EcoRouter Documentation

Service Instances EcoRouter Documentation / Service Instances

Encapsulation
- Encapsulation types
- Encapsulation settings commands
Tag operations
Service instance view commands

At the entrance to the port, the frame with the VLAN tag will be placed in the service instance that is dedicated to the processing of this VLAN tag. After that the service instance may replace, add or remove this VLAN tag and transfer the frame to another port or interface. That is, the service instance connects the port with the port or the port with the interface (the port with the bridge domain) within the device.

Encapsulation

Encapsulation types

The frame is placed in one or the other service instance at the port on the basis of the encapsulated therein dot1q tag or its absence. There can be several service instance at the one port. There can be up to 4,000 service instance at the router.

Encapsulation settings commands

Encapsulation type	Description
encapsulation dot1q VALUE	Specifying the tag
encapsulation dot1q VALUE second dot1q VALUE	Specifying 2 tags contained in the frame. The values of the tags specified in the order starting from the inner tag
encapsulation dot1q VALUE- VALUE	Specifying the range of tags
encapsulation dot1q VALUE exact	Argument exact indicates that the service instance will handle only the frame with one specified tag or one tag from the range
encapsulation untagged	Specifying the absence of the tag in the frame
encapsulation default	Specifying that the data service instance will process all the other tags that are not specified previously in other service instances on the port. It can be used in the L3 bridging and in connections without L3 routing.

Argument exact is mandatory in the case of onward transmission frame to the L3 level (interface Demux is an exception). The argument may be omitted in the case of transmitting a frame to bridge or port.

Tag operations

The tag may be replaced, added or removed after the frame has been placed in a certain service instance. To do this, run the command rewrite with different arguments.

If the block after passing through the service instance will be transmitted to the interface for further processing to L3 (except BDI, IP-demux Interface) than the argument pop is to be performed on it. Operation pop removes tag from the frame.

If the block after passing through the service instance is transmitted to the port or bridge, there can then be performed all possible tag operations.

Tag operation commands

Tag operations	Description
Rewrite pop VALUE	Operation for wothdrawing of tags. VALUE equals 1 or 2
Rewrite push VALUE VALUE	Operation for adding of tags. VALUE is a VLAN identificator. Upper tag is first
Rewrite translate 1-to-1 VALUE	Swap one tag to another one. VALUE is a new VLAN identificator
Rewrite translate 1-to-2 VALUE VALUE	Swap one tag to another two
Rewrite translate 2-to-2 VALUE VALUE	Swap two tags to another two
Rewrite translate 2-to-1 VALUE	Swap two tags to another one

The traffic direction through the service instance

Tag operations in the frame are allowable for both directions of transferring through the service instance. For example, when the frame passing from the port to the attached interface and from the interface to the port. The backward direction's tag processing rules are generated automatically.

The type of behaviour of the service instance, working in two directions symmetrically, called ambiguous. If the service instance is defined pop operation when the frame moves from the port to the interface, then the push will be carried out when the packet moves from the interface to the port. Creation of such a service instance is possible with an explicit indication of the needed tag.

Example:

encapsulation dot1q 3 exact

rewrite pop 1

In this example, when moved in one direction tag 3 will be removed, while moving in the opposite direction - added.

The type of behaviour of the service instance operating asymmetrically in two directions, called unambiguous. This service instance is created when there is the general rule for processing of tags range.

Example:

encapsulation dot1q 1-3 exact

When the traffic flows in one direction only tag from this range, will be removed, while moving in the opposite direction the frame will be transmitted without tag as it is not obvious what tag from the range to be placed. This feature limits the use of such a type of behaviour of the service instances in some scenarios.

Tag operations for the service instances

There are three options for tag operations: delete existing tag(s), adding new tag(s) and translation tag(s) from one value to another.

Consider the possible options of tag operations in the case shown in the figure. Where 10, 11 VLAN and untagged traffic come to the port te1 of device.

Tag translation

For example, we need to redirect the traffic belonging to the VLAN 10 to the port te2 with VLAN tag 5.

At the port, which VLAN 10 comes, create a service instance for operation with these tags.

ecorouter(config)#port te1

ecorouter(config-port)#service-instance 3

Of the total volume the traffic with VLAN tag 10 will be selected. Argument exact indicates that this service instance processes the frames with only tag 10.

ecorouter(config-service-instance)#encapsulation dot1q 10 exact

Change the tag 10 to the tag of VLAN 5. Swap one to one.

ecorouter(config-service-instance)#rewrite translate 1-to-1 5

Specify where to send the traffic after the tag operation.

ecorouter(config-service-instance)#connect port te2

Service instance 3 is symmetrical. When the traffic goes backward, the service instance will be configured as listed below.

encapsulation dot1q 5 exact

rewrite translate 1-to-1 10

And thus, the port te1 will be sent traffic with VLAN tag 10

All the possibilities of VLAN tags translation

Translation of a single tag in the two tags.

This command replaces the single tag with the other two. The operation is performed only when a single incoming tag.

rewrite translate 1-to-2 <TAG1> <TAG2>

Example:

ecorouter(config)#port te1

ecorouter(config-port)#service-instance 31

ecorouter(config-service-instance)#encapsulation dot1q 10 exact

ecorouter(config-service-instance)#rewrite translate 1-to-2 5 15

Replace a single tag 10 to the tags 5 and 15. Tag 5 will be first by order in the frame.

Translation of the two tags in two others:

rewrite translate 2-to-2 <TAG1> <TAG2>

Example:

ecorouter(config)#port te1

ecorouter(config-port)#service-instance 31

ecorouter(config-service-instance)#encapsulation dot1q 20 second-dot1q 40
ecorouter(config-service-instance)#rewrite translate 2-to-2 5 15

Replaced tags 20 and 40 to the tags 5 and 15. Tag 5 will be first by order inthe frame.

Translation of two tags in one:

rewrite translate 2-to-1 <МЕТКА>

Example:

ecorouter(config)#port te1

ecorouter(config-port)#service-instance 31

ecorouter(config-service-instance)#encapsulation dot1q 20 second-dot1q 40
ecorouter(config-service-instance)#rewrite translate 2-to-1 5

2 tags incoming to the port will be replaced by one.

Tag adding

All the untagged traffic is processed using the rewrite command with an argument push for service instance 1.

ecorouter(config)#port te1

ecorouter(config-port)#service-instance 2

Specify that all untagged traffic will be handled by this service instance.

ecorouter(config-service-instance)#encapsulation untagged

Specify that in each frame put the tag 5.

ecorouter(config-service-instance)#rewrite push 5

Specify where to send the traffic after the tag operation.

ecorouter(config-service-instance)#connect bridge 1

Bridge 1 must be created at first.

All traffic at this service interface output will be marked with the VLAN tag 5.

In the backward moving from the bridge 1 to port te1 all traffic will go to the port without any tags.

Translate and push operations are only possible in the case of binding the service instance to L2 level, that is, to the port or bridge.

To L3 level packets should come without VLAN tag.

VLAN tags are removed via rewrite pop command.

Tag removing

In the service instance 2 will process VLAN 11 at the port te1. First we need to create a service instance with the name 2.

ecorouter(config)#port te1

ecorouter(config-port)#service-instance 2

Filter the 11 VLAN.

ecorouter(config-service-instance)#encapsulation dot1q 11 exact

Remove the VLAN tag to transmit a frame on the L3 interface. In this case, the rewrite command with an argument pop 1 indicates that the frame contains only one label, and it will be deleted.

ecorouter(config-service-instance)#rewrite pop 1

Set the port bundle with L3 interface.

ecorouter(config-service-instance)#connect ip interface e1

Thus, the traffic goes to interface e1 without VLAN tag.

For backward direction following is true:

encapsulation untagged

rewrite push 1

Add a VLAN tag 11.

There is another type of encapsulation in the service instance: encapsulation default. Absolutely all traffic, not isolated in a separate service instance, is covered by this type of encapsulation. Since a number of tags contained in the frame, and what kind is this tags are not specified, the router can not perform any operations with them (remove, replace, etc.). Therefore frame's redirect is also possible only to L2: bridge or port.

Service instance configuration for 2 VLANs routing

There is a network diagram listed on the figure below.

Step 1. Create the interfaces and assign IP address.

ecorouter(config)#interface QQ1

ecorouter(config-if)#ip address 10.0.0.1/16

ecorouter(config)#interface QQ2

ecorouter(config-if)#ip address 10.1.0.1/16

Step 2. Create a service instance on the port for VLAN 2.

ecorouter(config)#port te1

ecorouter(config-port)#service-instance te1/QQ1

Step 3. Declare an encapsulation. This entry says that we are waiting for the VLAN tag 2. Option exact indicates that this rule will get only frames with tag 2.

ecorouter(config-service-instance)#encapsulation dot1q 2 exact

Step 4. Remove the tag with pop. The key 1 indicates that only the top tag will be removed. The frame must go to L3 without VLAN attributes.

ecorouter(config-service-instance)#rewrite pop 1

Step 5. Created at the Step 2 service instance should be attached to L3 interface.

ecorouter(config-service-instance)#connect ip interface QQ1

Step 6. Do the same configuration for VLAN 3.

ecorouter(config)#port te1

ecorouter(config-port)#service-instance te1/QQ2

Step 7. Declare an encapsulation. This entry says that we are waiting for the VLAN tag 3. Option exact indicates that this rule will get only frames with tag 3.

ecorouter(config-service-instance)#encapsulation dot1q 3 exact

Step 8. Remove the tag with pop. The key 1 indicates that only the top tag will be removed. The frame must go to L3 without VLAN attributes.

ecorouter(config-service-instance)#rewrite pop 1

Step 5. Created at the Step 6 service instance should be attached to L3 interface.

ecorouter(config-service-instance)#connect ip interface QQ2

In the case of frame motion from network segment up to the router (see the diagram), the tag will be removed at the port te1 (see. Step 4). In the case of pack motion down from the router to the segment, the opposite will occur. Namely rewrite push 1. This is possible because the VLAN number in the service instance is specified explicitly.

Service instance configuration in case of EcoRouter serves as L2 device

There is a network diagram listed on the figure below.

Step 1. Create a service instance at the port te0 for VLAN range 1-10.

ecorouter(config)#port te0

ecorouter(config-port)#service-instance for_vlan(1-10)

ecorouter(config-service-instance)#encapsulation dot1q 1-10

Step 2. Bind the service interface to the output port.

ecorouter(config-service-instance)#connect port te1

Step 3. Create a service instance at the port te1 for VLAN range 1-10.

ecorouter(config)#port te1

ecorouter(config-port)#service-instance for_vlan(1-10)

ecorouter(config-service-instance)#encapsulation dot1q 1-10

Step 4: Bind the service instance to the output port.

ecorouter(config-service-instance)#connect port te0

EcoRouter performs switching frames tagged 1-10 from the port te0 to the port te1 and vice versa with this setting. Switch ports at the side of the router are configured as trunk and use the encapsulation dot1q. As can be seen in two different service instances encapsulation for VLAN 1-10 doesn't contain keyword exact, which is permissible only if there are no tag operations (pop, push, translate) and these service interfaces haven't connect to the port or L2-domain (bridge-domain). It should be noted that tag operations are still possible when configuring the L3 interface (BDI). This constraints will immediately become clear, if we imagine a situation when the router should add the tag to the outcoming frame at the port, where the tag is defined from a locally-configured range. In the example if at the service instance will be configured an option rewrite pop 1, then at the exit of the port would have to be applied the inverse operation of adding tags 1-10, which obviously makes the ambiguity, because it is not known which tag to add. EcoRouter excludes such situations and will warn the administrator about improperly configured filters. Such traffic management flexibility requires a care and a clear understanding of ongoing operations with packets in the interfaces and router ports. The CLI has several show group commands to view the configured filters.

Service instance view commands

Viewing all the service instances for all ports

To view the service instances settings, available for all ports, use the command show port or its abbreviated form: sh port.

Ingress is a description of the frames processing while moving through the port in one direction. As it described in the service instance by the administrator.

Egress is a description of the frames processing while moving through the port backward. It is an automatically created response rule.

ecorouter#sh port 
 te0 is up 
  Type:  [10 Gigabit Ethernet] 
  MTU: 9728[82-9728] 
   link state UP;  
  Input packets 0, bytes 0, errors 0 
  Output packets 0, bytes 0, errors 0 
 te1 is up 
  Type:  [10 Gigabit Ethernet] 
  MTU: 9728[82-9728] 
   link state UP;  
  Input packets 0, bytes 0, errors 0 
  Output packets 0, bytes 0, errors 0 
  Service instance 1 is up 
   ingress encapsulation dot1q 12 exact 
  ingress rewrite pop 1 
  egress encapsulation untagged 
  egress push 12

   Input packets 0, bytes 0 
   Output packets 0, bytes 0 
 te2 is up 
  Type:  [10 Gigabit Ethernet] 
  MTU: 9728[82-9728] 
   link state UP;  
  Input packets 0, bytes 0, errors 0 
  Output packets 0, bytes 0, errors 0 
 te3 is up 
  Type:  [10 Gigabit Ethernet] 
  MTU: 9728[82-9728] 
   link state UP;  
  Input packets 0, bytes 0, errors 0 
  Output packets 0, bytes 0, errors 0 
 te4 is up 
  Type:  [10 Gigabit Ethernet] 
  MTU: 9728[82-9728] 
   link state UP;  
  Input packets 0, bytes 0, errors 0 
  Output packets 0, bytes 0, errors 0 
 ecorouter#

Viewing the service instances for a single port

To view settings of the service instances available for a specific port, use the command show port <NAME> or its abbreviated form: sh port <NAME>.

 ecorouter#sh port te1

 te1 is up

  Type:  [10 Gigabit Ethernet]

  MTU: 9728[82-9728]

   link state UP;

  Input packets 0, bytes 0, errors 0

  Output packets 0, bytes 0, errors 0

  Service instance 1 is up

  ingress encapsulation dot1q 12 exact

   ingress rewrite pop 1

   egress encapsulation untagged

   egress push 12

   Input packets 0, bytes 0

   Output packets 0, bytes 0

 ecorouter#

Viewing the particular service instance

To view the settings of a particular service instance, use the command show port <NAME> service-instance <SI_NAME> or its abbreviated form: sh port <NAME> service-instance <SI_NAME>.

ecorouter#sh port te1 service-instance 1 
 Service instance 1 is up 
  ingress encapsulation dot1q 12 exact 
  ingress rewrite pop 1 
  egress encapsulation untagged 
  egress push 12 
  Input packets 0, bytes 0 
  Output packets 0, bytes 0