04-Layer 2 - LAN Switching Configuration Guide

HomeSupportSwitchesH3C S9500E Switch SeriesConfigure & DeployConfiguration GuidesH3C S9500E Configuration Guide-Release1728-6W17004-Layer 2 - LAN Switching Configuration Guide
08-BPDU Tunneling Configuration
Title Size Download
08-BPDU Tunneling Configuration 137.5 KB

Introduction to BPDU tunneling

As a Layer 2 tunneling technology, Bridge Protocol Data Unit (BPDU) tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network.

Background

Dedicated lines are used in a service provider network to build user-specific Layer 2 networks. As a result, a user network is broken down into parts located at different sides of the service provider network. As shown in Figure 1, User A has two devices (CE 1 and CE 2) and both devices belong to VLAN 100. User A’s network is divided into network 1 and network 2, which are connected by the service provider network. When a Layer 2 protocol (for example, STP) runs on both network 1 and network 2, the Layer 2 protocol packets must be transmitted over the service provider network to implement Layer 2 protocol calculation (for example, spanning tree calculation). When receiving a Layer 2 protocol packet, the PEs cannot determine whether the packet is from the user network or the service provider network, and must deliver the packet to the CPU for processing. In this case, the Layer 2 protocol calculation in User A’s network is mixed with that in the service provider network, and the user network cannot implement independent Layer 2 protocol calculation.

Figure 1 BPDU tunneling application scenario

 

With BPDU tunneling, Layer 2 protocol packets from customer networks can be transparently transmitted over the service provider network in the following workflow:

1.      After receiving a Layer 2 protocol packet from CE 1, PE 1 encapsulates the packet, replaces its destination MAC address with a specific multicast MAC address, and forwards the packet to the service provider network.

2.      The encapsulated Layer 2 protocol packet (called bridge protocol data unit, BPDU) is forwarded to PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2.

 

 

NOTE:

The switch supports BPDU tunneling for the Spanning Tree Protocol (STP) only. For more information about STP, see the chapter “Configuring spanning tree.”

 

BPDU tunneling implementation

To avoid loops in your network, you can enable STP on your switch. When the topology changes at one side of the customer network, the devices at this side of the customer network send BPDUs to devices on the other side of the customer network to ensure consistent spanning tree calculation in the entire customer network. However, because BPDUs are Layer 2 multicast frames, all STP-enabled devices, both in the customer network and in the service provider network, can receive and process these BPDUs. In this case, neither the service provider network nor the customer network can correctly calculate its independent spanning tree.

To allow each network to calculate an independent spanning tree with STP, BPDU tunneling was introduced.

BPDU tunneling delivers the following benefits:

·           BPDUs can be transparently transmitted. BPDUs of one customer network can be broadcast in a specific VLAN across the service provider network, allowing that customer’s geographically dispersed networks to implement consistent spanning tree calculation across the service provider network.

·           BPDUs of different customer networks can be confined within different VLANs for transmission on the service provider network, so each customer network can perform independent spanning tree calculation.

Figure 2 BPDU tunneling implementation

 

The upper section of Figure 2 represents the service provider network (ISP network), and the lower section, including User A network 1 and User A network 2, represents customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network, thus ensuring consistent spanning tree calculation throughout User A network, without affecting the spanning tree calculation of the service provider network.

Assume a BPDU is sent from User A network 1 to User A network 2:

1.      At the ingress of the service provider network, PE 1 changes the destination MAC address of the BPDU from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 (the default multicast MAC address) for example. In the service provider network, the modified BPDU is forwarded as a data packet in the VLAN assigned to User A.

2.      At the egress of the service provider network, PE 2 recognizes the BPDU with the destination MAC address 0x010F-E200-0003, restores its original destination MAC address 0x0180-C200-0000, and then sends the BPDU to CE 2.

 

 

NOTE:

Make sure, through configuration, that the VLAN tags carried in BPDUs are neither changed nor removed during the transparent transmission in the service provider network; otherwise, the devices in the service provider network will fail to transparently transmit the customer network BPDUs correctly.

 

Configuring BPDU tunneling

Configuration prerequisites

·           Enable STP in the customer networks before configuring BPDU tunneling for STP.

·           Before enabling BPDU tunneling for STP on a port, disable STP on the port.

·           Assign the port on which you want to enable BPDU tunneling on the PE device and the connected port on the CE device to the same VLAN.

·           Configure ports connecting network devices in the service provider network as trunk ports allowing packets of any VLAN to pass through.

Enabling BPDU tunneling

To enable BPDU tunneling:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view or port group view.

·       Enter Ethernet or aggregate interface view:
interface
interface-type interface-number

·       Enter port group view:
port-group manual
port-group-name

Use either command.

·       Settings made in interface view take effect only on the current port.

·       Settings made in aggregate interface view take effect only on the aggregate interface.

·       Settings made in port group view take effect on all ports in the port group.

3.     Disable STP on the port(s).

stp disable

N/A

4.     Enable BPDU tunneling for STP on the ports.

bpdu-tunnel dot1q stp

By default, BPDU tunneling for STP is disabled.

 

Configuring destination multicast MAC address for BPDUs

By default, the destination multicast MAC address for BPDUs is 0x010F-E200-0003. You can change it to 0x0100-0CCD-CDD0, 0x0100-0CCD-CDD1 or 0x0100-0CCD-CDD2 through the following configuration.

To configure destination multicast MAC address for BPDUs:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Configure the destination multicast MAC address for BPDUs.

bpdu-tunnel tunnel-dmac mac-address

Optional.

The default setting is 0x010F-E200-0003.

 

 

NOTE:

For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network.

 

BPDU tunneling configuration example

 

 

NOTE:

By default, Ethernet, VLAN, and aggregate interfaces are in DOWN state. Before configuring these interfaces, use the undo shutdown command to bring them up.

 

Network requirements

As shown in Figure 3:

·           CE 1 and CE 2 are edges devices on the geographically dispersed network of User A; PE 1 and PE 2 are edge devices on the service provider network.

·           All ports that connect service provider devices and customer devices are access ports and belong to VLAN 2; all ports that interconnect service provider devices are trunk ports and allow packets of any VLAN to pass through.

·           MSTP is enabled on User A’s network.

Configure BPDU tunneling, so that CE 1 and CE 2 implement consistent spanning tree calculation across the service provider network and that the destination multicast MAC address carried in BPDUs be 0x0100-0CCD-CDD0.

Figure 3 Network diagram

 

Configuration procedure

1.      Configure PE 1:

# Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.

<PE1> system-view

[PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0

# Create VLAN 2 and assign GigabitEthernet 4/0/1 to VLAN 2.

[PE1] vlan 2

[PE1-vlan2] quit

[PE1] interface gigabitethernet 4/0/1

[PE1-GigabitEthernet4/0/1] port access vlan 2

# Disable STP on GigabitEthernet 4/0/1, and then enable BPDU tunneling for STP on it.

[PE1-GigabitEthernet4/0/1] stp disable

[PE1-GigabitEthernet4/0/1] bpdu-tunnel dot1q stp

2.      Configure PE 2:

# Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.

<PE2> system-view

[PE2] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0

# Create VLAN 2 and assign GigabitEthernet 4/0/2 to VLAN 2.

[PE2] vlan 2

[PE2-vlan2] quit

[PE2] interface gigabitethernet 4/0/2

[PE2-GigabitEthernet4/0/2] port access vlan 2

# Disable STP on GigabitEthernet 4/0/2, and then enable BPDU tunneling for STP on it.

[PE2-GigabitEthernet4/0/2] stp disable

[PE2-GigabitEthernet4/0/2] bpdu-tunnel dot1q stp

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become A Partner
  • Partner Policy & Program
  • Global Learning
  • Partner Sales Resources
  • Partner Business Management
  • Service Business
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网