IETF Transparent Interconnect of Lots of Links (“TRILL”) provides an architecture of Layer 2 control and forwarding that provides benefits such as pair-wise optimal forwarding, loop mitigation, multipathing and provisioning free. The TRILL protocol is described in detail in Perlman et al., “RBridges: Base Protocol Specification,” available at http://tools.ietf.org/html/draft-ietf-trill-rbridge-protocol-16. The TRILL base protocol supports approximately four-thousand customer (or tenant) identifications through the use of inner virtual local area network (“VLAN”) tags. For example, according to the TRILL protocol, the TRILL header includes a single, 12-bit VLAN tag. The number of tenant identifications provided by the TRILL base protocol is insufficient for large multi-tenant data center deployments. Thus, a fine-grained labeling (“FGL”) networking scheme has been proposed to increase the number of tenant identifications to approximately sixteen million through the use of two inner VLAN tags. The FGL networking scheme is described in detail in Eastlake et al., “TRILL: Fine-Grained Labeling,” available at http://tools.ietf.org/html/draft-ietf-trill-fine-labeling-01 (hereinafter “Eastlake”). For example, according to the TRILL FGL protocol, two, 12-bit VLAN tags (e.g., a high-order VLAN tag and a low-order VLAN tag) are included in the TRILL header.
A TRILL network can include RBridges configured to support the TRILL base protocol (e.g., VLAN labeling (“VL”) RBridges) and RBridges configured to support the TRILL FGL protocol (e.g., FGL RBridges). It should be understood that the hardware of a VL RBridge is not configured to handle FGL frames. Although the hardware of a VL RBridge cannot handle FGL frames, it is possible to run an updated version of software in the VL RBridge to allow it to coexist with FGL RBridges in the same TRILL network. A TRILL network where VL and FGL RBridges coexist can result from gradually replacing VL RBridges with FGL RBridges or by merging two TRILL networks having VL and FGL RBridges, respectively.
Security issues, however, can arise in a TRILL network including VL and FGL RBridges where both VLAN X and FGL (X.Y) are used. First, a multi-destination frame with FGL (X.Y) might follow a distribution tree and egress from a VL RBridge interested in VLAN X. Second, an end station connecting to a VL RBridge interested in VLAN X might forge a multi-destination frame with FGL (X.Y) by sending it with EX-TAG Y. In either case, the multi-destination frame might leak between one tenant in FGL (X.Y) and another tenant in VLAN X. A solution to the above security concerns has been proposed by configuring FGL RBridges to prohibit ingressing and egressing frames to/from FGL (X.Y) if VLAN X is connected to any one of the VL RBridges. These security concerns and proposed solution are discussed in detail in Sections 4 and 9 of Eastlake, for example. Although the proposed solution addresses the security concerns, it disallows the coexistence of approximately four thousand fine-grained labels (e.g., FGL (X.*)) for every VLAN (e.g., VLAN X) connected to one of the VL RBridges. Thus, when a large number of VLANs are connected to the VL RBridges, there may not be enough fine-grained labels available for new tenants.