The present invention relates to communication networks, and, more particularly, to distinguishing between sub-networks of a larger network at, for example, the layer two level, e.g., data link layer level.
A virtual local area network (VLAN) is a group of computers and/or other network resources that are treated as if they are connected to a single network segment. Thus, a VLAN comprises a collection of ports over which certain packets are replicated and may be viewed as a connected sub-network of a larger network. A packet is classified into a VLAN at the point of ingress and, if the packet is a multicast packet or if there is a destination lookup failure, then that packet is forwarded to all of the active ports comprising the VLAN. In this way, a VLAN improves network performance by segmenting the network. In contrast with conventional switching systems, broadcast traffic and node-to-node traffic is restricted to certain ports comprising the VLAN so as to reduce the amount of traffic in the network.
In general, there are many ways that a packet gets assigned to a VLAN. One way is based on switch ports. Specifically, an administrator assigns a port of a switch to a particular VLAN. The second way is based on a packet's Medium Access Control (MAC) address. A switch can maintain a table of MAC addresses and their VLAN associations. The third way a packet is assigned to a VLAN is based on layer three addressing and/or the protocol used to transmit/receive the packet. Other methods are also possible.
When a packet travels between switches, VLAN membership may be indicated implicitly or explicitly. Implicit VLAN membership has been described above. An example would be if all switches that support a particular VLAN share a common table containing the member MAC addresses. Explicit VLAN membership is indicated by using a VLAN tag, which is implemented as a 12-bit, fixed position field in each packet. Switches can quickly examine the VLAN tag and determine the VLAN to which an ingress packet is a member. This provides a generally more efficient VLAN classification algorithm.
Because a 12-bit field is used for a VLAN tag, an Ethernet network, for example, can support as many as 4096 (4K) VLANs. In existing VLAN capable devices, VLAN identification of a packet upon ingress is generally determined by a switch by evaluating whether VLAN tagging is used and whether the packet's EtherType field corresponds to a specific protocol. If so, then an internal VLAN identifier is set to the VLAN tag value contained in the packet. Otherwise, an internal VLAN identifier is set to a default value. VLAN realization of a packet on egress may be determined by the switch by evaluating whether VLAN tagging is used and, if so, then the packet's VLAN tag value is set to an appropriate value based on the destination and the packet's EtherType field is set to the desired protocol. In a conventional Ethernet network supporting VLANs, there is a one-to-one map between external VLAN tags and internal VLAN identifiers. Moreover, because internal VLAN identifiers are global identifiers in an aggregation device, such as a switch or router, the entire aggregation device is limited to 4K unique VLANs.
When an Ethernet switch is deployed in a network where it is shared among multiple independent domains, it may become necessary to coordinate VLAN tag usage among the users on that switch so that the domains remain independent. A carrier/network operator that services many clients may find such VLAN tag coordination to be a heavy burden and the operator's customers may be unhappy with the restrictions imposed to maintain the independent VLAN tag domains.
A carrier/network operator may instead configure an Ethernet switch to ignore VLAN tags so as to treat all packets as untagged to reduce the administrative burden of coordinating VLAN tag usage among multiple customers. Ignoring VLAN tags in a packet may be referred to as “VLAN tag stacking.” This is because when an Ethernet switch ignores a VLAN tag value, multiple VLAN tags may be stacked on the front of the packet. For example, upon ingress, a switch may examine a packet by evaluating whether VLAN tagging is used and whether the packet's EtherType field indicates that the packet is indeed tagged. By ignoring an already present VLAN tag and treating the packet as untagged, a tagged packet may receive one or more additional tags.
VLAN tag stacking does not increase the number of VLANs in a network. Instead, it aggregates many VLANs into one by ignoring existing VLAN identifiers. Both the network and aggregation devices, such as switches and routers, continue to be limited to at most 4K VLANs.
Use of Ethernet technology is expanding from traditional applications, such as LAN networks, to the more demanding environment of core and access networks. It may be difficult, however, to prevent interference between customer network configurations in a large-scale carrier Ethernet deployment. For example, when two customers with overlapping VLAN identifiers attach to the same device, the separate customer VLANs cannot be merged because they use one or more common identifiers, i.e., VLAN tag values. A carrier and/or network operator may use VLAN tag stacking to effectively ignore the customer VLAN identifiers and maintain separate connectivity of the customers' VLANs. Unfortunately, when a carrier provides multiple services over a single physical link to a customer, the VLAN tag may also be used to identify the service a particular packet is associated with. Thus, service unbundling may require differentiation based on VLAN tag values. Because VLAN tag stacking ignores the VLAN tags on customer ports, VLAN tag stacking does not support service unbundling based on VLAN tag values in Ethernet access networks.
Carrier/network operators may also be faced with the issue of how to support large numbers of VLANs. For example, how would a device and a network support thousands of customers, each having potentially multiple VLANs? As discussed above, the 12-bit VLAN tag field limits a device and/or network to a maximum of 4K V LANs.
Another problem that carriers may face is the need to provide layer two connectivity between two independent administrative domains. Similar to the issue discussed above with different customers, there may be overlap between the VLAN identifiers used in the two administrative domains. In some cases, however, the carrier must provide connectivity between these two domains. This may require re-mapping and/or translation of VLAN tag values between the two administrative domains.