BPDU Tunneling

1.1  Why BPDU Tunneling

To avoid loops in your network, you can enable the spanning tree protocol (STP) on your device. However, STP gets aware of the topological structure of a network by means of bridge protocol data units (BPDUs) exchanged between different devices and the BPDUs are Layer 2 multicast packets, which can be received and processed by all STP-enabled devices on the network. This prevents each network from correctly calculating its spanning tree. As a result, when redundant links exist in a network, data loops will unavoidably occur.
By allowing each network to have its own spanning tree while running STP, BPDU tunneling can resolve this problem.
l           BPDU tunneling can isolate BPDUs of different customer networks, so that one network is not affected by others while calculating the topological structure.
l           BPDU tunneling enables BPDUs of the same customer network to be multicast over specific VLAN VPNs in the service provider network, so that the same, geographically dispersed customer network can implement consistent spanning tree calculation across the service provider network.

1.2  Understanding BPDU Tunneling

The BPDU tunneling implements the following two functions:
l           BPDU isolation
l           BPDU transparent transmission

I. BPDU isolation

When a port receives BPDUs of other networks, the port will discard the BPDUs, so that they will not take part in spanning tree calculation.

II. BPDU transparent transmission

As shown in Figure 2-1, the upper part is the service provider network, and the lower part represents the customer networks. The customer networks include network A and network B. Enabling the BPDU tunneling function on the BPDU input/output devices across the service provider network allows BPDUs of the customer networks to be transparently transmitted in the service provider network, and allows each customer network to implement independent spanning tree calculation, without interfering each other. 
l           At the BPDU input side, the device changes the destination MAC address of a BPDU from a customer network from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 by default. In the service provider’s network, the modified BPDUs are forwarded as data packets in the user VLAN.
l           At the packet output side, the device recognizes the BPDU with the destination MAC address of 0x010F-E200-0003 and restores its original destination MAC address 0x0180-C200-0000. Then, the device removes the out-layer VLAN tag, and sends the BPDU to the destination customer network.

&  Note:
Make sure, through configuration, that the VLAN tag of the BPDU is neither changed nor removed during its transparent transmission in the service provider network; otherwise, the system will fail to transparently transmit the customer network BPDU correctly.

&  Note:
l      BPDU tunneling must be enabled globally before the BPDU tunnel configuration for a port can take effect.
l      The BPDU tunneling feature is incompatible with the GVRP feature, so these two features cannot be enabled at the same time. For the description of GVRP, refer to VLAN Configuration.

&  Note:
l      BPDU tunneling must be enabled globally before the BPDU tunnel configuration for a port can take effect.
l      The BPDU tunneling feature is incompatible with the GVRP feature, so these two features cannot be enabled at the same time. For the description of GVRP, refer to VLAN Configuration.

1.3  BPDU Tunneling Configuration Example

I. Network requirements

l           Customer A, Customer B, Customer C, and Customer D are customer network access devices.
l           Provider A, Provider B, and Provider C are service provider network access devices, which are interconnected through configured trunk ports.
The configuration is required to satisfy the following requirements:
l           Geographically dispersed customer networks Customer A, Customer C and Customer D can implement consistent spanning tree calculation across the service provider network.
l           BPDU packets are isolated for the customer network Customer B, so it does not take part in the spanning tree calculation.

II. Network diagram


&  Note:
When STP works stably on the customer network, if Customer A acts as the root bridge, the ports of Customer C and Customer D connected with Provider C can receive BPDUs from Customer A. Since BPDU isolation is enabled on Customer B, the port that connects Customer B to Provider B cannot receive BPDUs from Customer A.

Comments

Sara said…
Excellent post I must say.. Simple but yet entertaining and engaging.. Keep up the awesome work!
The advantage of using an IT Support service is that it provides the customer with availability services that will help the client proactively lessen the downtime as well as adequately address service-level commitments.

Popular posts from this blog

How To Add Print Button to Blogger Posts

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442