identifier configured for the bridge domain, the VLAN tags are rewritten as described in Table 2.

Table 1 shows specific examples of how the VLAN tags of packets sent to the bridge domain are processed and translated, depending on your configuration. “–” means that the statement is not supported for the specified logical interface VLAN identifier. “No operation” means that the VLAN tags of the received packet are not translated for the specified input logical interface.

Table 1: Statement Usage and Input Rewrite Operations for VLAN Identifiers for a Bridge Domain

VLAN Identifier of Logical Interface

VLAN Configurations for Bridge Domain

vlan-id none

vlan-id 200

none

No operation

push 200

200

pop 200

No operation

1000

pop 1000

swap 1000 to 200

vlan-tags outer 2000 inner 300

pop 2000, pop 300

pop 2000, swap 300 to 200

vlan-tags outer 100 inner 400

pop 100, pop 400

pop 100, swap 400 to 200

vlan-id-range 10-100

Table 2 shows specific examples of how the VLAN tags for packets sent from the bridge domain are processed and translated, depending on your configuration. “–” means that the statement is not supported for the specified logical interface VLAN identifier. “No operation” means that the VLAN tags of the outbound packet are not translated for the specified output logical interface.

Table 2: Statement Usage and Output Rewrite Operations for VLAN Identifiers for a Bridge Domain

VLAN Identifier of Logical Interface

VLAN Configurations for Bridge Domain

vlan-id none

vlan-id 200

none

no operation

pop 200

200

push 200

No operation

1000

push 1000

swap 200 to 1000

vlan-tags outer 2000 inner 300

push 2000, push 300

swap 200 to 300, push 2000

vlan-tags outer 100 inner 400

push 100, push 400

swap 200 to 400, push 100

vlan-id-range 10-100

Limitations on Layer 2 bridging—The following Layer 2 bridging limitations apply for ACX Series Universal Metro Routers:

  • A bridge domain cannot have two or more logical interfaces that belong to the same physical interface.

  • A bridge domain with dual VLAN ID tag is not supported.

  • The maximum number of supported input VLAN maps with TPID swap is 64.

  • MAC learning cannot be disabled at a logical interface level.

  • MAC limit per logical interface cannot be configured.