Mxk training module 4 slms bridging
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

MXK Training Module 4 SLMS bridging PowerPoint PPT Presentation


  • 226 Views
  • Uploaded on
  • Presentation posted in: General

MXK Training Module 4 SLMS bridging. SLMS bridging. This modules covers Bridge types Asymmetric and symmetric IGMP Bridge rules Bridging examples. Bridges, overview. Bridging involves configuring the MXK to direct traffic based on Ethernet MAC addresses

Download Presentation

MXK Training Module 4 SLMS bridging

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Mxk training module 4 slms bridging

MXK TrainingModule 4SLMS bridging


Slms bridging

SLMS bridging

This modules covers

Bridge types

Asymmetric and symmetric

IGMP

Bridge rules

Bridging examples


Bridges overview

Bridges, overview

Bridging involves configuring the MXK to direct traffic based on Ethernet MAC addresses

The MXK supports two principal modes of bridging – asymmetric and symmetric. Both modes can be used at the same time, but not on the same VLAN.

The MXK ports can support both IP termination or bridging on VLANs.

In addition, it can also attach an IP address to a bridge interface without terminating the vlan. This feature is called IP on a bridge. You can have one IPoBridge interface per system.


Asymmetric and symmetric

Asymmetric and symmetric

Asymmetrical

Normally used in residential applications, for a large number of users sharing an uplink to a BRAS.

Does not learn MAC addresses on the uplink side

Uses a “default route” (bridge-path) to send all packets upstream

In general, broadcasts sent from a downlink will traverse the uplink, but will not be sent down other downlinks, even within the same VLAN. This prevents subscribers from maliciously or unintentionally sending or receiving broadcasts between ports on the same system.

Downstream (cpe-side) bridge configured using downlink keyword

Upstream (co-side) bridge configured using uplink keyword

Symmetrical

Best choice for a business applications

Used in “layer two VPN” business applications

Learns MAC addresses on all configured interfaces

All interfaces configured using the tls keyword.


Link aggregation

Link aggregation

Link aggregation is used to combine two or more ports into a larger logical connection

Link Aggregation Control Protocol (LACP) maintains the integrity of this logical link and if one physical link goes down data can still travel over the remaining Link.

Works with both asymmetric and symmetric bridges

Link aggregation can be configured for dynamic or static mode

Link aggregation bridges refer to the linkagg interface

zSH> linkagg add group 1-a-1-0/linkagg link 1-a-7-0/eth

  • zSH> linkagg add group 1-a-1-0/linkagg link 1-a-8-0/eth

  • zSH> bridge add 1-a-1-0/linkagg tls vlan 800 tagged


Asymmetric uplinks downlinks and intralinks

Asymmetric: Uplinks, downlinks and intralinks

Interfaces towards the network are uplinks

Interfaces towards the user are downlinks

Interfaces towards a subtended MXK are intralinks

Bridge-paths direct traffic from the CPE side to the CO side

D

U

U

I

D


Asymmetric bridge paths in upstream direction

AsymmetricBridge-paths inupstream direction

Traffic from a downlink bridge is always sent to the uplink using the interface specified in the bridge-path

The bridge-path contains parameters like MAC address aging and flap control

When a packet arrives from a downlink bridge interface, the bridge-path is used as a lookup-table to determine the uplink bridge interface to forward the packet to

Starting with SLMS 2.1, the bridge-path is automatically created

downlink

bridge

interface

bridge-

path

uplink

bridge

interface

towards

user

towards

core

PACKET PATH

zSH> bridge add 1-a-4-0/eth uplink vlan 500

zSH>bridge-path add ethernet4-500/bridge vlan 500 default

zSH>bridge add 1-1-1-501/gponport gtp 1 downlink vlan 500 tagged


Igmp snooping igmp proxy

IGMP snooping IGMP proxy

For bridged video, IGMP snooping and IGMP proxy is controlled using the bridge-path for the multicast VLAN

The IGMP parameters and multicast aging values are set in the bridge-path

In addition, multicast control lists (ACL list for multicast addresses) can be specified in order to allow or disallow certain multicast channels, e.g. a gold, silver and bronze subscription.


Residential setup

Residential setup

Residential users should normally be provisioned using asymmetric bridges, this ensures user isolation

MAC addresses from the upstream (uplink) side are not learnt.

Broadcasts are not forwarded towards the downstream (downlink) side, except for ARP broadcasts.

Normally, in a residential environment, three vlans are configured for each user; one vlan for HSIA, one for VoIP and one for video.

The uplink side (CO side) of the bridge is common, regardless of the downstream line type

zSH> bridge add 1-a-4-0/eth uplink vlan 500

zSH> bridge add 1-a-4-0/eth uplink vlan 700

  • zSH>bridge-path add ethernet4-500/bridge vlan 500 default

    zSH>bridge-path add ethernet4-700/bridge vlan 700 default


Residential setup gpon

Residential setupGPON

GPON

The bridge needs a GTP, GPON traffic profile, describing the characteristics for the bridge interface

Video will run on a multicast GEM port, i.e. a shared channel for all ONTs.

HSIA and VoIP runs over private GEM port, i.e. private channels.

zSH> new gpon-traffic-profile dba-enabled = true dba-fixed-us-ubr-bw = 10240 dba-max-us-bw = 20480 1

zSH> new gpon-traffic-profile dba-enabled = true dba-fixed-us-ubr-bw = 512 dba-max-us-bw = 512 2

zSH>bridge add 1-1-1-501/gponport gtp 1 downlink vlan 500 tagged

zSH>bridge add 1-1-1-701/gponport gtp 2 downlink vlan 700 tagged


Residential setup efm

Residential setupEFM

EFM SHDSL (and N2NBOND)

The bridge is always tied to the bond group

The SHDSL line parameters define line speed

There is no need for a traffic descriptor – bandwidth set by bridge rules

zSH>bridge add 1-2-25-0/efmbond downlink vlan 500 tagged

zSH>bridge add 1-2-25-0/n2nbond downlink vlan 700 tagged


Residential setup adsl

Residential setupADSL

ADSL

The bridge needs a traffic descriptor – this sets bandwidth for the bridge

The bridge also needs a VP/VC pair defining the logical subchannel on ADSL

zSH> new atm-traf-descr td_param1 = 30000 1

zSH> new atm-traf-descr td_param1 = 10000 1

zSH>bridge add 1-3-1-0/adsl td 1 vc 8/35 downlink vlan 500

zSH>bridge add 1-3-1-0/adsl td 2 vc 8/36 downlink vlan 700


Residential setup vdsl

Residential setupVDSL

VDSL

The VDSL line parameters define line speed

There is no need for a traffic descriptor – bandwidth set by bridge rules

zSH>bridge add 1-4-1-0/vdsl downlink vlan 500 tagged

zSH>bridge add 1-4-1-0/vdsl downlink vlan 700 tagged


Symmetric

Symmetric

Used in “layer two VPN” business applications, or in applications where for example OSPF is used

Learns MAC addresses on both up and downlink side. Works as a layer two switch.

Both upstream and downstream bridges configured using tls keyword.

There is no defined up- or downstream side of the bridge

layer 2

network

A

B

D

C


Business setup

Business setup

Business customers are normally provisoned using TLS bridges

MXK will forward broadcasts and unknowns to all ports in the same VLAN

Provides for local switching on the MXK

Allows for protocols such as OSPF to run

No defined ”up” or ”down” side of the MXK as in asymmetric mode

Example configuration

zSH> bridge add 1-a-4-0/eth tls vlan 500 tagged

zSH> bridge add 1-a-4-0/eth tls vlan 700 tagged

zSH>bridge add 1-2-25-0/efmbond tls vlan 500 tagged

zSH>bridge add 1-2-25-0/n2nbond tls vlan 700 tagged

zSH>bridge add 1-2-26-0/efmbond tls vlan 500 tagged

zSH>bridge add 1-2-26-0/n2nbond tls vlan 700 tagged


Bridge rules

Bridge rules

Bridge rules allows the operator to pass, drop or alter traffic traversing the bridge

More than one rule type can be used at the same time for the same bridge interface


Bridge rules cont d

Bridge rules, cont’d

Bridge rules are tied to either the egress or ingress part of the bridge interface. They may also be tied to both.

Example; GPON upstream bandwidth is limited using GTPs, downstream bandwidth is limited using bridge rules

Each rule can contain multiple members, i.e. a rule can both limit the bandwidth to 10Mbps and add Option82.

First, create the bridge rule

zSH> rule add ratelimitdiscard 10/1 rate 10000

Then, assign the rule to a bridge interface

zSH> update bridge-interface-record bridgeIfEgressPacketRuleGroupIndex = 10 1-1-1-501-gponport/bridge


Bridge rules cont d1

Bridge rules, cont’d

Multiple rules can be joined into a list. An example would be adding both Option 82 and destination MAC swap.

Ingress

Ethernet

packet

Bridge interface

ipktrule 1

rule 1/1

Bridgeinsertoption82

rule 1/2

Ratelimitdiscard

rule 1/3

Dstmacswapstatic

Uplink bridge

interface


Destination mac swapping

Destination MAC swapping

Uses next hop router’s MAC as the destination MAC address. Forces all frames to the next hop router.

Benefit

Added Security

Forces traffic to next-hop router – prevents subscriber-to-subscriber communication between chassis

Provisioned using a bridge packet rule (“dstmacswapdynamic”)

Add a dstmacswapdynamic rule

and use the MAC address of the

L3 router as parameter


Secure bridge

Secure bridge

Secure Bridge

Prevents users with statically configured IP addresses from connecting to the network

When packets are received or sent out a secure downlink bridge interface, the MXK checks the IP address against the dynamic IP bridge filter.

If a match is found (the address was provided by the DHCP server), the packet is allowed to pass through the filter. Otherwise, it is blocked.

Unicast aging is determined based on DHCP Lease time

Provisioned using secure keyword in bridge creation

For GPON, adding secure to one VLAN will secure all bridges on this port

DHCP discovery

DHCP offer

DHCP request

DHCP acknowledge


Basic bridge commands

Basic bridge commands

Show bridge

zSH> bridge show

zSH> bridge brief

zSH> bridge showall

zSH> bridge showdetail ethernet4-500/bridge

zSH> bridge show mac 00:11:22:33:44:55

zSH> bridge show vlan 500

zSH> bridge show port 1-a-4-0/eth

Show bridge statistics

zSH> bridge stats

Show bridge statistics per second

zSH> bridge rates


Basic bridge commands1

Basic bridge commands

Flush learnt addresses

zSH> bridge flush all

Show IGMP channels

zSH> bridge igmp

Show IGMP statistics

zSH> bridge igmpstats


Introduction to slms bridging concepts

Introduction to SLMS Bridging Concepts

Review

Bridge types

Asymmetric and symmetric

IGMP

Bridge rules

Bridging examples


Mxk training module 4 slms bridging

Thank you!


  • Login