Local Area Networks (LANs) connect computing systems together. LANs of all types can be connected together using Media Access Control (MAC) bridges, as set forth in the “IEEE Standard for Information Technology, Telecommunications and Information Exchange between Systems, Local and Metropolitan Area Networks, Common Specifications, Part 3: Media Access Control (MAC) Bridges,” published as ANSI/IEEE Standard 802.1D (1998), which is incorporated herein by reference. The 802.1D standard is available at standards.ieee.org/catalog/IEEE802.1.html.
Each computing system connects to a LAN through a MAC device. MAC bridges that implement the 802.1D standard allow MAC devices attached to physically separated LANs to appear to each other as if they were attached to a single LAN. A MAC bridge functions within the Logical Link Control (LLC) sublayer of the Network Layer defined in ISO/IEC standard 7498-1: 1994, entitled “Information Processing Systems—Open Systems Interconnection-Basic Reference Model—Part 1: The Basic Model” (available from the American National Standards Institute, New York, N.Y.), which is incorporated herein by reference. The bridge includes two or more MAC devices that interconnect the bridge ports to respective LANs.
MAC bridges maintain a database to map destination MAC addresses of the packets they receive to bridge ports. The bridge builds the database by means of a learning process, in which it associates the source MAC address of each incoming packet with the port on which the packet was received. When the bridge receives an incoming packet whose destination address is not located in the database, it broadcasts the packet through all its available ports, except the one through which the packet arrived. Other MAC bridges that do not recognize the destination address will further broadcast the packet. Through the broadcast mechanism, the packet will eventually traverse all interconnected bridges at least once, and will ultimately reach its destination. A similar broadcast operation is performed independently for having a destination MAC address of a broadcast or multicast group, although the multicast scope may be reduced if the bridge is aware (by use of special protocols) of the physical locations of the target addresses in each multicast group. The operation of broadcast or multicast of a packet is referred to (independently of the reason) as a flooding process.
Multiprotocol Label Switching (MPLS) is gaining popularity as a method for efficient transportation of data packets over connectionless networks, such as Internet Protocol (IP) networks. MPLS is described in detail by Rosen et al., in Request for Comments (RFC) 3031 of the Internet Engineering Task Force (IETF), entitled “Multiprotocol Label Switching Architecture” (January, 2001), which is incorporated herein by reference. This RFC, as well as other IETF RFCs and drafts cited hereinbelow, is available at www.ietf.org. In conventional IP routing, each router along the path of a packet sent through the network analyzes the packet header and independently chooses the next hop for the packet by running a routing algorithm. In MPLS, however, each packet is assigned to a Forwarding Equivalence Class (FEC) when it enters the network, depending on its destination address. The packet receives a short, fixed-length label identifying the FEC to which it belongs. All packets in a given FEC are passed through the network over the same path by label-switching routers (LSRs). Unlike IP routers, LSRs simply use the packet label as an index to a look-up table, which specifies the next hop on the path for each FEC and the label that the LSR should attach to the packet for the next hop.
Since the flow of packets along a label-switched path (LSP) under MPLS is completely specified by the label applied at the ingress node of the path, a LSP can be treated as a tunnel through the network. Such tunnels are particularly useful in network traffic engineering, as well as communication security. MPLS tunnels are established by “binding” a particular label, assigned at the ingress node to the network, to a particular FEC.
One of the most promising uses of MPLS tunnels is in transporting layer-2 packets, such as Ethernet frames or ATM cells, over high-speed, high-performance packet networks. Methods for this purpose are described, for example, by Martini et al., in “Encapsulation Methods for Transport of Ethernet Frames Over IP and MPLS Networks” (IETF draft-martini-ethernet-encap-mpls-01.txt, July, 2002), which is incorporated herein by reference. This draft defines mechanisms for encapsulating Ethernet traffic for transportation over IP networks using MPLS or other tunneling methods, such as Generic Routing Encapsulation (GRE), as are known in the art. L2TPv3, described by Townsley et al in “Layer Two Tunneling Protocol (Version 3) ‘L2TPv3’” (IETF draft-ietf-l2tpext-l2tp-base-03.txt, June, 2002), which is incorporated herein by reference, is another technique for tunneling layer-2 packets over IP networks, which can be used, inter alia, to carry Ethernet packets within a provider network. The term “layer 2” refers to the second layer in the protocol stack defined by the well-known Open Systems Interface (OSI) model, also known as the logical link, data link, or MAC, layer.
According to the model proposed by Martini et al., native Ethernet LANs are connected to the IP network by provider edge (PE) devices, which are linked one to another by tunnels through the IP network. The sending (ingress) PE device receives Ethernet frames from a customer edge (CE) device on the source LAN. It encapsulates the frames in packets with the label stack required for transmitting the packets through the appropriate tunnel to the receiving (egress) PE device. The label structure includes a “virtual connection” label (or VC label), which is used by the egress PE device to de-encapsulate the frame and add the proper MAC header and, optionally, a VLAN tag for transmission on the target LAN to the destination CE device. Details of the VC label structure are described by Martini et al. in an IETF draft entitled “Encapsulation Methods for Transport of Layer 2 Frames over MPLS” (IETF draft-martini-l2circuit-encap-mpls-04.txt, November, 2001), which is incorporated herein by reference.
As a result of this encapsulation and associated processing functions, the IP network emulates Ethernet trunking and switching behavior and can thus be treated as an Ethernet “pseudo wire” (PW). In other words, from the point of view of native Ethernet LANs that are connected to tunnels through the IP network, each PW is a virtual Ethernet point-to-point connection, emulating a physical connection between two Ethernet port.
Taking this functionality a step further, Lasserre et al. describe a method to create a virtual private LAN service (VPLS) using a MPLS network in “Virtual Private LAN Services over MPLS” (IETF draft-lasserre-vkompella-ppvpn-vpls-02.txt, June, 2002), which is incorporated herein by reference. Although this reference is limited in scope to MPLS tunneling, the PW connection between the nodes can more generally be implemented using any available PW protocol, such as GRE or L2TPv3. A VPLS (also known as a transparent LAN service—TLS) provides bridge-like functionality between multiple sites over a large network. Users connect to the VPLS via regular node interfaces, and PWs between the nodes to which the users are connected form the VPLS entity itself. Every node in a VPLS acts as a virtual bridge. A virtual bridge node has “virtual ports,” which are the endpoints of PWs that are part of the VPLS. The interfaces to which the users are actually connected are physical ports at the network edges. Both virtual and real interfaces are treated identically from the point of view of frame forwarding and address learning. A single provider node can participate in multiple VPLS instances, each belonging to a different user.
The VPLS network topology is completely specified by the PW connections. When the PW connections are MPLS tunnels, the VPLS depends on the MPLS protocol to actually transfer the packets through the network. Since MPLS networks supply an alternative, virtual implementation of layer-2 network communications, VPLS can be thought of as parallel to conventional virtual bridged local area networks, as specified in the IEEE 802.1Q standard. From the perspective of the end-user, the VPLS network is transparent. The user is provided with the illusion that the provider network is a single LAN domain. User nodes on different physical LANs can thus be joined together through VPLS connections to define a virtual private network (VPN), which appears to the users to be a single Ethernet LAN.
VPLS networks are still in the development stage, and there are as yet no clear standards for loop prevention in such networks. One possible solution to avoiding loops in VPLS topologies is to configure the VPLS network as a full mesh of tunnels, as specified by Lasserre et al. in the above-mentioned draft. In a full mesh, each PE is directly connected to every other PE in the same VPN by a single PW. To avoid loops in the VPN, Lasserre et al. require that all PEs support a “split horizon” scheme, meaning that a PE must not forward traffic from one PW to another, although it may (and should) forward traffic from one physical port to another and between physical ports and the PWs. Considering the scope of flooding generally, a packet to be flooded coming from a PW will never be copied to another PW on the full mesh side, but is flooded to all Ethernet ports on the same VPN. An Ethernet packet to be flooded arriving from a physical port is copied to all other physical ports and to all the full mesh PWs of the same VPN. This split behavior differs from the traditional model of 802.1D bridges.
“Hierarchical VPLS” is an extension to this model, which is also described by Lasserre et al. in the above-mentioned draft. In hierarchical VPLS, some or all of the physical interfaces on one side of the split horizon can be replaced by point-to-point PWs, which act as logical extensions of physical ports of remote nodes. In this case, there are both full-mesh PWs and point-to-point PWs (and possibly even physical ports) associated with the same VPN. The scope of forwarding and flooding is the same as described above for full-mesh PWs and physical ports.
Another option for preventing loops is to create the VPLS in a hub-and-spoke topology. In this case, only point-to-point PWs exist between the node that implements VPLS operation and edge nodes physically connected to the user ports. The bridging operation between the PWs in this case is the same as in a standard bridge, except that multiple logical bridges serve multiple users on the same physical node.