VLAN Frame Format

IEEE 802.1Q modifies the Ethernet frame format by adding a 4-byte 802.1Q tag between the source MAC address field and the Length/Type field, as shown in Figure 1-747.

Figure 1-747 VLAN frame format defined in IEEE 802.1Q

An 802.1Q tag contains four fields:

• EType

  The 2-byte EType field indicates a frame type. If the value of the field is 0x8100, it indicates an 802.1Q frame. If a device that does not support 802.1Q frames receives an 802.1Q frame, it discards the frame.

• PRI

  The 3-bit Priority field indicates the frame priority. A greater PRI value indicates a higher frame priority. Frames with a higher priority are preferentially sent in the case of congestion.

• CFI

  The 1-bit Canonical Format Indicator (CFI) field indicates whether a MAC address is in the canonical format. If the CFI field value is 0, the MAC address is in canonical format. If the CFI field value is 1, the MAC address is not in canonical format. This field is mainly used to differentiate among Ethernet frames, Fiber Distributed Digital Interface (FDDI) frames, and token ring frames. The CFI field value in an Ethernet frame is 0.

• VID

  The 12-bit VLAN ID (VID) field indicates to which VLAN a frame belongs. A VID is an integer ranging from 0 to 4095. The values 0 and 4095 are reserved, and therefore available VIDs are in the range from 1 to 4094.

  Each frame sent by an 802.1Q-capable switch carries a VID. On a VLAN, Ethernet frames are classified into the following types:

  • Tagged frames: frames with 4-byte 802.1Q tags.
  • Untagged frames: frames without 4-byte 802.1Q tags.

Link Types

VLAN links can be divided into the following types:

• Access link: a link connecting a user host and a switch. Generally, a host does not know which VLAN it belongs to, and host hardware cannot identify frames with VLAN tags. Therefore, hosts send and receive only untagged frames. In Figure 1-748, links between the hosts and the switches are access links.

• Trunk link: a link connecting switches. Data of different VLANs is transmitted along a trunk link. The two ends of a trunk link must be able to identify the VLANs to which the data frames belong. Therefore, only tagged frames are transmitted along trunk links. In Figure 1-748, links between switches are trunk links. Frames transmitted over trunk links carry VLAN tags.

Figure 1-748 Link types

Port Types

Some ports of a device can identify VLAN frames defined by IEEE 802.1Q, whereas others cannot. Ports can be divided into four types based on whether they can identify VLAN frames:

• Access port

  An access port connects a switch to a host through an access link, as shown in Figure 1-748. An access port has the following features:

  • Allows only frames tagged with the port default VLAN ID (PVID) to pass.

  • Adds a PVID to its received untagged frame.

  • Removes the tag from a frame before it sends the frame.

• Trunk port

  A trunk port connects a switch to another switch through a trunk link, as shown in Figure 1-748. A trunk port has the following features:

  • Allows tagged frames from multiple VLANs to pass.

  • Directly sends the frame if the port permits the VLAN ID carried in the frame.

  • Discards the frame if the port denies the VLAN ID carried in the frame.

• Hybrid port

  A hybrid port connects a switch either to a host through an access link or to another switch through a trunk link, as shown in Figure 1-749. A hybrid port allows frames from multiple VLANs to pass and can remove VLAN tags from some outgoing VLAN frames.

  Figure 1-749 Ports
  
  

• QinQ port

  An 802.1Q-in-802.1Q (QinQ) port refers to a QinQ-enabled port. A QinQ port adds an outer tag to a single-tagged frame. In this manner, the number of VLANs can meet the requirement of networks.

  Figure 1-750 shows the format of a QinQ frame. The outer tag is a public network tag for carrying a public network VLAN ID. The inner tag is a private network tag for carrying a private network VLAN ID.

  Figure 1-750 QinQ frame format
  

  For details on the QinQ protocol, see QinQ.

VLAN Classification

VLANs are classified based on port numbers. In this mode, VLANs are classified based on the numbers of ports on a switching device. The network administrator configures a unique PVID for each port on the switch. When a data frame reaches a port which is configured with a PVID, the frame is marked with the PVID if the data frame carries no VLAN tag. If the data frame carries a VLAN tag, the switch will not add a VLAN tag to the data frame even if the port is configured with a PVID. Different types of ports process VLAN frames in different manners.

Basic Principles

To improve frame processing efficiency, frames arriving at a switch must carry a VLAN tag for uniform processing. If an untagged frame enters a switch port which has a PVID configured, the port then adds a VLAN tag whose VID is the same as the PVID to the frame. If a tagged frame enters a switch port that has a PVID configured, the port does not add any tag to the frame.

The switch processes frames in a different way according to the port types. The following table describes how a port processes a frame.

Principles of Intra-VLAN Communication Across Switches

Hosts of a VLAN are sometimes connected to different switches. In this situation, ports of different switches must be able to recognize and send packets belonging to this VLAN. To this end, trunk links are required.

A trunk link has two functions:

• Reply function

  A trunk link can transparently transmit VLAN packets from a switch to another interconnected switch.

• Trunk function

  A trunk link can transmit multiple VLAN packets.

Figure 1-751 Trunk link communication

On the network shown in Figure 1-751, the trunk link between DeviceA and DeviceB must support both the intra-VLAN 2 communication and the intra-VLAN 3 communication. Therefore, the ports at both ends of the trunk link must be configured to be bound to VLAN 2 and VLAN 3. That is, Port 2 on DeviceA and Port 1 on DeviceB must belong to both VLAN 2 and VLAN 3.

Host A sends a frame to Host B in the following process:

1. The frame is first sent to Port 4 on DeviceA.

2. A tag is added to the frame on Port 4. The VID field of the tag is set to 2, that is, the ID of the VLAN to which Port 4 belongs.

3. DeviceA checks whether its MAC address table contains the MAC address destined for Host B.

   • If so, DeviceA sends the frame to the outbound interface Port 2.
   • If not, DeviceA sends the frame to all interfaces bound to VLAN 2 except for Port 4.

4. Upon receipt of the frame, Port 2 sends the frame to DeviceB.

5. After receiving the frame, DeviceB checks whether its MAC address table contains the MAC address destined for Host B.

   • If so, DeviceB sends the frame to the outbound interface Port 3.
   • If not, DeviceB sends the frame to all interfaces bound to VLAN 2 except for Port 1.

6. Upon receipt of the frame, Port 3 sends the frame to Host B.

The intra-VLAN 3 communication is similar, and is omitted here.

Inter-VLAN Communication Principles

After VLANs are configured, hosts in different VLANs cannot directly communicate with each other at Layer 2. To implement communication between VLANs, establish IP routes. The specific implementation schemes are as follows:

• Layer 2 switch + router

  On the network shown in Figure 1-752, a switched Ethernet interface on a Layer 2 switch is connected to a routed Ethernet interface on a router for LAN communication.

  Figure 1-752 Inter-VLAN communication based on a Layer 2 switch and a router
  
  

  If VLAN 2 and VLAN 3 are configured on the switch, to enable VLAN 2 to communicate with VLAN 3, you need to create two sub-interfaces on the routed Ethernet interface that is connected to the switch. Sub-interface 1 is used to forward traffic to VLAN 2, and sub-interface 2 is used to forward traffic to VLAN 3.

  Then, configure 802.1Q encapsulation on and assign IP addresses to the sub-interfaces.

  On the switch, you need to configure the switched Ethernet interface as a trunk or hybrid interface and allow frames of VLAN 2 and VLAN 3 to pass.

  The defects of the Layer 2 switch + router mode are as follows:

  • Multiple devices are needed, and the networking is complex.

  • A router is deployed, which is expensive and provides a low transmission rate.

• Layer 3 switch

  Layer 3 switching combines both routing and switching techniques to implement routing on a switch, improving the overall performance of the network. After sending the first data flow based on a routing table, a Layer 3 switch generates a mapping table, in which the mapping between the MAC address and the IP address about this data flow is recorded. If the switch needs to send the same data flow again, it directly sends the data flow at Layer 2 but not Layer 3 based on the mapping table. In this manner, delays on the network caused by route selection are eliminated, and data forwarding efficiency is improved.

  To allow the first data flow to be correctly forwarded based on the routing table, the routing table must contain correct routing entries. Therefore, configuring a Layer 3 interface and a routing protocol on the Layer 3 switch is required. VLANIF interfaces are therefore introduced.

  A VLANIF interface is a Layer 3 logical interface, which can be configured on either a Layer 3 switch or a router.

  As shown in Figure 1-753, VLAN 2 and VLAN 3 are configured on the switch. You can then create two VLANIF interfaces on the switch and assign IP addresses to and configure routes for them. In this manner, VLAN 2 can communicate with VLAN 3.

  Figure 1-753 Inter-VLAN communication through a Layer 3 switch
  
  
  The Layer 3 switch offsets the defects in the scheme of Layer 2 switch + router, and can implement faster traffic forwarding at a lower cost. Nevertheless, the Layer 3 switch has the following defects:

  • Applicable to a network whose interfaces are almost all Ethernet interfaces.

  • Applicable to a network with only stable routes and few changes in the network topology.

Key points are summarized as follows:

• A PC does not need to know the VLAN to which it belongs. It sends only untagged frames.
• After receiving an untagged frame from a PC, a switching device determines the VLAN to which the frame belongs. The determination is based on the configured VLAN classification method such as port information, and then the switching device processes the frame accordingly.
• If the frame needs to be forwarded to another switching device, the frame must be transparently transmitted along a trunk link. Frames transmitted along trunk links must carry VLAN tags to allow other switching devices to properly forward the frame based on the VLAN information.
• Before sending the frame to the destination PC, the switching device connected to the destination PC removes the VLAN tag from the frame to ensure that the PC receives an untagged frame.

Generally, only tagged frames are transmitted on trunk links; only untagged frames are transmitted on access links. In this manner, switching devices on the network can properly process VLAN information, and PCs do not need to learn VLAN information.

Background

A VLAN is widely used on switching networks because of its flexible control of broadcast domains and convenient deployment. On a Layer 3 switch, the interconnection between the broadcast domains is implemented by using one VLAN with a logical Layer 3 interface. Figure 1-754 shows a VLAN assignment example on devices.

Figure 1-754 Common VLAN

On the network shown in Table 1-384, VLAN 2 requires 10 host addresses. A subnet address 1.1.1.0/28 with a mask length of 28 bits is assigned to VLAN 2. 1.1.1.0 is the subnet number, and 1.1.1.15 is the directed broadcast address. These two addresses cannot serve as the host address. In addition, 1.1.1.1, as the default address of the network gateway of the subnet, cannot be used as the host address. The remaining 13 addresses ranging from 1.1.1.2 to 1.1.1.14 can be used by the hosts. In this way, although VLAN 2 needs only ten addresses, 13 addresses are assigned to it according to the subnet division.

VLAN 3 requires five host addresses. A subnet address 1.1.1.16/29 with a mask length of 29 bits is assigned to VLAN 3. VLAN 4 requires only one address. A subnet address 1.1.1.24/30 with a mask length of 30 bits is assigned to VLAN 4.

The preceding VLANs require a total of 16 (10 + 5 + 1) addresses. However, at least 28 (16 + 8 + 4) addresses are occupied by the common VLANs. In this way, nearly half of the addresses are wasted. In addition, if only three hosts, not 10 hosts are bound to VLAN 2 later, the extra addresses cannot be used by other VLANs and thereby are wasted.

Meanwhile, this division is inconvenient for later network upgrades and expansions. For example, if you want to add two more hosts to VLAN 4 and do not want to change the IP addresses assigned to VLAN 4, and the addresses after 1.1.1.24 has been assigned to others, a new subnet with the mask length of 29 bits and a new VLAN must be assigned to the new hosts. VLAN 4 has only three hosts, but the three hosts are assigned to two subnets, and a new VLAN is required. This is inconvenient for network management.

To sum up, many IP addresses are used as the addresses of subnets, directional broadcast addresses of subnets, and default addresses of network gateways of subnets and therefore cannot be used as the host addresses in VLANs. This reduces addressing flexibility and wastes many addresses. To solve this problem, VLAN aggregation is used.

Principles

The VLAN aggregation technology, also known as the super VLAN, provides a mechanism that partitions the broadcast domain by using multiple VLANs in a physical network so that different VLANs can belong to the same subnet. In VLAN aggregation, two concepts are involved, namely, super VLAN and sub VLAN.

• Super VLAN: In a super VLAN that is different from a common VLAN, only Layer 3 interfaces are created, and physical ports are not contained. The super VLAN can be viewed as a logical Layer 3 concept. It is a collection of many sub VLANs.
• Sub VLAN: It is used to isolate broadcast domains. In a sub VLAN, only physical ports are contained, and Layer 3 VLAN interfaces cannot be created. A sub VLAN implements Layer 3 switching through the Layer 3 interface of the super VLAN.

A super VLAN can contain one or more sub VLANs that identify different broadcast domains. The sub VLAN does not occupy an independent subnet segment. In the same super VLAN, IP addresses of hosts belong to the subnet segment of the super VLAN, regardless of the mapping between hosts and sub VLANs.

Therefore, the same Layer 3 interface is shared by sub VLANs. Some subnet IDs, default gateway addresses of the subnet, and directed broadcast addresses of the subnet are saved; meanwhile, different broadcast domains can use the addresses in the same subnet segment. As a result, subnet differences are eliminated, addressing becomes flexible and idle addresses are reduced.

For example, on the network shown in Table 1-384, VLAN 2 requires 10 host addresses, VLAN 3 requires 5 host addresses, and VLAN 4 requires 1 host address.

To implement VLAN aggregation, create VLAN 10 and configure VLAN 10 as a super VLAN. Then assign a subnet address 1.1.1.0/24 with the mask length of 24 to VLAN 10; 1.1.1.0 is the subnet number, and 1.1.1.1 is the gateway address of the subnet, as shown in Figure 1-755. Address assignment of sub VLANs (VLAN 2, VLAN 3, and VLAN 4) is shown in Table 1-385.

Figure 1-755 VLAN aggregation

In VLAN aggregation implementation, sub VLANs are not divided according to the previous subnet border. Instead, their addresses are flexibly assigned in the subnet corresponding to the super VLAN according to the required host number.

As shown in Table 1-385, VLAN 2, VLAN 3, and VLAN 4 share the same subnet (1.1.1.0/24), default subnet gateway address (1.1.1.1), and directed broadcast address (1.1.1.255). In this manner, the subnet IDs (1.1.1.16, 1.1.1.24), the default gateways of the subnet (1.1.1.17, 1.1.1.25), and the directed broadcast addresses of the subnet (1.1.1.15, 1.1.1.23, and 1.1.1.27) can be used as IP addresses of hosts.

Totally, 16 addresses (10 + 5 + 1 = 16) are required for the three VLANs. In practice, in this subnet, a total of 16 addresses are assigned to the three VLANs (1.1.1.2 to 1.1.1.17). A total of 19 IP addresses are used, that is, the 16 host addresses together with the subnet ID (1.1.1.0), the default gateway of the subnet (1.1.1.1), and the directed broadcast address of the subnet (1.1.1.255). In the network segment, 236 addresses (255 – 19 = 236) are available, which can be used by any host in the sub VLAN.

Inter-VLAN Communication

• Introduction

  VLAN aggregation ensures that different VLANs use the IP addresses in the same subnet segment. This, however, leads to the problem of Layer 3 forwarding between sub VLANs.

  In common VLAN mode, the hosts of different VLANs can communicate with each other based on the Layer 3 forwarding through their respective gateways. In VLAN aggregation mode, the hosts in a super VLAN use the IP addresses on the same network segment and share the same gateway address. The hosts in different sub VLANs belong to the same subnet. Therefore, they communicate with each other based on the Layer 2 forwarding, rather than the Layer 3 forwarding through a gateway. In practice, hosts in different sub VLANs are isolated in Layer 2. As a result, sub VLANs fail to communicate with each other.

  To solve the preceding problem, you can use proxy ARP.

  For details of proxy ARP, see the chapter "ARP" in the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M Feature Description - IP Services.

• Layer 3 communication between different sub VLANs

  For example, a super VLAN (VLAN 10) contains sub VLANs (VLAN 2 and VLAN 3), as shown in Figure 1-756.

  Figure 1-756 Layer 3 communication between different sub VLANs based on ARP proxy
  
  

  In the scenario where Host A has no ARP entry of Host B in its ARP table and the gateway (L3 Switch) has proxy ARP enabled, Host A in VLAN 2 wants to communication with Host B in VLAN 3. The communication process is as follows:

  1. After comparing the IP address of Host B 1.1.1.3 with its IP address, Host A finds that both IP addresses are on the same network segment 1.1.1.0/24 and its ARP table has no ARP entry of Host B.
  2. Host A broadcasts an ARP request to ask for the MAC address of Host B.
  3. Host B is not in the broadcast domain of VLAN 2, and cannot receive the ARP request.
  4. The proxy-ARP enabled gateway between the sub VLANs receives the ARP request from Host A and finds that the IP address of Host B 1.1.1.3 is the IP address of a directly connected interface. Then the gateway broadcasts an ARP request to all the other sub VLAN interfaces to ask for the MAC address of Host B.
  5. After receiving the ARP request, Host B sends an ARP response.
  6. After receiving the ARP response from Host B, the gateway replies with its MAC address to Host A.
  7. Both the gateway and Host A have the ARP entry of Host B.
  8. Host A sends packets to the gateway, and then the gateway sends the packets from Host A to Host B at the Layer 3. In this way, Host A and Host B can communicate with each other.

  The process that Host B sends packets to Host A is similar, and is not mentioned.

• Layer 2 communication between a sub VLAN and an external network

  As shown in Figure 1-757, in the Layer 2 VLAN communications based on ports, the received or sent frames are not tagged with the super VLAN ID.

  Figure 1-757 Layer 2 communication between a sub VLAN and an external network
  
  

  Host A sends a frame to Switch1 through Port 1. Upon receipt, Switch1 adds a VLAN tag with a VLAN ID 2 to the frame. The VLAN ID 2 is not changed to the VLAN 10 on Switch1 even if VLAN 2 is the sub VLAN of VLAN 10. When the frame is sent by a trunk Port 3, it still carries the ID of VLAN 2.

  That is to say, Switch1 itself does not send the frames from VLAN 10. If Switch1 receives frames from VLAN 10, it discards these frames as there is no physical port for VLAN 10.

  A super VLAN has no physical port. This limitation is obligatory, as shown below:

  • If you configure the super VLAN and then the trunk interface, the frames of a super VLAN are filtered automatically according to the allowed VLAN range set on the trunk interface.

    In Figure 1-757, Port3 of Switch1 allows packets from all VLANs to pass through, but packets from VLAN 10 (super VLAN) cannot pass through this port.

  • If you configure the trunk interface and allow all VLAN packets to pass through, you still cannot configure the super VLAN on Switch1, because any VLAN with physical ports cannot be configured as the super VLAN.

  As for Switch1, the valid VLANs are just VLAN 2 and VLAN 3, and all frames from these VLANs are forwarded.

• Layer 3 communication between a sub VLAN and an external network

  Figure 1-758 Layer 3 communication between a sub VLAN and an external network
  
  
  As shown in Figure 1-758, Switch1 is configured with super VLAN 4, sub VLAN 2, sub VLAN 3, and a common VLAN 10. Switch2 is configured with two common VLANs, namely, VLAN 10 and VLAN 20. Suppose that Switch1 is configured with the route to the network segment 1.1.3.0/24, and Switch2 is configured with the route to the network segment 1.1.1.0/24. Then the communication process is as follows when Host A in sub VLAN 2 that belongs to the super VLAN 4 needs to communicate with Host C in Switch2:

  1. After comparing the IP address of Host C 1.1.3.2 with its IP address, Host A finds that two IP addresses are not on the same network segment 1.1.1.0/24.
  2. Host A broadcasts an ARP request to ask for the MAC address of the gateway (Switch1).
  3. After receiving the ARP request, Switch1 finds the ARP request packet is from sub VLAN 2 and replies with an ARP response to Host A through sub VLAN 2. The source MAC address in the ARP response packet is the MAC address of VLANIF 4 for super VLAN 4.
  4. Host A learns the MAC address of the gateway.
  5. Host A sends the packet to the gateway, with the destination MAC address as the MAC address of VLANIF 4 for super VLAN 4, and the destination IP address as 1.1.3.2.
  6. After receiving the packet, Switch1 performs the Layer 3 forwarding and sends the packet to Switch2, with the next hop address as 1.1.2.2, the outgoing interface as VLANIF 10.
  7. After receiving the packet, Switch2 performs the Layer 3 forwarding and sends the packet to Host C through the directly connected interface VLANIF 20.
  8. The response packet from Host C reaches Switch1 after the Layer 3 forwarding on Switch2.
  9. After receiving the packet, Switch1 performs the Layer 3 forwarding and sends the packet to Host A through the super VLAN.

Background

On an ME network, users and services are differentiated based on a single VLAN tag or double VLAN tags carried in packets and then access different Virtual Private Networks (VPNs) through sub-interfaces. In some special scenarios where the access device does not support QinQ or a single VLAN tag is used in different services, different services cannot be distributed to different Virtual Switching Instances (VSIs) or VPN instances.

As shown in Figure 1-760, the high-speed Internet (HSI), Voice over Internet Protocol (VoIP), and Internet Protocol Television (IPTV) services belong to VLAN 10 and are converged to the UPE through a switch; the UPE is connected to the SR and BRAS through Layer 2 virtual private networks (L2VPNs).

If the UPE does not support QinQ, it cannot differentiate the received HSI, VoIP, and IPTV services for transmitting them over different Pseudo Wires (PWs). In this case, you can configure the UPE to resolve the 802.1p priorities, DiffServ Code Point (DSCP) values, or EthType values of packets. Then, the UPE can transmit different packets over different PWs based on the 802.1p priorities, DSCP values, or EthType values of the packets.

In a similar manner, if the UPE is connected to the SR and BRAS through L3VPNs, the UPE can transmit different services through different VPN instances based on the 802.1p priorities or DSCP values of the packets.

Figure 1-760 Multiple services belonging to the same VLAN

Basic Concepts

As shown in Figure 1-760, sub-interfaces of different types are configured at the attachment circuit (AC) side of the UPE to transmit packets with different 802.1p priorities, DSCP values, or EthType values through different PWs or VPN instances. This implements flexible service access. Flexible service access through sub-interfaces is a technology that differentiates VPN access based on the VLAN IDs and 802.1p priorities/DSCP values/EthType (PPPoE or IPoE) values in packets.

The sub-interfaces are classified in Table 1-386 based on VLAN identification policies configured on them.

• 802.1p and EthType

  Figure 1-761 shows the format of a VLAN frame defined in IEEE 802.1Q.

  Figure 1-761 VLAN frame format defined in IEEE 802.1Q
  

  As shown in Figure 1-761, the 802.1p priority is represented by a 3-bit PRI (priority) field in a VLAN frame defined in IEEE 802.1Q. The value ranges from 0 to 7. The greater the value, the higher the priority. When the switching device is congested, the switching device preferentially sends packets with higher priorities. In flexible service access, this field is used to identify service types so that different services can access different L2VPNs/L3VPNs.

  The EthType is represented by a 2-byte LEN/ETYPE field, as shown in Figure 1-761. In flexible service access, this field is used to identify service types based on EthType values (PPPoE or IPoE) so that different services can access different L2VPNs.

• DSCP

  As shown in Figure 1-762, the DSCP is represented by the first 6 bits of the Type of Service (ToS) field in an IPv4 packet header, as defined in relevant standards. DSCP, as the signaling for DiffServ, is used for QoS guarantee on IP networks. Traffic control on the gateway depends on the DSCP field.

  Figure 1-762 DSCP frame format
  

  In flexible service access, this field is used to identify service types so that different services can access different L2VPNs/L3VPNs.

On the network shown in Figure 1-763, when a CSG accesses an IP station, VPWS is not required on the CSG and MASG. After the CSG receives IP packets, it performs the following:

1. The CSG directly encapsulates the packets with VLAN IDs and 802.1p priorities for differentiating services. The CSG encapsulates the IP packets as follows:

   • Encapsulates different users with different VLAN IDs.

   • Encapsulates different services with different 802.1p priorities.

   • Encapsulates different services of the same user with the same VLAN ID but different 802.1p priorities.

   • Encapsulates different services of different users with different VLAN IDs but the same or different 802.1p priorities.

2. Then, the CSG sends the encapsulated packets to PE1. After PE1 receives the packets, its 802.1p sub-interface resolves the packets to obtain their VLAN IDs and 802.1p priorities. The packets then access different VSIs through priority mapping. In this manner, different services are transmitted to PE2 through different VSIs.

3. After PE2 receives the packets, it sends the packets to the MASG based on the VSIs carried in the packets.

4. The MASG then transmits the packets to the BSC.

Figure 1-763 IP station access to an L2VPN

• Huawei high-end routers can function as PEs. In this scenario, only the configurations of PEs are mentioned. For detailed configurations of other devices, see the related configuration guides.

• You can configure the 802.1p priorities on the CSG through commands.

• For details on L2VPNs, see the chapters "VPWS" and "VPLS" in the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M Feature Description - VPN.

VLAN+EthType-based L2VPN Access

On the network shown in Figure 1-764, packets sent from PC users are encapsulated with PPPoE whereas packets sent from IPTV and voice users are encapsulated with IPoE. To enable packets of different encapsulation types to be transmitted to different remote servers, VLAN+EthType-based L2VPN access can be deployed on the edge device of the metro Ethernet network. In this manner, the edge device differentiates services based on VLAN+EthType, steers them to different VSIs or VPWSs, and transparently transmits PPPoE packets to the BRAS and IPoE packets to the remote SR.

Figure 1-764 VLAN+EthType-based L2VPN access

On the network shown in Figure 1-765, after the CSG receives IP packets, it performs the following:

1. The CSG directly encapsulates the packets with VLAN IDs and DSCP values for differentiating services. The CSG encapsulates the IP packets as follows:

   • Encapsulates different users with different VLAN IDs.

   • Encapsulates different services with different DSCP values.

   • Encapsulates different services of the same user with the same VLAN ID but different DSCP values.

   • Encapsulates different services of different users with different VLAN IDs but the same or different DSCP values.

2. Then, the CSG sends the encapsulated packets to PE1. After PE1 receives the packets, its DSCP sub-interface resolves the packets to obtain their VLAN IDs and DSCP values. The packets then access different VSIs through DSCP priority mapping. In this manner, different services are transmitted to PE2 through different VSIs.

3. After PE2 receives the packets, it sends the packets to the RNC.

Figure 1-765 IP station access to an L2VPN

• Huawei high-end routers can function as PEs. In this scenario, only the configurations of PEs are mentioned. For detailed configurations of other devices, see the related configuration guides.

• You can configure the DSCP values on the CSG through commands.

• For details on L2VPNs, see the chapters "VPWS" and "VPLS" in the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M Feature Description - VPN.

On the network shown in Figure 1-766, after the CSG receives IP packets, it performs the following:

1. The CSG directly encapsulates the packets with VLAN IDs and DSCP values for differentiating services. The CSG encapsulates the IP packets as follows:

   • Encapsulates different users with different VLAN IDs.

   • Encapsulates different services with different DSCP values.

   • Encapsulates different services of the same user with the same VLAN ID but different DSCP values.

   • Encapsulates different services of different users with different VLAN IDs but the same or different DSCP values.

2. Then, the CSG sends the encapsulated packets to PE1. After PE1 receives the packets, its DSCP sub-interface resolves the packets to obtain their VLAN IDs and DSCP values. The packets then access different VPN instances through priority mapping. In this manner, different services are transmitted to PE2 through different VPN instances.

3. After PE2 receives the packets, it sends the packets to the RNC.

Figure 1-766 IP station access to an L3VPN

• Huawei high-end routers can function as PEs. In this scenario, only the configurations of PEs are mentioned. For detailed configurations of other devices, see the related configuration guides.

• You can configure the DSCP values on the CSG through commands.

• For details on L3VPNs, see the chapter "BGP/MPLS IP VPN" in the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M Feature Description - VPN.

On the network shown in Figure 1-767, when a CSG accesses an IP station, VPWS is not required on the CSG and MASG. After the CSG receives IP packets, it performs the following:

1. The CSG directly encapsulates the packets with VLAN IDs and 802.1p priorities for differentiating services. The CSG encapsulates the IP packets as follows:

   • Encapsulates different users with different VLAN IDs.

   • Encapsulates different services with different 802.1p priorities.

   • Encapsulates different services of the same user with the same VLAN ID but different 802.1p priorities.

   • Encapsulates different services of different users with different VLAN IDs but the same or different 802.1p priorities.

2. Then, the CSG sends the encapsulated packets to PE1. After PE1 receives the packets, its 802.1p sub-interface resolves the packets to obtain their VLAN IDs and 802.1p priorities. The packets then access different VPN instances through 802.1p priority mapping. In this manner, different services are transmitted to PE2 through different VPN instances.

3. After PE2 receives the packets, it sends the packets to the RNC.

Figure 1-767 IP station access to an L3VPN

• Huawei high-end routers can function as PEs. In this scenario, only the configurations of PEs are mentioned. For detailed configurations of other devices, see the related configuration guides.

• You can configure the 802.1p priorities on the CSG through commands.

• For details on L3VPNs, see the chapter "BGP/MPLS IP VPN" in the NetEngine 8100 M, NetEngine 8000E M, NetEngine 8000 M Feature Description - VPN.