1. Field of the Invention
The invention relates generally to virtual private networks and, more particularly, to a system and method for providing support for multipoint layer 2 virtual private network services in devices without local bridging capabilities.
2. Description of the Related Art
A Virtual Private Network (VPN) allows service providers to connect multiple customer sites securely over a common shared network. Multipoint layer 2 VPN (L2VPN) service, better known as Virtual Private LAN Service (VPLS), is an important commercial service offered by service providers such as Cable Multiple Service Operators (MSOs) and telephone companies (Telcos) to their business customers. L2VPN service allows business customers to connect networks at geographically dispersed sites or campuses at layer 2 such that these geographically dispersed sites appear to be connected by a single local area network (LAN) segment. The term “layer 2” refers to the second layer in the protocol stack defined by the well-known Open Systems Interconnection (OSI) Reference model, also known as the logical link, data link, or MAC, layer.
FIG. 1 shows a basic diagram for VPLS 100. The customer sites 110 are connected to a service provider network 120, which appears as an L2 switch capable of learning and aging. The service provider network 120 can be divided into network segments, the access 130 (i.e., the provider edge) and core 140 networks. Customer edge (CE) devices 112 are those devices with the functionality needed on the customer premises to access the VPN services. Provider edge (PE) devices 132 are those devices at the edge of the service provider network 120 (i.e., at the access network 130) with the functionality needed to interface with the customer. The CE and PE devices include routers and switches. In a VPN environment, the CE devices 112 connect to the PE devices 132 over attachment circuits 114. IEEE 802.1Q defines a standard virtual LAN (VLAN) tagging scheme (Q-tagging) where a “tag” field 210 is added to Ethernet frames to indicate in which VLAN they are supposed to go. This scheme allows an Ethernet port to participate in multiple VLANs.
FIG. 2 shows an 802.1Q tagged packet 200. The depicted packet 200 includes: a media access control (MAC) destination address (DA) field 202; a MAC source address (SA) field 204; ether type field (ETYPE) 206; the customer edge VLAN (CE-VLAN) tag field 210; and other fields.
One technology that is increasingly used to interconnect devices in a layer 2 service provider network is 802.1ad. IEEE 802.1ad (Provider Bridges), which is nearing completion in the IEEE, builds on IEEE 802.1Q to enable stacked VLANs, commonly referred to as “Q-in-Q” tag stacking. IEEE 802.1ad codifies the use of a service provider VLAN tag visible and managed by the service provider in a manner that does not interfere with the client VLAN structure. FIG. 3 shows an 802.1ad (Q-in-Q) tagged packet 300. The packet format shown in FIG. 3 is similar to the packet format shown in FIG. 2. However, the packet format in FIG. 3 includes a service provider VLAN (SP-VLAN) tag 310 in addition to the customer CE-VLAN tag 320. This Q-in-Q tag stacking mechanism, where the outer tag 310 is managed by the service provider and the inner tag 320 belongs to the business customer, allows not only customer separation but differentiated treatment of customer traffic through the service provider cloud. With Q-in-Q tag stacking, the service provider ingress device (the PE) appends the second VLAN tag 310 in every frame header, which is later removed by the egress device. Each network segment, the access and the core, of the service provider network can add/remove its own tag independently. Traditionally, devices within each network segment only deals with a single tag—the tag that happens to be the outermost tag for that segment. Thus, when a packet crosses the boundary from one network segment to another, either the outermost tag gets disposed or a new tag gets added.