Layer 2 Control Protocol Transparency for EVPN
Layer 2 Control Protocols (L2CP) are Ethernet control protocols, such as spanning-tree, BPDUs, LACP, pause, and so on. The L2CP Ethernet frames have specific destination MAC addresses. The destination MAC addresses are reserved multicast MAC addresses in the range from 01-80-C2-00-00-00 through 01-80-C2-00-00-0F and from 01-80-C2-00-00-20 through 01-80-C2-00-00-2F.
The Metro Ethernet Forum (MEF) specifies the rules for processing L2CP Ethernet frame when the frames arrive at the L2CP decision point on the user network interface (UNI). The rules provide the mechanism for transparently passing the L2CP frame between a Carrier Ethernet Network and a Subscriber Network. Table 1 lists the actions that can be taken at the L2CP decision point and what transpires on Junos devices.
| MEF Actions | Junos Device |
|---|---|
| Pass | Junos devices forwards L2CP frames without processing them when the protocol is not configured on the interface. The frame is treated like a multicast address and sent to all the local and remote CE. |
| Peer | When the protocol is configured on the interface, the Packet Forwarding Engine further processes the frame. |
| Discard | You must explicitly configure a filter on the appropriate physical or logical interface to discard the frame. |
When an L2CP frame arrives at the UNI of the ingress PE Junos device, the Packet Forwarding Engine forwards (passes) the L2CP frame unless you configure the protocol on the local physical or logical interface. When a protocol is configured on the interface, the Packet Forwarding Engine further processes (peers) the frame unless you create a filter to drop (discard) it. We support L2CP transparency on EVPN-MPLS and EVPN-VPWS networks.
Benefits of L2CP Transparency
Adopting L2CP transparency promotes the interoperability of equipment between subscriber networks and carrier networks.
MEF Service Definitions
MEF defines Ethernet Private LAN (EP-LAN) as a port-based service that supports all-to-one bundling. This allows multiple VLANs to be mapped into a single Ethernet Virtual Circuit. Ethernet Virtual Private LAN (EVP-LAN) is a VLAN-based service where VLAN ID identifies the traffic. Table 2 lists and maps the MEF service type to the supported EVPN configuration on Junos OS Evolved devices.
| MEF Service Type | Junos EVPN Services |
|---|---|
|
EP-LAN |
|
|
EVP-LAN |
|
EVPN-MPLS E-LAN Services
Table 3 lists the reserved MAC address, the L2CP assigned to those MAC addresses, and the actions required for EVPN E-LAN services.
| Destination MAC Address | L2CP | Ethertype /Subtype | EP-LAN | EVP-LAN |
|---|---|---|---|---|
| 01-80-C2-00-00-00 |
STP RSTP MSTP |
— | Pass | Peer or Discard |
| 01-80-C2-00-00-01 | Pause | 0x8808 | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-02 |
LACP LAMP |
0x8809/01 0x8809/02 |
Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-02 | Link OAM | 0x8809/03 | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-02 | ESMC | 0x8809/0A | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-03 | 802.1X | 0x888E | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-04 | MAC Specific Control Protocols | — | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-05 | Reserved | — | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-06 | Reserved | — | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-07 | E-LMI | 0x88EE | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-08 | Provider Bridge Group Address | — | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-09 | Reserved | — | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-0A | Reserved | — | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-0B | Reserved | — | Pass | Peer or Discard |
| 01-80-C2-00-00-0C | Reserved | — | Pass | Peer or Discard |
|
01-80-C2-00-00-0D |
Provider Bridge MVRP Address | — | Pass | Peer or Discard |
| 01-80-C2-00-00-0E | LLDP | 0x88CC | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-0E | PTP Peer Delay | 0x88F7 | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-0F | Reserved | — | Pass | Peer or Discard |
|
01-80-C2-00-00-20 through 01-80-C2-00-00-2F |
GARP GMRP |
— | Pass | Pass |
Configure a Filter for EVPN MPLS E-LAN Services
Configure a discard filter for EP-LAN or EVP-LAN for EVPN MPLS E-LAN services as follows:
-
Configure a firewall filter to discard traffic that matches the reserved destination MAC address for
family ethernet-switching.set firewall family ethernet-switching filter name term name from destination-mac-address mac-address set firewall family ethernet-switching filter name term name then discard.
Note:You must configure a firewall filter to match the destination MAC address and ethertype for the following protocol.
-
Pause
-
LACP
-
LAMP
-
Link OAM
-
ESMC
-
802.1X
-
E-LMI
-
LLDP
-
PTP Peer Delay
set firewall family ethernet-switching filter name term name from destination-mac-address mac-address set firewall family ethernet-switching filter name term name from ether-type value. set firewall family ethernet-switching filter name term name then discard.
-
-
Apply the firewall filter to the interface.
set interfaces interface-name unit n family ethernet-switching filter name
The following is the sample firewall filter configuration for discarding the LACP Ethernet frames. The filter is applied to the EP-LAN interface.
set firewall family ethernet-switching filter eplan term lacp from destination-mac-address 01:80:c2:00:00:02/48 set firewall family ethernet-switching filter eplan term lacp from ether-type 0x8809 set firewall family ethernet-switching filter eplan term lacp then discard set interfaces et-0/0/1 unit 0 family ethernet-switching filter input eplan
EVPN-VPWS E-LINE Service
Table 4 lists the reserved MAC address, L2CP assigned to those MAC addresses, and the actions required for EVPN VPWS (E-LINE) services. MEF allows different actions for some EP-LAN services on EVPN-VPWS and defines the two options for those protocols as Option 1 and Option 2.
|
Destination MAC Address |
L2CP |
Ethertype/Subtype |
EP-LAN Option 1 |
EP-LAN Option 2 |
EVP-LAN |
|---|---|---|---|---|---|
| 01-80-C2-00-00-00 |
STP RSTP MSTP |
— | Pass | Pass | Peer or Discard |
| 01-80-C2-00-00-01 |
Pause |
0x8808 |
Peer or Discard | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-02 |
LACP LAMP |
0x8809/01 0x8809/02 |
Peer or Discard | Pass | Peer or Discard |
| 01-80-C2-00-00-02 |
Link OAM |
0x8809/03 |
Peer or Discard | Pass | Peer or Discard |
| 01-80-C2-00-00-02 |
ESMC |
0x8809/0A |
Peer or Discard | Pass | Peer or Discard |
| 01-80-C2-00-00-03 |
802.1X |
0x888E |
Peer or Discard | Pass | Peer or Discard |
| 01-80-C2-00-00-04 |
MAC-specific Control Protocols |
— | Peer or Discard | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-05 |
Reserved |
— | Peer or Discard | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-06 |
Reserved |
— | Peer or Discard | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-07 |
E-LMI |
0x88EE |
Peer or Discard | Pass | Peer or Discard |
| 01-80-C2-00-00-08 |
Provider Bridge Group Address |
— | Peer or Discard | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-09 |
Reserved |
— | Peer or Discard | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-0A |
Reserved |
— | Peer or Discard | Peer or Discard | Peer or Discard |
| 01-80-C2-00-00-0B |
Reserved |
— | Pass | Pass | Peer or Discard |
| 01-80-C2-00-00-0C |
Reserved |
— | Pass | Pass | Peer or Discard |
| 01-80-C2-00-00-0D |
Provider Bridge MVRP Address |
— | Pass | Pass | Peer or Discard |
| 01-80-C2-00-00-0E |
LLDP |
0x88CC |
Peer or Discard | Pass | Peer or Discard |
| 01-80-C2-00-00-0E |
PTP Peer Delay |
0x88F7 |
Peer or Discard | Pass | Peer or Discard |
| 01-80-C2-00-00-0F |
Reserved |
— | Pass | Pass | Peer or Discard |
| 01-80-C2-00-00-20 through 01-80-C2-00-00-2F |
GARP GMRP |
— | Pass | Pass | Pass |
Configure a Filter for EVPN-VPWS Services
Configure a discard filter for EP-LAN (Option 1 or Option 2) or EVP-LAN for EVPN VPWS services as follows:
-
Configure a firewall filter to discard traffic that matches the reserved destination MAC address for
family ccc.set firewall family ccc filter name term name from destination-mac-address mac-address set firewall family ccc filter name term name then discard.
Note:You must configure a firewall filter to match the destination MAC address and ethertype for the following protocol.
-
Pause
-
LACP
-
LAMP
-
Link OAM
-
ESMC
-
802.1X
-
E-LMI
-
LLDP
-
PTP Peer Delay
set firewall family ccc filter name term name from destination-mac-address mac-address set firewall family ccc filter name term name from ether-type value. set firewall family ccc filter name term name then discard.
-
-
Apply the firewall filter to the interface.
set interfaces interface-name unit n family ccc filter name
The following is the sample firewall filter configuration for discarding provider bridge group address Ethernet frames. The filter is applied to the EP-LAN interface.
set firewall family ccc filter epl_option_1 term pbga from destination-mac-address 01:80:c2:00:00:08/48 set firewall family ccc filter epl_option_1 term pbga then discard set interfaces et-0/0/3 unit 0 family ccc filter input epl_option_1