Bridging with L3 support EcoRouter Documentation / Bridging with L3 support
A network bridge (bridge) is a physical or logical device which separates Ethernet collision domains which operates on the two lower levels of OSI network stacks and TCP/IP. The combination of two or more network segments is called a bridging. In simple bridges, broadcast packets are sent to all bridge interfaces; bridges with VLAN support can limit broadcast domains by separate interfaces. The VLAN ID in these bridges must be unique within the device. A broadcast domain limited by VLAN has received a VLAN bridge domain name in the IEEE 802.1Q/802.1ad standards.
With the development of provider technologies, a need to limit the uniqueness of VLAN ID by a separate port has appeared. This feature was provided by the concept of EVC (Ethernet Virtual Connection), in which the broadcast L2 domain is no longer tied to VLAN. The EVC bridge domain combines virtual L2 interfaces, which are called service instances (SI). The L3 interface for linking L2 and L3 domains in traditional bridges is called SVI or BVI, in EVC bridge domains it is called BDI (Bridge Domain Interface).
The diagrams of the processes occuring when frames are transferred between L2 and L3 domains involving BDI in both directions are shown in the figure below.
Configuration
A bridge creation command:
ecorouter(config)#bridge <NAME>
where <NAME> is an arbitrary name allowed in EcoRouterOS.
Bridge domain is created in service instance configuration context:
ecorouter(config-service-instance)#
The relevant commands are shown in the table below.
Command | Description |
|---|---|
encapsulation {default|dot1q|untagged} | Configure incapsulation (tagging) for external traffic |
rewrite {pop|push|translate} | Translation of encapsulation when sent to the bridge |
connect bridge <NAME> | Connect to the previously created bridge |
Tagging (encapsulation) can be arbitrary (see the "Tag operations for the service instances" section), and, as mentioned above, the VLAN ID of the service interface on one port can be the same as the VLAN ID of the service interface on the other port, and it will be different VLANs, as long as these SIs are in different bridge domains. Bridge-domain on the bridge is formed by the service interfaces connected to it with the same encapsulation value on the bridge. This value is set by the commands encapsulation and rewrite. Only in this case, a bridging is possible between them. For example, if Q-in-Q tagging is specified on one service interface:
ecorouter(config-service-instance)#encapsulation dot1q 30 second-dot1q 40
and on another (from the same bridge domain) is set the following:
ecorouter(config-service-instance)#encapsulation dot1q 20
then for bridging between them, for example, on the first the following command can be used:
ecorouter(config-service-instance)#rewrite translate 2-to-1 20
Creating BDI
The BDI interface is created as an ordinary L3 interface with two additional commands in the context of the interface configuration which are described in the table below.
Command | Description |
|---|---|
rewrite push | Translation of when sent to the bridge |
connect bridge <NAME> | Assigning to the previously created bridge |
There is no the encapsulation command because the tagged traffic can not be sent to the L3 domain.
Example:
ecorouter(config)#interface bdi0
ecorouter(config-if)#ip address 192.168.0.1/24
ecorouter(config-if)#rewrite push 20
ecorouter(config-if)#connect bridge br0
With this configuration, the br0 bridge frames with VLAN ID 20 can enter the L3 domain. In the opposite direction, the packets will be routed to br0, in case the bdi0 interface is specified for the destination IP address in the FIB.
Show commands
Use the show bridge command in adinistration mode to display information about created bridges. Add <BRIDGE_NAME> after this command to display information about specific bridge: show bridge <BRIDGE_NAME>.
ecorouter#show bridge
Bridge br1
Connect interface bdi1 symmetric
Use the show interface <BDI_NAME> command to display information about BDI interfaces. The command is the same for all interfaces.
ecorouter#show interface bdi1
Interface bdi1 is up
Ethernet address: 1c87.7640.6903
MTU: 1500
Rewrite: push 20
ICMP redirection is on
Label switching is disabled
<UP,BROADCAST,RUNNING,MULTICAST>
Connect bridge br1 symmetric
inet 1.1.1.1/24 broadcast 1.1.1.255/24
total input packets 0, bytes 0
total output packets 0, bytes 0
In EcoRouterOS the mac address table for specific bridge can be displayed.
To do this, use the show bridge mac-table <BRIDGE_NAME> command. This command is available in user and administrative modes.
All the mac-addresses learned in the bridge specified will be displayed.
ecorouter#show bridge mac-table br0
L3 BDI address: 192.168.1.1/24
BD Aging time is 300 sec
Outer Inner L2
Vlan Vlan Address Port Type Age
----- ----- -------------- ------- ---------- -----
- - 0050.7966.6801 te2 Dynamic 2
30 - 0050.7966.6800 te1 Dynamic 18
20 10 0050.7966.6802 te0 Dynamic 21
In the above exemple the following parameters and its values are shown:
L3 BDI address: 192.168.1.1/24 - L3 interface IP-address in the bridge;
BD Aging time - aging time for each mac-address in seconds;
Outer Vlan - the outer VLAN value which user was connected with;
Inner Vlan - the inner VLAN value which user was connected with;
L2 address - device mac-address;
Port - the port name where this mac-address arrived from;
Type - the method which mac-address was learned by (static or dynamic);
Age - time in seconds when the last packet from this mac-address was fixed.