Download - Understanding Basic 802.1ah Provider Backbone Bridge

Page 1: Understanding Basic 802.1ah Provider Backbone Bridge

Understanding Basic 802.1ah ProviderBackbone Bridge Contents

IntroductionPrerequisitesRequirementsComponents UsedIEEE 802.1ah Provider Backbone Bridging OverviewTerminologies UsedPBB ComponentsLayer 2 loop avoidance protocol802.1ah encapsulation ConfigureNetwork DiagramConfigurationsHow PBB works?Unicast Traffic Forwarding802.1ah Encapsulated Packet View (Unicast traffic)Unknown unicast, multicast & broadcast Traffic Forwarding802.1ah Encapsulated Packet View (Broadcast traffic)Verify


This document describes functioning of basic Provider Backbone Bridge technology (PBB). It usesMulti Spanning Tree (MST) in the core network for loop avoidance.



Cisco recommends that you have basic knowledge of MST  and VPLS (Virtual Private LanService).

Components Used

This document is not restricted to specific software and hardware versions. The information in thisdocument was created using Aggregation Services Router 9000 (ASR9K) devices in a specific labenvironment. All of the devices used in this document started with a cleared (default)configuration.

IEEE 802.1ah Provider Backbone Bridging Overview

Page 2: Understanding Basic 802.1ah Provider Backbone Bridge

The Institute of Electrical and Electronics Engineers (IEEE) 802.1ah PBB feature encapsulates ordecapsulates end-user traffic on a Backbone Edge Bridge (BEB) at the edge of the ProviderBackbone Bridged Network (PBBN). PBB provides scalability to configure higher number ofservice instances in network. PBB encapsulates customer's network into 802.1ah headers. Theseencapsulated packets are exchanged using unique and manually configured backbone address incore network. This obviates the need for backbone core bridges to learn all MAC addresses ofevery customer and hence adding to scalability. In order to understand technology behavior, it isimportant to understand meaning of some terminologies that will be frequently used in thisdocument.

Terminologies Used

This document will be frequently using some terminologies associated with PBB. These are listedbelow with brief explanation.

B-MAC :   All the bridges(routers) in backbone network are manually configured with a unique MAC

address. These MAC addresses are used in forwarding base to identify which remote BEB

should customer traffic be forwarded to.

B-SA :   Denotes backbone MAC address of source bridge.

B-DA  :   Denotes backbone MAC address of destination bridge.

BEB :   Backbone edge bridge is the router that faces customer edge node.

BCB :   Backbone core bridge is transit node in provider's core network that switches frame

towards destination.

B-VID :   Vlan that carries PBB encapsulated customer traffic within core.

I-SID :   Represents a unique service identifier associated with service instances.

B-Tag :   Contains backbone vlan(B-VLAN) id information.

I-Tag :   Contains I-SID value and helps destination BEB router to determine which I-Component

or service instance should the traffic be forwarded to.

S-VID :   Vlan that receives customer traffic and is called Service Vlan identifier(S-VID).

C-VID :   Vlan tag received in customer's frame. This remains intact while it encapsulated and

transported across provider network. 

C-SA :   Original source MAC address of customer's frame.

C-DA :   Original destination MAC address of customer's frame.

Note: C-VID, C-SA and C-DA and payload that constitute customer frame os never changed inPBB network.

PBB Components

The IEEE 802.1ah provides a framework to interconnect several provider bridged networks, oftencalled as PBNs. It provides means to scale the service Vlans in provider’s network. PBB networkcomprises of two main components called as I-Component & B-Component.

Page 3: Understanding Basic 802.1ah Provider Backbone Bridge

I-Component: This component resides on BEB (Backbone Edge Nodes) routers and facescustomer network. It is responsible for handling customer traffic and adding a PBB header to it. I-Component maintains important mapping information:

    - It maintains mapping between S-VID and I-SID

    - It maintains customer mac (C-DA) to bridge backbone mac address (B-DA) mapping.

I-Component Configuration: The two components are defined in the form of different l2vpnbridge group and domain. 

B-MAC :   All the bridges(routers) in backbone network are manually configured with a unique MAC

address. These MAC addresses are used in forwarding base to identify which remote BEB

should customer traffic be forwarded to.

B-SA :   Denotes backbone MAC address of source bridge.

B-DA  :   Denotes backbone MAC address of destination bridge.

BEB :   Backbone edge bridge is the router that faces customer edge node.

BCB :   Backbone core bridge is transit node in provider's core network that switches frame

towards destination.

B-VID :   Vlan that carries PBB encapsulated customer traffic within core.

I-SID :   Represents a unique service identifier associated with service instances.

B-Tag :   Contains backbone vlan(B-VLAN) id information.

I-Tag :   Contains I-SID value and helps destination BEB router to determine which I-Component

or service instance should the traffic be forwarded to.

S-VID :   Vlan that receives customer traffic and is called Service Vlan identifier(S-VID).

C-VID :   Vlan tag received in customer's frame. This remains intact while it encapsulated and

transported across provider network. 

C-SA :   Original source MAC address of customer's frame.

C-DA :   Original destination MAC address of customer's frame.

B-Component: This component is responsible for forwarding traffic in the core network. Itmaintains a database of B-MACs and the interfaces they are learnt from. This information is usedby forwarding engine to select an egress path for outgoing traffic to other remote BEBs.

B-Component Configuration: 

B-MAC :   All the bridges(routers) in backbone network are manually configured with a unique MAC

address. These MAC addresses are used in forwarding base to identify which remote BEB

should customer traffic be forwarded to.

B-SA :   Denotes backbone MAC address of source bridge.

B-DA  :   Denotes backbone MAC address of destination bridge.

Page 4: Understanding Basic 802.1ah Provider Backbone Bridge

BEB :   Backbone edge bridge is the router that faces customer edge node.

BCB :   Backbone core bridge is transit node in provider's core network that switches frame

towards destination.

B-VID :   Vlan that carries PBB encapsulated customer traffic within core.

I-SID :   Represents a unique service identifier associated with service instances.

B-Tag :   Contains backbone vlan(B-VLAN) id information.

I-Tag :   Contains I-SID value and helps destination BEB router to determine which I-Component

or service instance should the traffic be forwarded to.

S-VID :   Vlan that receives customer traffic and is called Service Vlan identifier(S-VID).

C-VID :   Vlan tag received in customer's frame. This remains intact while it encapsulated and

transported across provider network. 

C-SA :   Original source MAC address of customer's frame.

C-DA :   Original destination MAC address of customer's frame.

B-MAC configuration: Every router in PBB environment is identified by a unique MAC address.These backbone MAC addresses are used in 802.1ah encapsulations to forward traffic in B-VID.

B-MAC :   All the bridges(routers) in backbone network are manually configured with a unique MAC

address. These MAC addresses are used in forwarding base to identify which remote BEB

should customer traffic be forwarded to.

B-SA :   Denotes backbone MAC address of source bridge.

B-DA  :   Denotes backbone MAC address of destination bridge.

BEB :   Backbone edge bridge is the router that faces customer edge node.

BCB :   Backbone core bridge is transit node in provider's core network that switches frame

towards destination.

B-VID :   Vlan that carries PBB encapsulated customer traffic within core.

I-SID :   Represents a unique service identifier associated with service instances.

B-Tag :   Contains backbone vlan(B-VLAN) id information.

I-Tag :   Contains I-SID value and helps destination BEB router to determine which I-Component

or service instance should the traffic be forwarded to.

S-VID :   Vlan that receives customer traffic and is called Service Vlan identifier(S-VID).

C-VID :   Vlan tag received in customer's frame. This remains intact while it encapsulated and

transported across provider network. 

C-SA :   Original source MAC address of customer's frame.

C-DA :   Original destination MAC address of customer's frame.


Page 5: Understanding Basic 802.1ah Provider Backbone Bridge

Layer 2 loop avoidance protocol

The two components of PBB receive customer traffic and encapsulate it in 802.1ah. Thisencapsulate frame uses backbone vlan to reach its destination. Which backbone vlan will be usedto forward the traffic is decided by the B-VID value configured in B-Component bridge-domain. Alllayer 2 networks are prone to loops and hence provider’s core requires loop avoidance protocolsto check this. This scenario will utilize Multi Spanning Tree(MST)

802.1ah encapsulation 

The below picture describes the two components present on a BEB router. It shows the headersthat are imposed on the customer traffic. Original customer traffic received with 802.1q tag isfurther imposed with 802.1ad and 802.1ah encapsulations before it is finally set into core networkfor forwarding.

                                                                                                         Diag 1


Network Diagram

Page 6: Understanding Basic 802.1ah Provider Backbone Bridge

                                                                                                              Diag. 2


PBB requires both 'I' and 'B' component to be configured on BEB (customer facing) nodes. BCB(core router) that does not connect to any customer end router only requires B component. 

PBB Configuration

// Below is BEB-1 configuration. Similar configuration applies to other BEBs.

// B-MAC Configuration



  backbone-source-mac 000a.2500.0001



//I-Component Configuration


bridge group I-Comp-Grp

  bridge-domain I-Comp-Dmn

   interface GigabitEthernet0/0/0/12.554


   pbb edge i-sid 5554 core-bridge B-Comp-Dmn



Page 7: Understanding Basic 802.1ah Provider Backbone Bridge



//B-Component Configuration


bridge group B-Comp-Grp

  bridge-domain B-Comp-Dmn

   interface Bundle-Ether2.1506


   pbb core

    rewrite ingress tag push dot1ad 1506 symmetric





Likewise BCB-1, BEB-2, BCB-2 also uses similar structure of configuration.

MST Configuration:

Below is a structure of MST configuration used on all BEBs & BCBs. In this test scenario,  B-VIDfalls in instance 1 of all the four routers. MST provides a loop free layer 2 path between core andedge routers.  Node required to be root bridge needs to be set with lower priority.

// Below is BEB-1 configuration. Similar configuration applies to other BEBs.

// B-MAC Configuration



  backbone-source-mac 000a.2500.0001



//I-Component Configuration


bridge group I-Comp-Grp

  bridge-domain I-Comp-Dmn

   interface GigabitEthernet0/0/0/12.554


   pbb edge i-sid 5554 core-bridge B-Comp-Dmn





//B-Component Configuration


bridge group B-Comp-Grp

  bridge-domain B-Comp-Dmn

   interface Bundle-Ether2.1506


Page 8: Understanding Basic 802.1ah Provider Backbone Bridge

   pbb core

    rewrite ingress tag push dot1ad 1506 symmetric





How PBB works?

Unicast Traffic Forwarding

This scenario discusses the case where traffic received from customer is destined to a unicastdestination MAC address. Below is the profile of traffic considered for this scenario.

                                                                                                                         Table 1

Encapsulation at source (BEB-1)

Customer Edge (CE) node forwards the traffic towards BEB-1. This traffic has source anddestination MAC addresses as 0000.0000.1111 and 0000.0000.2222 respectively.


Page 9: Understanding Basic 802.1ah Provider Backbone Bridge

Traffic is received in Vlan ID 554 (S-VID) on interface GigabitEthernet0/0/0/12.554 which is apart of I-Comp-Dmn.


The I-Component of PBB receives this traffic and looks up forwarding base mapping forcustomer's destination MAC address 0000.0000.2222 .


// Below is BEB-1 configuration. Similar configuration applies to other BEBs.

// B-MAC Configuration



  backbone-source-mac 000a.2500.0001



//I-Component Configuration


bridge group I-Comp-Grp

  bridge-domain I-Comp-Dmn

   interface GigabitEthernet0/0/0/12.554


   pbb edge i-sid 5554 core-bridge B-Comp-Dmn





//B-Component Configuration


bridge group B-Comp-Grp

  bridge-domain B-Comp-Dmn

   interface Bundle-Ether2.1506


   pbb core

    rewrite ingress tag push dot1ad 1506 symmetric





  4. I-Component has an entry for destination MAC address 0000.0000.2222 and it is found to bemapped to ' backbone address a000.7500.0001'. This lookup provides the necessary B-MAC(backbone MAC) needed to build the frame.

   5. I-Component encapsulates customer frame with necessary fields like I-SID, B-SA, B-DA, S-VID etc. and passes it down to B-Component for forwarding. 

   6. B-Component performs a lookup for B-DA and determines the egress interface to forwardtraffic.

// Below is BEB-1 configuration. Similar configuration applies to other BEBs.

Page 10: Understanding Basic 802.1ah Provider Backbone Bridge

// B-MAC Configuration



  backbone-source-mac 000a.2500.0001



//I-Component Configuration


bridge group I-Comp-Grp

  bridge-domain I-Comp-Dmn

   interface GigabitEthernet0/0/0/12.554


   pbb edge i-sid 5554 core-bridge B-Comp-Dmn





//B-Component Configuration


bridge group B-Comp-Grp

  bridge-domain B-Comp-Dmn

   interface Bundle-Ether2.1506


   pbb core

    rewrite ingress tag push dot1ad 1506 symmetric






    7. Destination B-MAC address 'a000.7500.0001' has a loop free path via BE2.1506 which isused to set traffic into core network.

Forwarding traffic in core (BCB-1)

    1. Transit node BCB-1 receives 802.1ah encapsulated frame in its B-Component based on B-VID 1506. It performs the lookup and switches the traffic forward via interface BE11.1506

// Below is BEB-1 configuration. Similar configuration applies to other BEBs.

// B-MAC Configuration



  backbone-source-mac 000a.2500.0001



Page 11: Understanding Basic 802.1ah Provider Backbone Bridge

//I-Component Configuration


bridge group I-Comp-Grp

  bridge-domain I-Comp-Dmn

   interface GigabitEthernet0/0/0/12.554


   pbb edge i-sid 5554 core-bridge B-Comp-Dmn





//B-Component Configuration


bridge group B-Comp-Grp

  bridge-domain B-Comp-Dmn

   interface Bundle-Ether2.1506


   pbb core

    rewrite ingress tag push dot1ad 1506 symmetric





Decapsulation at destination(BEB-2)

   1. Destination BEB-2 receives the traffic. It performs a lookup based on I-SID to determineassociated I-Component/service instance. In this case, lookup provides with 'I-Comp-Dmn'. The802.1ah header is then stripped and traffic is sent to associated service instance. 

   2. A MAC lookup for customer’s destination address 0000.0000.2222 is done to determine theattachment circuit this frame needs to be sent out from. In this case, traffic is forward to customerCE via attachment circuit 'Gi0/0/0/12.554'.

// Below is BEB-1 configuration. Similar configuration applies to other BEBs.

// B-MAC Configuration



  backbone-source-mac 000a.2500.0001



//I-Component Configuration


bridge group I-Comp-Grp

  bridge-domain I-Comp-Dmn

   interface GigabitEthernet0/0/0/12.554


Page 12: Understanding Basic 802.1ah Provider Backbone Bridge

   pbb edge i-sid 5554 core-bridge B-Comp-Dmn





//B-Component Configuration


bridge group B-Comp-Grp

  bridge-domain B-Comp-Dmn

   interface Bundle-Ether2.1506


   pbb core

    rewrite ingress tag push dot1ad 1506 symmetric





802.1ah Encapsulated Packet View (Unicast traffic)

Below is a packet level view of encapsulated customer frame. It has same values/profiles as listedabove in Table 1. Every PBB packet is an encapsulated combination of 802.1q , 802.1ahand 802.1ad. These ether-types can be seen in packet HEX dump.

0x88a8  - 802.1ad

0x88e7  - 802.1ah

0x8100  - 802.1q

Frame 1: 512 bytes on wire (4096 bits), 512 bytes captured (4096 bits)

// Source and destination backbone MACs

Ethernet II, Src: CeragonN_00:00:01 (00:0a:25:00:00:01), Dst: a0:00:75:00:00:01


// MAC addresses in original customer frame are intact in encapsulation.

IEEE 802.1ah, B-VID: 1506, I-SID: 5554, C-Src: 00:00:00_00:11:11 (00:00:00:00:11:11), C-Dst:

00:00:00_00:22:22 (00:00:00:00:22:22)

B-Tag, B-VID: 1506

000. .... .... .... = Priority: 0

...0 .... .... .... = DEI: 0

.... 0101 1110 0010 = ID: 1506

I-Tag, I-SID: 5554

C-Destination: 00:00:00_00:22:22 (00:00:00:00:22:22)

C-Source: 00:00:00_00:11:11 (00:00:00:00:11:11)

Type: 802.1Q Virtual LAN (0x8100)

// S-VID

802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 554

000. .... .... .... = Priority: Best Effort (default) (0)

...0 .... .... .... = CFI: Canonical (0)

.... 0010 0010 1010 = ID: 554

Page 13: Understanding Basic 802.1ah Provider Backbone Bridge

Type: IPv4 (0x0800)


Internet Protocol Version 4, Src:, Dst:

Internet Control Message Protocol

Unknown unicast, multicast & broadcast Traffic Forwarding

Above scenario described a case where ‘I-Comp-Dmn’ bridge domain already had an S-DA to B-DA mapping. Therefore, router already knew which remote BEB to send next frame to before evenit arrived.

Mac Address    Type    Learned from/Filtered on    LC learned Resync Age/Last Change Mapped to 


-------------- ------- --------------------------- ---------- ---------------------- -----------


0000.0000.1111 dynamic Gi0/0/0/12.554              0/0/CPU0   29 Nov 11:16:11        N/A       


0000.0000.2222 dynamic BD id: 24                   0/0/CPU0   29 Nov 11:18:41       


Customer traffic can be multicast, broadcast or unknown unicast. Destination MAC address ofsuch a traffic is not mapped to any particular remote BEB and hence sender/encapsulating BEBdoes not know which remote BEB to send this traffic to. This example uses broadcast traffic in theform of ARP to explain how PBB handles such traffic. For this case, two customer host machinesare considered to have newly joined network in same broadcast domain on different BEBs. Beforethese two machines begin to send any packets, they need to send a broadcast ARP request atdestination MAC address ffff.ffff.ffff to learn each other's MAC addresses. When sourceencapsulating BEB receives an ARP request, it determines by looking at the destination MACaddress of received frame that it is broadcast traffic.

A special group MAC is used for the backbone destination MAC (B-DA) when handling anunknown unicast, multicast or broadcast frame. This backbone group MAC is derived from the I-service instance identifier (ISID) using following rule.

Page 14: Understanding Basic 802.1ah Provider Backbone Bridge

The ARP request is received by ingress BEB, which encapsulates it in an 802.1ah frame withspecial B-DA derived as explained above. This frame is then received by core routers (BCBs).Core BCBs forward this frame to all BEBs using same B-VID (1506). When this encapsulatedframe is received by remote BEBs, they check the I-SID to determine asociated service instancecorresponding to it. Once I-Component (or bridge domain associated with I-SID) is identified, alook up is donw for customer's MAC address to determine the attachment circuit to forward thetraffic out. In below scenario, host is behind BEB-4 and it responds with an ARP reply.Other network devices behind BEB-2 and BEB-3 receive ARP request and ignore.

Page 15: Understanding Basic 802.1ah Provider Backbone Bridge

802.1ah Encapsulated Packet View (Broadcast traffic)

Below is a packet level view of broadcast traffic from CE getting encapsulated using special B-DAadress.

Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)

// Use of special derived B-DA

Ethernet II, Src: CeragonN_00:00:01 (00:0a:25:00:00:01), Dst: Lan/ManS_00:15:b2


Destination: Lan/ManS_00:15:b2 (01:1e:83:00:15:b2)

Source: CeragonN_00:00:01 (00:0a:25:00:00:01)

Type: 802.1ad Provider Bridge (Q-in-Q) (0x88a8)

IEEE 802.1ah, B-VID: 1506, I-SID: 5554, C-Src: 00:00:00_00:11:11 (00:00:00:00:11:11), C-Dst:

Broadcast (ff:ff:ff:ff:ff:ff)

B-Tag, B-VID: 1506

000. .... .... .... = Priority: 0

...0 .... .... .... = DEI: 0

.... 0101 1110 0010 = ID: 1506

I-Tag, I-SID: 5554

C-Destination: Broadcast (ff:ff:ff:ff:ff:ff)

C-Source: 00:00:00_00:11:11 (00:00:00:00:11:11)

Type: 802.1Q Virtual LAN (0x8100)

802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 554

Page 16: Understanding Basic 802.1ah Provider Backbone Bridge

Address Resolution Protocol (request)

Hardware type: Ethernet (1)

Protocol type: IPv4 (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: request (1)

Sender MAC address: 00:00:00_00:11:11 (00:00:00:00:11:11)

Sender IP address:

Target MAC address: 00:00:00_00:12:34 (00:00:00:00:12:34)

Target IP address:


To verify PBB, check participating components i.e. MST, I-Component & B-Component.

1. Status of bridge domains and attachment circuits can be determied using following commandson all the nodes in path. Below verification uses BEB-1 as an example.

RP/0/RSP0/CPU0:BEB-1#show l2vpn bridge group I-Comp-Grp bd-name I-Comp-Dmn

Legend: pp = Partially Programmed.

Bridge group: I-Comp-Grp, bridge-domain: I-Comp-Dmn, id: 17, state: up, ShgId: 0, MSTi: 0

  Type: pbb-edge, I-SID: 5554

  Aging: 300 s, MAC limit: 150, Action: limit, no-flood, Notification: syslog, trap

  Filter MAC addresses: 0

  ACs: 1 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 1 (1 up), VNIs: 0 (0 up)

  List of PBBs:

    PBB Edge, state: up, Static MAC addresses: 0

  List of ACs:

    Gi0/0/0/12.554, state: up, Static MAC addresses: 0

  List of Access PWs:

  List of VFIs:

2. Verify if the customer destination MAC address is learnt in I-Component (I-Comp-Dmn) usingfollowing command.

RP/0/RSP0/CPU0:BEB-1#show l2vpn bridge group I-Comp-Grp bd-name I-Comp-Dmn

Legend: pp = Partially Programmed.

Bridge group: I-Comp-Grp, bridge-domain: I-Comp-Dmn, id: 17, state: up, ShgId: 0, MSTi: 0

  Type: pbb-edge, I-SID: 5554

  Aging: 300 s, MAC limit: 150, Action: limit, no-flood, Notification: syslog, trap

  Filter MAC addresses: 0

  ACs: 1 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 1 (1 up), VNIs: 0 (0 up)

  List of PBBs:

    PBB Edge, state: up, Static MAC addresses: 0

  List of ACs:

    Gi0/0/0/12.554, state: up, Static MAC addresses: 0

  List of Access PWs:

  List of VFIs:

3. Verify if B-Component has forwarding information in its databse for B-DA.

RP/0/RSP0/CPU0:BEB-1#show l2vpn bridge group I-Comp-Grp bd-name I-Comp-Dmn

Legend: pp = Partially Programmed.

Page 17: Understanding Basic 802.1ah Provider Backbone Bridge

Bridge group: I-Comp-Grp, bridge-domain: I-Comp-Dmn, id: 17, state: up, ShgId: 0, MSTi: 0

  Type: pbb-edge, I-SID: 5554

  Aging: 300 s, MAC limit: 150, Action: limit, no-flood, Notification: syslog, trap

  Filter MAC addresses: 0

  ACs: 1 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 1 (1 up), VNIs: 0 (0 up)

  List of PBBs:

    PBB Edge, state: up, Static MAC addresses: 0

  List of ACs:

    Gi0/0/0/12.554, state: up, Static MAC addresses: 0

  List of Access PWs:

  List of VFIs:

4. Verify if MST in the core layer 2 network is stable and confirm there is a loop free path to reachdestination B-DA on nodes in path.