1. Technical Field
This disclosure relates to computer networking More specifically, this disclosure relates to systems and techniques for delivering congestion notifications in a network involving a private virtual local area network (VLAN).
2. Related Art
In order to address security issues within a virtual local area network (VLAN) where hosts can establish direct layer 2 communication with one another, private VLAN technology has been implemented. Private VLANs partition a large VLAN broadcast domain into smaller sub-domains, including “isolated” sub-domain and “community” sub-domain, thereby facilitating layer 2 traffic isolation among VLAN customers. Each sub-domain is defined by a designation assigned to a group of switch ports.
Within a private VLAN domain, for a given port on a switch that couples to an endpoint (such as an end host), three separate port designations exist: isolated, community, and promiscuous. Each port designation has its own unique set of forwarding rules, which regulate how an endpoint coupled to a given switch port can communicate with other connected endpoints within the same private VLAN domain. A promiscuous port can communicate with all types of ports, including community and isolated ports; a community port can communicate with other community ports in the same community sub-domain and with promiscuous ports; and an isolated port can only communicate with a promiscuous port. An inter-switch link port is designated as a trunk port. A trunk port is typically presumed to be unaware of the private VLAN configuration and hence is not required to enforce the forwarding rules associated with the above designations.
The existence of private VLANs within a network imposes a challenge for congestion management. In particular, forwarding rules associated with an isolated sub-domain can prevent the flow of congestion notification messages (CNMs).