SpeedTouch R6.1 L2QOS > Jan Jan > Technical Presales Manager

Hierarchical module overview

4 Interface Architecture Modules > According to OSI model Layer 1 : Physical > ATM Phonebook menu > ATM menu Layer 2 : Datalink > IP menu =>IPoA interface IPoA with destination an ATM interface > Eth menu => ETHoA interface Ethoa with destination an ATM interface > Eth bridge menu => bridge interfaces Bridge with destination an ATM interface Part of the bridge (also eth1, eth2, eth3 and eth4 and OBC) > PPPoA and PPPoE Layer 3 : Network > IP menu => IP interface IP with destination IPoA, EthoA or LAN interface IP routing, receive-only RIPv1/2 > NAT : NAT menu > Streams : connection menu > ALG : connection menu Layer 4/5 : Transport > Firewall menu : stateful firewall Layer 6 : Presentation > Not applicable Layer 7 : Application > Not applicable

VLAN (802.1p & 802.1q) Bridging and Routing over a single PVC in SpeedTouch Business Products

6 Data Link Application Presentation Session Transport Network Physical OSI Model Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 Major IEEE Sublayers Ethernet-Specific D 802.1Q 802.1p Ethernet Frame Structure Preamble Destination MAC Address Source MAC Address Length/ Type Data/LLC Frame Check Sequence 64 bits48 bits 16 bits46 to 1500 Bytes32 bits 1518 Bytes Length 64 Bytes Physical Signaling Media MAC Bridging Media Access Control (MAC) Logical Link Control (LLC) Ethernet Protocol Structure

7 Virtual LAN (VLAN) Capability > Virtual LAN and priority capabilities are provided by 802.1q/p: a VLAN tag is provided by 802.1Q to identify VLAN membership > Limited to 4096 VLANs the VLAN tag has a 3-bit priority field that allows 8 possible service classes (matches DiffServs 8 possible classes) > Why VLANS? LAN scalability: > limits broadcast domains (limits broadcast storms); > also limits multicast, chatty protocols, etc., reducing overall network traffic. Network efficiency: traffic flows from different VLANS can be segregated Allows non-physical grouping of nodes that share similar resources Allows easy changing of LAN membership Reduces the amount of level 3 (IP) routing Security: limits snooping

8 Standardization and tagging > IEEE 802.1Q : Virtual Bridged Local Area Networks Defines VLAN bridge operation (extension of 802.1D) Defines VLAN tag TPID = 0x8100, TCI = priority (3bit) + CFI (1bit) + VID (12bit) Defines dynamic VLAN group membership mechanism, STP protocol impact, etc.

9 TAG 2 bytes Three Bits Used for CoS (802.1p User Priority)DataFCSPTSADASFDPream.Type 802.1Q/p Header PRI VLAN ID CFI Ethernet Frame 802.1p User Priority field also called Class of Service (CoS) Different types of traffic are assigned different CoS values E.g. IP Phone CoS 6 and 7 are reserved for network use Best Effort Data Medium Priority Data High Priority Data Call Signaling Video Conferencing Voice Bearer Reserved ReservedCoSApplication Ethernet 802.1Q/p Class of Service

10 Benefits of using VLAN > Increased performance : less broadcast traffic on segment, no latency added by routers > Topology independence : logical networks are independent of physical locations > Ease of administration : topology changes no longer require HW changes but can be done in SW > Additional features : layer 2 segregation of traffic by means of VLAN priority > Cost-effectiveness : less routers needed, VLAN-aware switches are used instead

11 VLAN implementation overview > Business segment modems (620, 608, 608WL, 605) Most complete VLAN implementation > Full blown port isolation capabilities on all interfaces > VLAN tagging/untagging > 802.1p and IPQos priority mapping > VLAN routing, …

12 The Default configuration of the bridge > Defaults on e.g. ST620 (type eth bridge iflist) > Bridge interfaces All except OBC are connected to physical interfaces All except OBC and ethport1 can be detached/deleted Others can be added e.g. towards ATM interface > Functional : classical IEEE 802.1D self-learning bridging

13 The bridge filters > WAN broadcast filter Filters broadcast from OBC to WAN bridge interfaces Applies to the whole bridge Enabled by default CLI : eth bridge config, parameter filter GUI: NOT > Multicast filter Filters multicast traffic in both directions Can be set for each bridge port separately Disabled by default CLI : eth bridge ifconfig, parameter mcastfilter GUI: Expert > Connections > Bridged Ethernet (not ST612s)

14 The VLAN bridge > Bridge becomes VLAN aware When the corresponding parameter is set manually In one of the following cases (automatically toggled) > A physical interface is added to a newly created VLAN > Ethernet is directly terminated on physical interface > switch grouping is used

15 Moving ports around > The basic functionality of a VLAN switch/bridge is the capability to specify VLAN membership for each port The OBC can only be untagged member of one VLAN A port can be untagged member of 1 or more VLANs > If no default group member wanted => Dummy VLAN A port can be tagged member of 0 or more a VLANs A port can never be tagged/untagged in same VLAN eth bridge vlan iflist lists all memberships > The term port isolation often used term for a port (can be ETH, ATM, wireless) added to a new VLAN and removed from default remember traffic is NOT bridged/switched between switch ports in different VLANs

16 VLAN tagging concept > Concept : VLAN = Bridge group with VLAN tagging/untagging/forwarding capabilities Step 1 : Create a VLAN > Addrule option : Enabled : shared list No identical in different VLANs possible ! Disabled : independent list

17 VLAN tagging concept > Concept continued Step 2 : Create the WAN port(s) and adapt LAN ports if required > ATM PVC with LLC encapsulation and ULP=MAC > Add the port to the list of bridged ports -Disabled : no mapping of 802.1p to internal class -Overwrite : set new priority -Increase : only change when new priority is better -disabled : donset TOS byte -Precedence interpretation -DSCP interpretation Enable/disable discard of tagged ingress packets if the interface is not part of the VLAN Enable/disable receiving of untagged packets L2 IPQOS

18 VLAN tagging concept > Concept continued : Step 3 : > add ports to the VLAN and set them tagged or untagged > Remove ports from default VLAN/group, if required ! * : untagged

19 Enabling VLAN and statistics > Enable VLAN > View Rx/Tx statistics > ! When removing a port from the default group, all connectivity with the CPE is lost Allow or disallow upstream broadcasts

20 SpeedTouch 6xx priority mapping table Regeneration Priority

21 VLAN classification scenarios > Scenario 1 : LAN tagged, WAN tagged AcceptVLANonly and IngressFiltering enabled on both ports eth4 pvc835 Tagged in Tagged out All 600 series

22 VLAN classification scenarios > Scenario 2 : LAN untagged, WAN tagged AcceptVLANonly only on WAN port eth4 pvc835 Untagged in Tagged in Tagged out Untagged out All 600 series

23 VLAN classification scenarios > Scenario 3 : LAN tagged, WAN untagged AcceptVLANonly only on LAN port eth4 pvc835 Tagged in Untagged in Untagged out Tagged out All 600 series

24 VLAN classification scenarios > Scenario 4 : LAN untagged, WAN untagged AcceptVLANonly and IngressFiltering disabled, also VLAN state disabled eth4 pvc835 Untagged in Untagged out All 600 series

25 P-bit classification concept > Step 0 : decide whether to use IP prec or p-bits as inbound classification criterium IP precendence (or DSCP) : P-bits :

26 VLAN routing basics > Remember routing is needed to communicate between two VLANs the router must be member of all VLANs

27 The OBC as port to the upper layer > Routing between VLANs in SpeedTouch devices? create multiple IP interfaces (which are connected to the router) associate the IP interfaces with the VLANs you want to route between add IP addresses, set the necessary routes, … > Which steps are needed to set this up? Add OBC as tagged (!) member to the VLANs Create logical Ethernet interfaces, associated with the VID of the correct VLAN and bridge as destination Create IP interfaces with the corresponding logical Ethernet interfaces as destination

28 The OBC as port to the upper layer > Defaults on e.g. ST620 (type interface list)

29 Routed VLAN on CLI > Add OBC as tagged (!) member to VLAN {pol}=>eth bridge vlan ifadd intf OBC name dmz untagged disabled > Create a logical Ethernet interface, associated with the VID of the correct VLAN and bridge as destination {pol}=>eth ifadd intf eth_dmz1 {pol}=>eth ifconfig intf eth_dmz1 dest bridge vlan dmz {pol}=>eth ifattach intf eth_dmz1 > Create IP interface with the corresponding logical Ethernet interface as destination {pol}=>ip ifadd intf dmz1 dest eth_dmz1 {pol}=>ip ifattach intf dmz1

30 Routed VLAN on Web GUI > Adding the OBC to VLAN Expert > Connections > Bridged Ethernet > VLAN > Creating Logical ETH and IP interfaces: Cannot be created/modified/deleted separately Only Routed Ethernet page to configure them together

Layer 2 IPQOS

32 Layer 2 IPQOS > To enable IPQOS on PVC Ipqos config intf state enabled > System reboot required ! Or bring down all interfaces from top to bottom and enable all again

33 Classification > Labels cannot be used : only for routed scenarios > Eth bridge port can be configured for traffic classification : Prioconfig = overwrite IPprec : > disabled : user 802.1p > Precedence : use IP precedence > DSCP : use DSCP

34 SpeedTouch 6xx priority mapping table Regeneration Priority

35

36 Use QosFlow Generator > Select interface > Fix remote MAC address (do ipconfig /all on other PC) > Select Virtual LAN 802.1q ID = VLAN ID 802.1p Priority > Fill local and remote E.g and > Send traffic with PCR=100, #packets=0 (send traffic forever) > Push start button

37 Use QosFlow Monitor > Select interface > Tick the filter box > Optionally the filter arguments can be specified Reference :

Thank you!