Login
- Table of Contents
-
- 02-Layer 2-LAN Switching Configuration Guide
- 00-Preface
- 01-Ethernet interface configuration
- 02-Loopback and null interface configuration
- 03-Bulk interface configuration
- 04-MAC address table configuration
- 05-Ethernet link aggregation configuration
- 06-Port isolation configuration
- 07-Spanning tree configuration
- 08-BPDU tunneling configuration
- 09-VLAN configuration
- 10-GVRP configuration
- 11-LLDP configuration
- 12-Service loopback group configuration
- 13-MVRP configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-BPDU tunneling configuration | 135.72 KB |
Configuration restrictions and guidelines
Enabling BPDU tunneling for a protocol in Layer 2 Ethernet interface view or port group view
Enabling BPDU tunneling for a protocol in Layer 2 aggregate interface view
Configuring destination multicast MAC address for BPDUs
BPDU tunneling configuration examples
BPDU tunneling for STP configuration example
BPDU tunneling for PVST configuration example
This chapter describes how to configure BPDU tunneling.
Overview
As a Layer 2 tunneling technology, BPDU tunneling enables Layer 2 protocol packets from geographically dispersed customer networks to be transparently transmitted over specific tunnels across a service provider network.
Background
Dedicated lines are used in a service provider network to build user-specific Layer 2 networks. As a result, a user network consists of parts located at different sides of the service provider network. As shown in Figure 1, the devices of User A are CE 1 and CE 2, which both belong to VLAN 100. User A's network is divided into network 1 and network 2, which are connected by the service provider network. When a Layer 2 protocol (for example, STP) runs on both network 1 and network 2, Layer 2 protocol packets must be transmitted over the service provider network to implement Layer 2 protocol calculations (for example, spanning tree calculations). When receiving a Layer 2 protocol packet, the PEs cannot determine whether the packet is from the user network or the service provider network, and must deliver the packet to the CPU for processing. In this case, the Layer 2 protocol calculation in User A's network is mixed with that in the service provider network, and the user network cannot implement independent Layer 2 protocol calculations.
Figure 1 BPDU tunneling application scenario
BPDU tunneling addresses this problem. With BPDU tunneling, Layer 2 protocol packets from customer networks can be transparently transmitted over the service provider network in the following workflow:
1. After receiving a Layer 2 protocol packet from CE 1, PE 1 encapsulates the packet, replaces its destination MAC address with a specific multicast MAC address, and forwards the packet to the service provider network.
2. The encapsulated Layer 2 protocol packet (called a bridge protocol data unit) is forwarded to PE 2 at the other end of the service provider network, which de-encapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to CE 2.
H3C devices support BPDU tunneling for the following protocols:
· CDP
· DLDP
· EOAM
· GVRP
· HGMP
· LACP
· LLDP
· PAGP
· PVST
· STP
· UDLD
· VTP
BPDU tunneling implementation
The BPDU tunneling implementations for different protocols are all similar. This section uses STP to describe how to implement BPDU tunneling. This document uses the term "STP" in a broad sense. It includes STP, RSTP, and MSTP.
STP calculates the topology of a network by transmitting BPDUs among devices in the network. For more information, see "Configuring spanning tree protocols."
To avoid loops in your network, you can enable STP on your devices. When the topology changes at one side of the customer network, devices at that side of the customer network send BPDUs to devices on the other side of the customer network. This ensures consistent spanning tree calculation in the entire customer network. However, because BPDUs are Layer 2 multicast frames, all STP-enabled devices, both in the customer network and in the service provider network, can receive and process these BPDUs. In this case, neither the service provider network nor the customer network can correctly calculate its independent spanning tree.
BPDU tunneling allows each network to calculate an independent spanning tree with STP.
BPDU tunneling delivers the following benefits:
· BPDUs can be transparently transmitted. BPDUs of one customer network can be broadcast in a specific VLAN across the service provider network, allowing that customer's geographically dispersed networks to implement consistent spanning tree calculation across the service provider network.
· BPDUs of different customer networks can be confined within different VLANs for transmission on the service provider network. This enables each customer network to perform independent spanning tree calculations.
Figure 2 BPDU tunneling implementation
The upper section of Figure 2 represents the service provider network (ISP network). The lower section, including User A network 1 and User A network 2, represents customer networks. Enabling BPDU tunneling on edge devices (PE 1 and PE 2) in the service provider network allows BPDUs of User A network 1 and User A network 2 to be transparently transmitted through the service provider network. This ensures consistent spanning tree calculation throughout User A network, without affecting the spanning tree calculation of the service provider network.
Assume that a BPDU is sent from User A network 1 to User A network 2:
1. At the ingress of the service provider network, PE 1 changes the destination MAC address of the BPDU from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 (the default multicast MAC address), for example. In the service provider network, the modified BPDU is forwarded as a data packet in the VLAN assigned to User A.
2. At the egress of the service provider network, PE 2 recognizes the BPDU with the destination MAC address 0x010F-E200-0003, restores its original destination MAC address 0x0180-C200-0000, and then sends the BPDU to CE 2.
|
|
NOTE: Make sure, through configuration, the VLAN tags carried in BPDUs are neither changed nor removed during transparent transmission in the service provider network. Otherwise, devices in the service provider network will fail to transparently transmit the customer network BPDUs correctly. |
Configuration prerequisites
Before configuring BPDU tunneling for a protocol, perform the following tasks:
· Enable the protocol in the customer network.
· Assign the port on which you want to enable BPDU tunneling on the PE device and the connected port on the CE device to the same VLAN.
· Configure ports that connect network devices in the service provider network as trunk ports that allow packets of any VLAN to pass through.
Configuration restrictions and guidelines
· You can enable BPDU tunneling for different protocols in different views. Settings made in Layer 2 Ethernet interface view or Layer 2 aggregate interface view take effect only on the current port. Settings made in port group view take effect on all ports in the port group.
· Before you enable BPDU tunneling for DLDP, EOAM, GVRP, HGMP, LLDP, or STP on a port, disable the protocol on the port.
· Because PVST is a special STP protocol, you must do two things before you enable BPDU tunneling for PVST on a port: first, disable STP; second, enable BPDU tunneling for STP on the port.
· Do not enable BPDU tunneling for DLDP, EOAM, LACP, LLDP, PAGP, or UDLD on the member port of a Layer 2 aggregation group.
Enabling BPDU tunneling
This section describes how to enable BPDU tunneling.
Enabling BPDU tunneling for a protocol in Layer 2 Ethernet interface view or port group view
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Ethernet interface view or port group view. |
·
Enter Layer 2 Ethernet interface view: ·
Enter port group view: |
Use one of the commands. |
|
3. Enable BPDU tunneling for a protocol. |
bpdu-tunnel dot1q { cdp | dldp | eoam | gvrp | hgmp | lacp | lldp | pagp | pvst | stp | udld | vtp } |
By default, BPDU tunneling is disabled. |
Enabling BPDU tunneling for a protocol in Layer 2 aggregate interface view
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 aggregate interface view. |
interface bridge-aggregation interface-number |
N/A |
|
3. Enable BPDU tunneling for a protocol on the Layer 2 aggregate interface. |
bpdu-tunnel dot1q { cdp | gvrp | hgmp | pvst | stp | vtp } |
By default, BPDU tunneling is disabled. |
Configuring destination multicast MAC address for BPDUs
By default, the destination multicast MAC address for BPDUs is 0x010F-E200-0003. You can change it to 0x0100-0CCD-CDD0, 0x0100-0CCD-CDD1, or 0x0100-0CCD-CDD2.
For BPDUs to be recognized, the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the service provider network.
To configure destination multicast MAC address for BPDUs:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure the destination multicast MAC address for BPDUs. |
bpdu-tunnel tunnel-dmac mac-address |
Optional. The default setting is 0x010F-E200-0003. |
BPDU tunneling configuration examples
This section provides the BPDU tunneling examples.
BPDU tunneling for STP configuration example
Network requirements
As shown in Figure 3:
· CE 1 and CE 2 are edges devices on the geographically dispersed network of User A. PE 1 and PE 2 are edge devices on the service provider network.
· All ports that connect service provider devices and customer devices are access ports and belong to VLAN 2. All ports that connect service provider devices are trunk ports and allow packets of any VLAN to pass through.
· MSTP is enabled on User A's network.
Configure BPDU tunneling, so that CE 1 and CE 2 implement consistent spanning tree calculation across the service provider network, and the destination multicast MAC address carried in BPDUs is 0x0100-0CCD-CDD0.
Configuration procedure
1. Configure PE 1:
# Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.
<PE1> system-view
[PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0
# Create VLAN 2 and assign GigabitEthernet 1/0/1 to VLAN 2.
[PE1] vlan 2
[PE1-vlan2] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port access vlan 2
# Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP on it.
[PE1-GigabitEthernet1/0/1] undo stp enable
[PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp
2. Configure PE 2:
# Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.
<PE2> system-view
[PE2] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0
# Create VLAN 2 and assign GigabitEthernet 1/0/2 to VLAN 2.
[PE2] vlan 2
[PE2-vlan2] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] port access vlan 2
# Disable STP on GigabitEthernet 1/0/2, and then enable BPDU tunneling for STP on it.
[PE2-GigabitEthernet1/0/2] undo stp enable
[PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp
BPDU tunneling for PVST configuration example
Network requirements
As shown in Figure 4:
· CE 1 and CE 2 are edge devices on the geographically dispersed network of User A. PE 1 and PE 2 are edge devices on the service provider network.
· All ports that connect service provider devices and customer devices and those that interconnect service provider devices are trunk ports and allow packets of any VLAN to pass through.
· PVST is enabled for VLANs 1 through 4094 on User As network.
Configure BPDU tunneling for PVST, so that CE 1 and CE 2 implement consistent PVST calculation across the service provider network, and the destination multicast MAC address carried in BPDUs is 0x0100-0CCD-CDD0.
Configuration procedure
1. Configure PE 1:
# Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.
<PE1> system-view
[PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0
# Configure GigabitEthernet 1/0/1 as a trunk port and assign it to all VLANs.
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port link-type trunk
[PE1-GigabitEthernet1/0/1] port trunk permit vlan all
# Disable STP on GigabitEthernet 1/0/1, and then enable BPDU tunneling for STP and PVST on it.
[PE1-GigabitEthernet1/0/1] undo stp enable
[PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q stp
[PE1-GigabitEthernet1/0/1] bpdu-tunnel dot1q pvst
2. Configure PE 2:
# Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0.
<PE2> system-view
[PE2] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0
# Configure GigabitEthernet 1/0/2 as a trunk port and assign it to all VLANs.
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] port link-type trunk
[PE2-GigabitEthernet1/0/2] port trunk permit vlan all
# Disable STP on GigabitEthernet 1/0/2, and then enable BPDU tunneling for STP and PVST on it.
[PE2-GigabitEthernet1/0/2] undo stp enable
[PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp
[PE2-GigabitEthernet1/0/2] bpdu-tunnel dot1q pvst
