Local Area Networks (LANs) connect computing systems together at the Layer 2 level. The term “Layer 2” refers to the second layer in the protocol stack defined by the well-known Open Systems Interface (OSI) model, also known as the logical link, data link, or Media Access Control (MAC) layer. Each computing system connects to a LAN through a (MAC) device. Multiple LANs can be connected together using MAC bridges, as set forth in the “IEEE Standard for Information Technology, Telecommunications and Information Exchange between Systems, Local and Metropolitan Area Networks, Common Specifications, Part 3: Media Access Control (MAC) Bridges,” published as ANSI/IEEE Standard 802.1D (1998), which is incorporated herein by reference. (The 802.1D standard, as well as other IEEE standards cited herein, is available in the standards section of the IEEE Web site.) MAC bridges that implement the 802.1D standard allow MAC devices attached to physically separated LANs to appear to each other as if they were attached to a single LAN. The bridge includes two or more MAC devices that interconnect the bridge ports to respective LANs.
MAC bridges maintain a database to map destination MAC addresses of the packets they receive to bridge ports. The bridge builds the database by means of a learning process, in which it associates the source MAC address of each incoming packet with the port on which the packet was received. When the bridge receives an incoming packet whose destination address is not located in the database, it broadcasts the packet through all its available ports, except the one through which the packet arrived. Other MAC bridges that do not recognize the destination address will further broadcast the packet. Through the broadcast mechanism, the packet will eventually traverse all interconnected bridges at least once, and will ultimately reach its destination. A similar broadcast operation is performed independently for each packet having a destination MAC address of a broadcast or multicast group, although the multicast scope may be reduced if the bridge is aware (by use of special protocols) of the physical locations of the target addresses in each multicast group. The operation of broadcast or multicast of a packet is referred to as a flooding process (irrespective of the reason for the operation).
Recently, various means have been proposed and developed for transporting Layer-2 packets, such as Ethernet frames, over high-speed, high-performance Layer-3 packet networks. Methods for this purpose are described, for example, by Martini et al., in “Encapsulation Methods for Transport of Ethernet Frames Over IP/MPLS Networks” (IETF draft-ietf-pwe3-ethernet-encap-07.txt, May, 2004), which is incorporated herein by reference. This draft defines mechanisms for encapsulating Ethernet traffic for transportation over Internet Protocol (IP) networks using Multi-Protocol Label Switching (MPLS) or other tunneling methods, such as Generic Routing Encapsulation (GRE), as are known in the art. This draft, as well as other Internet drafts cited herein, is available from the Internet Engineering Task Force (IETF) at www.ietf.org/internet-drafts.
According to the model proposed by Martini et al., native Ethernet LANs are connected to the IP network by provider edge (PE) devices, which are linked one to another by tunnels through the IP network. The sending (ingress) PE device receives Ethernet frames from a customer edge (CE) device on the source LAN. It encapsulates the frames in packets with the label stack required for transmitting the packets through the appropriate tunnel to the receiving (egress) PE device. The label structure includes a “Pseudo Wire” label (or PW label), which is used by the egress PE device to de-encapsulate the frame and send it to the proper user port. As a result of this encapsulation and associated processing functions, the IP network emulates Ethernet trunking and switching behavior and can thus be treated as an Ethernet PW. In other words, from the point of view of native Ethernet LANs that are connected to tunnels through the IP network, each PW is a virtual Ethernet point-to-point connection, emulating a physical connection between two Ethernet ports. Martini's encapsulation method may also be used in conjunction with virtual LANs (VLANs), as defined in IEEE standard 802.1Q. In this case, the egress PE device processes and forwards the packet based on the VLAN tag.
Taking this functionality a step further, a number of authors have described methods for creating a virtual private LAN service (VPLS), which links different LANs together over an IP network. Such methods are described, for example, by Kompella et al., in “Virtual Private LAN Service” (IETF draft-ietf-12vpn-vpls-bgp-02.txt, May, 2004) and by Lasserre et al., in “Virtual Private LAN Services over MPLS” (IETF draft-ietf-12vpn-vpls-ldp-03.txt, April, 2004), which are incorporated herein by reference.
A VPLS (also known as a transparent LAN service—TLS) provides bridge-like functionality between multiple sites over a large network. Users connect to the VPLS via regular Ethernet interfaces. PWs between the nodes to which the users are connected form the VPLS entity itself. Every node in a VPLS acts as a virtual bridge. A virtual bridge node has “virtual ports,” which are the endpoints of PWs that are part of the VPLS. The interfaces to which the users are actually connected are physical ports at the network edges. Both virtual and real interfaces are treated identically from the point of view of frame forwarding and address learning. A single provider node can participate in multiple VPLS instances, each belonging to a different user. From the perspective of the end-user, the VPLS network is transparent. The user is provided with the illusion that the provider network is a single LAN domain. User nodes on different physical LANs can thus be joined together through VPLS connections to define a virtual private network (VPN), which appears to the users to be a single Ethernet LAN.
“Hierarchical VPLS” is an extension to the VPLS model, which is also described by Lasserre et al. in the above-mentioned draft. To avoid loops in the VPN, Lasserre et al. require that each PE be directly connected to every other PE in the same VPN by a single PW, thus defining a full mesh topology. All PEs support a “split horizon” scheme, meaning that a PE must not forward traffic from one PW to another, although it may (and should) forward traffic from one physical port to another and between physical ports and the PWs. In hierarchical VPLS, some or all of the physical interfaces on one side of the split horizon can be replaced by point-to-point PWs, which act as logical extensions of physical ports of remote nodes. In this case, there are both full mesh PWs and point-to-point PWs (and possibly even physical ports) associated with the same VPN. Nodes with only point-to-point PWs are considered to be on the “access side” of the network, and are referred to as “edge nodes.” Nodes with full mesh PWs are considered to be in the “core side” of the network, and are referred to as “core nodes.”
Bi-directional network ring topologies are gaining in popularity, particularly in Internet Protocol (IP) networks. Such networks provide efficient bandwidth utilization by enabling data to be transferred between any pair of nodes in either direction around the ring, while maintaining fast protection against faults. The two opposing traffic directions are commonly referred to as an inner ringlet and an outer ringlet, or ringlet 0 and ringlet 1. It will be understood, however, that in the context of the present patent application and in the claims, the terms “inner” and “outer,” as well as other terms such as “east” and “west” or “right” and “left,” are used arbitrarily to distinguish between the two opposing directions of packet flow in a ring network. These terms are chosen solely for convenience of explanation, and do not necessarily bear any relation to the physical characteristics of the network.
The leading bi-directional protocol for high-speed packet rings is the Resilient Packet Ring (RPR) protocol, which has recently been approved as IEEE standard 802.17, “Part 17: Resilient Packet Ring (RPR) Access Method & Physical Layer Specifications,” which is incorporated herein by reference. Using the RPR protocol, each node (commonly referred to as a “station”) in a ring network has a RPR MAC address and can communicate directly with all other nodes through either ringlet. Each packet sent over either of the ringlets carries a header indicating its RPR MAC destination address. The receiving node recognizes its address in the header and strips the packet from the ring. All other nodes pass the packet onward transparently around the ring. Multicast and broadcast packets may also be delivered over the rings in a similar fashion, using a suitable multicast or broadcast address.
The RPR standard (Annex E) also defines a mechanism for bridging between 802.1D and 802.1Q LANs via the ring network. Bridging of this sort is carried out by bridge nodes on the ring, which connect the ring to other LANs. When a bridge node receives a packet from another LAN, it adds a RPR header with an appropriate RPR MAC destination address and forwards the packet across the ring. If the particular RPR MAC address for the packet is unknown, the bridge node uses a broadcast MAC address to flood the packet to all the nodes on the ring.
Busi et al. describe methods for making transparent LAN connections over a RPR network in U.S. Patent Application Publications US 2003/0074469 A1 and US 2004/0022268 A1, whose disclosures are incorporated herein by reference. The first of these publications describes a method for setting up a transparent LAN-to-LAN functionality between multi-customer source locations through a RPR network. To transport Ethernet frames across the RPR network, an auxiliary header and RPR header are added to the Ethernet frame. The auxiliary header comprises information about the channel designed to transport the frame. The second publication describes a method for making an end-to-end connection between RPR and MPLS networks, wherein the RPR network is linked to the MPLS network through a TLS layer.