Telecommunications networks facilitate exchange of numerous types of data (e.g., computer data, voice data, video data, etc.). Local area networks (LANs) of devices may be formed within a telecommunications network in order to increase network bandwidth usage efficiency by segregating network traffic within such a LAN. In particular, a group of devices in relatively close physical proximity and sharing a common administrative purpose may be designated as members of a LAN.
More recently, virtual LANs (“VLANs”) have been developed. A VLAN is a switched network arbitrarily and logically segmented according to some criteria that is not necessarily related to the physical relationship of network nodes, e.g. function, project team, application, etc. Thus, a VLAN includes a grouping of network nodes (typically defined in terms of the ports on a switching device to which the nodes are connected) virtually constructed regardless of real physical connection. In general, any switch port can belong to a VLAN, and unlike LANs, VLANs contain broadcast and multicast traffic within a predefined group to limit unnecessary bandwidth use in the overall network. Unicast, broadcast, and multicast packets are forwarded and flooded only to stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN are forwarded through a router or bridge. Because a VLAN is considered a separate logical network, it contains its own bridge Management Information Base (MIB) information and can support its own implementation of the Spanning Tree Protocol (STP).
To provide further segmentation and control, so-called private VLANs (PVLANs) can be defined based on one or more VLANs. PVLANs provide Layer 2 isolation between ports within the same private VLAN. A PVLAN consists of one primary VLAN and optionally one or more secondary VLANs. The primary VLAN is a basic representation of the entire PVLAN. It has a Layer 3 interface at a router, and contains by default all ports in the PVLAN. Typically, a single IP subnet address mask is assigned to a primary VLAN. There are three types of private VLAN ports: (1) promiscuous—a promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN; (2) isolated—an isolated port has complete layer 2 separation from other ports within the same private VLAN except for the promiscuous port (private VLANs block all traffic to isolated ports except traffic from promiscuous ports, and traffic received from an isolated port is forwarded only to promiscuous ports); (3) community—community ports communicate among themselves and with their promiscuous ports, and these interfaces are isolated at layer 2 from all other interfaces in other communities or isolated ports within their private VLAN. Secondary VLANs are used to achieve traffic isolation within the PVLAN. Depending on various security requirements, multiple secondary VLANs may be deployed.
When a packet is routed from an outside network to a PVLAN, it is put in the primary VLAN. In other words, the primary VLAN is the basis for all Layer 3 activities, such as routing, ACL, NAT, etc. Router functionality typically only operates in terms of primary VLANs, and not secondary VLANs. In contrast, the isolated and community VLANs used as secondary VLANs are purely Layer 2 entities. Their existence and configuration only affects switching behavior, and they are generally transparent from a routing point of view.
The different levels of PVLAN awareness among switching and routing devices operating in the same network device, or for that matter the same network, can complicate operation of certain network technologies. For example, one approach to providing the benefits of inter-VLAN routing and also ensuring a certain level of performance for the associated LAN has been to implement Layer 3 switches, which are essentially Layer 2 switches with a routing engine that is designed to specifically route traffic between VLANs in a LAN environment. Thus, Layer 3 switches make switching decisions based on both Layer 2 and Layer 3 information, a technique sometimes referred to as multi-layer switching (MLS).
Internet Protocol (IP) multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of packets to multiple recipients. IP Multicast delivers source traffic to multiple receivers without adding any additional burden on the source or the receivers while using the least network bandwidth of any competing technology. Multicast packets are replicated in the network by routers enabled with suitable multicast protocols. Although IP multicast is essentially a Layer 3 technology, the different protocols and techniques used to support IP multicast operate at different layers. Thus, the differing Layer 2 and Layer 3 treatment of PVLANs can be at odds with support requirements for IP multicast.
Accordingly, it is desirable to ensure that PVLAN implementations interoperate with IP multicast, and particularly with multicast functionality provided by IP version 6 (Ipv6).