The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  • A note on PBB-EVPN
  • Further Reading/Watching
  1. L2VPN & Ethernet
  2. Carrier Ethernet

802.1ah (MAC-in-MAC)

PreviousCarrier EthernetNext802.3ah (Ethernet OAM)

Last updated 1 year ago

802.1ah Provider Backbone Bridging provides for similar scalability that a “BGP free” Core, or L3VPN provides. In a BGP free Core and L3VPN, pure core routers do not need to concern themselves with customer VRFs or even BGP at all. Core routers simply preform label switching on the top transport label, which represents the egress PE.

Similarly, in 802.1ah, core provider switches don’t need to concern themselves with the totality of all customer MAC addresses. Core provider switches simply need to know the destination MACs of all core switches. Customer frames are encapsulated into a second layer 2 header (an 802.1ah header). The destination MAC of this new header is always a provider MAC. This is similar to how the top MPLS label of an L3VPN service is always represents egress PE.

The 802.1ah header, besides having “normal” source and destination MAC fields, and an 802.1q tag field, also has an Instance field. This field is used similar to an L3VPN service label. When the egress provider switch receives the frame, it looks at the Instance field to know which customer bridge domain the frame belongs to.

You can now see the reason that 802.1ah is called “MAC-in-MAC.” You are literally encapsulating the MAC header inside a new MAC header. 802.1ah adds an 18 byte header.

The B-Tag is the backbone VLAN ID. It is no different than a regular VLAN ID. It just is used for the backbone bridging domain.

In the diagram above, a BEB is a Backbone Edge Bridge and is responsible for encapsulation and decapsulating 802.1ah traffic. The BCB devices are Backbone Core Bridges and are only responsible for forwarding traffic based on the backbone destination MAC address. These switches will not learn customer MAC addresses.

The BEBs participating in a common customer bridge domain will need to agree on the I-SID (Instance Service ID). When a BEB receives a frame from a customer device with a destination MAC that is located on a remote BEB, the device will push a 802.1ah header onto the frame. The destination MAC will be the remote BEB’s MAC address in the backbone VLAN. The I-SID will be the configured value that the local BEB has for this customer bridge domain. The remote BEB will have to have the same I-SID value configure. When the remote BEB receives the frame in the backbone bridging instance, it will see the I-SID field and know that it is for the particular customer’s bridge domain. It removes the 802.1ah header and then preforms basic MAC forwarding based on the customer bridge domain.

As you can see, with 802.1ah you get an N:1 mapping of customer bridge domains to a single backbone bridge domain. In the core, besides the obvious MAC scalability benefits, you also get a reduction in flood traffic, and ease of layer 2 traffic engineering. The reduction in flood traffic is a direct result of having less MAC addresses in the backbone core. There are simply less MAC addresses to learn. Secondly, changing the layer 2 topology of the backbone bridge domain for traffic engineering purposes is much easier, because you might be only dealing with a single backbone VLAN, instead of dealing with all customer traffic and those associated service VLANs.

A note on PBB-EVPN

In a modern service provider network, you will usually see IP/MPLS as opposed to a layer 2 switched core. The modern solution for VPLS is to use EVPN, in which every single customer MAC address is advertised via MP-BGP.

Interestingly, PBB can be used for EVPN and solves the same issue as with legacy VPLS MAC scalability. If you have millions of Type 2 EVPN routes in your routing table, you may be concerned with scalability in the control plane. This is in contrast the to the scalability issue with legacy VPLS, which was scalability in the data plane.

With PBB-EVPN, you can run a separate EVPN instance for the backbone, and only advertise the PE MACs for this backbone EVPN instance in MP-BGP. Now your EVPN routes have reduced substantially, maybe down to a few hundred at most.

The drawback with this is that you’ve moved customer MAC learning from the control plane “back” to the data plane. PEs will now learn customer MAC to PE MAC bindings in the data plane.

Essentially, PBB-EVPN uses the same 802.1ah header but instead of running a legacy layer 2 bridge domain for the backbone bridging instance, you use EVPN to be able to label switch the traffic in the core.

Further Reading/Watching

https://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/212882-understanding-basic-802-1ah-provider-bac.html
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r6-1/lxvpn/configuration/guide/b-l2vpn-cg-asr9k-61x/b-l2vpn-cg60xasr9k_chapter_0111.pdf
https://www.youtube.com/watch?v=Rmlk_xIi0rA&ab_channel=Nokia
https://tgregory.org/2016/11/15/evpn-vs-pbb-evpn-and-massive-scale/