802.1aq is the IEEE-sanctioned link state Ethernet control plane for all IEEE VLANs covered in IEEE 802.1Q. The Shortest Path Bridging virtual local area network identifier (VLAN ID) or Shortest Path Bridging VID (SPBV) provides a capability that is backward compatible with
spanning tree technologies. The SPBM provides additional values that use Provider Backbone Bridge (PBB) capabilities. SPB (the generic term for both) combines an Ethernet data path (either IEEE 802.1Q in the case of SPBV, or PBBs per IEEE 802.1ah in the case of SPBM) with an IS-IS link state control protocol running between Shortest Path bridges (
Network-to-network interface (NNI) links). The link state protocol is used to discover and advertise the network topology and compute SPTs from all bridges in the SPT Region. In SPBM, the backbone MAC (B-MAC) addresses of the participating nodes and also the service membership information for interfaces to non-participating devices (
User–network interface (UNI) ports) is distributed. Topology data is then input to a calculation engine, which computes symmetric shortest path trees based on minimum cost from each participating node to all other participating nodes. In SPBV, these trees provide a shortest path tree where individual
MAC address can be learned and
group address membership can be distributed. In SPBM, the shortest path trees are then used to populate forwarding tables for each participating node's individual B-MAC addresses and for group addresses; Group
multicast trees are subtrees of the default shortest path tree formed by (source, group) pairing. Depending on the topology, several different equal-cost multi-path trees are possible and SPB supports multiple algorithms per IS-IS instance. In SPB as with other link-state-based protocols, the computations are done in a distributed fashion. Each node computes the Ethernet-compliant forwarding behavior independently based on a normally synchronized common view of the network and UNI ports. Ethernet filtering Database (or forwarding) tables are populated locally to independently and deterministically implement its portion of the network forwarding behavior. The two different flavors of data path give rise to two slightly different versions of this protocol. One (SPBM) is intended where complete isolation of many separate instances of client LANs and their associated device MAC addresses is desired, and it therefore uses a full encapsulation (MAC-in-MAC a.k.a. IEEE 802.1ah). The other (SPBV) is intended where such isolation of client device MAC addresses is not necessary, and it reuses only the existing VLAN tag on participating NNI links. Chronologically, SPBV came first, with the project originally being conceived to address scalability and convergence of
MSTP. At the time the specification for PBB was progressing, it became apparent that leveraging both the PBB data plane and a link state control plane would significantly extend Ethernet's capabilities and applications.
Provider Link State Bridging (PLSB) was a straw man proposal brought to the IEEE 802.1aq Shortest Path Bridging Working Group, to provide a concrete example of such a system. As IEEE 802.1aq standardization progressed, some of the detailed mechanisms proposed by
PLSB were replaced by functional equivalents, but all of the key concepts embodied in
PLSB were carried forward into the standard.
Shortest Path Bridging-VID A primary feature of Shortest Path Bridging is the ability to use link-state IS-IS to learn network topology. In SPBV the mechanism used to identify the tree is to use a different Shortest Path VLAN ID (SPVID) for each source bridge. The IS-IS topology is used both to allocate unique SPVIDs and to enable shortest path forwarding for individual and group addresses. Originally targeted for small, low-configuration networks, SPB grew into a larger project encompassing the latest provider control plane for SPBV and harmonizing the concepts of Ethernet's data plane. SPB defines a shortest path
region which is the boundary of the shortest path topology and the rest of the VLAN topology, which may be any number of legacy bridges. SPB operates by learning the SPB-capable bridges and growing the
region to include the SPB-capable bridges that have the same Base VID and MSTID configuration digest (Allocation of VIDs for SPB purposes). SPBV builds shortest-path trees that support loop prevention and optionally support loop mitigation on the SPVID. SPBV still allows learning of Ethernet MAC addresses but it can distribute multicast addresses that can be used to prune the shortest path trees according to the multicast membership either through
Multiple MAC Registration Protocol (MMRP) or directly using IS-IS distribution of multicast membership. SPBV builds shortest-path trees but also interworks with legacy bridges running
Rapid Spanning Tree Protocol and
Multiple Spanning Tree Protocol (MSTP). SPBV uses techniques from MSTP regions to interwork with non-SPT regions, behaving logically as a large distributed bridge as viewed from outside the region. SPBV supports shortest path trees, but SPBV also builds a spanning tree, which is computed from the link state database and uses the Base VID. This means that SPBV can use this traditional spanning tree for computation of the common and internal spanning tree (CIST). The CIST is the default tree used to interwork with other legacy bridges. It also serves as a fallback spanning tree if there are configuration problems with SPBV. SPBV has been designed to manage a moderate number of bridges. SPBV differs from SPBM in that MAC addresses are learned on all bridges that lie on the shortest path, and shared VLAN learning is used since destination MACs may be associated with multiple SPVIDs. SPBV learns all MACs it forwards, even outside the SPBV region.
Shortest Path Bridging-MAC Shortest Path Bridging-MAC (SPBM) reuses the PBB data plane, which does not require that the Backbone Core Bridges (BCB) learn encapsulated client addresses. At the edge of the network, the C-MAC (client) addresses are learned. SPBM is very similar to Provider Link State Bridging (PLSB), using the same data and control planes, but the format and contents of the control messages in PLSB are not compatible. Individual MAC frames of
unicast traffic from an Ethernet-attached device that are received at the SPBM edge are encapsulated in a PBB IEEE 802.1ah header and then traverse the IEEE 802.1aq network unchanged until they are stripped of the encapsulation as they egress back to the non-participating attached network at the far side of the participating network.
Ethernet destination addresses (from UNI port attached devices) perform learning over the logical LAN and are forwarded to the appropriate participating B-MAC address to reach the far-end Ethernet destination. In this manner, Ethernet MAC addresses are never looked up in the core of an IEEE 802.1aq network. When comparing SPBM to PBB, the behavior is almost identical to a PBB IEEE 802.1ah network. PBB does not specify how B-MAC addresses are learned, and PBB may use a spanning tree to control the B-VLAN. In SPBM, the main difference is that B-MAC addresses are distributed or computed in the control plane, eliminating the B-MAC learning in PBB. Also, SPBM ensures that the route followed is the shortest path tree. The forward and reverse paths used for unicast and
multicast traffic in an IEEE 802.1aq network are
symmetric. This symmetry permits IEEE 802.1ag Continuity Fault Management (CFM) to operate unchanged for SPBV and SPBM and has desirable properties with respect to time distribution protocols such as
Precision Time Protocol.
Group address and unknown destination individual frames are optimally transmitted to only members of the same Ethernet service. IEEE 802.1aq supports the creation of thousands of logical Ethernet services in the form of E-LINE, E-LAN or E-TREE constructs, which are formed between non-participating logical ports of the IEEE 802.1aq network. These group address packets are encapsulated with a PBB header, which indicates the source participating address in the SA while the DA indicates the locally significant group address this frame should be forwarded on, and the source bridge where the frame originated. The IEEE 802.1aq multicast forwarding tables are created based on computations such that every bridge that is on the shortest path between a pair of bridges that are members of the same service group will create proper forwarding database (FDB) state to forward or replicate frames it receives to those members of that service group. Since the group address computation produces shortest path trees, there is only ever one copy of a multicast packet on any given link. Since only bridges on the shortest path between participating logical ports create FDB state, the multicast makes efficient use of network resources. The actual group address forwarding operation operates more or less identically to classical Ethernet; the backbone destination address (B-DA)+ backbone VLAN identifier (B-VID) combination is looked up to find the egress set of next hops. The only difference compared with classical Ethernet is that reverse learning is disabled for participating bridge backbone media access control (B-MAC) addresses and is replaced with an ingress check and discard (when the frame arrives on an incoming interface from an unexpected source). Learning is, however, implemented at the edges of the SPBM multicast tree to learn the B-MAC to MAC address relationship for correct individual frame encapsulation in the reverse direction (as packets arrive over the interface). Properly implemented, an IEEE 802.1aq network can support up to 1000 participating bridges and provide tens of thousands of layer-2 E-LAN services to Ethernet devices. This can be done by simply configuring the ports facing the Ethernet devices to indicate they are members of a given service. As new members come and go, the IS-IS protocol will advertise the I-SID membership changes and the computations will grow or shrink the trees in the participating node network as necessary to maintain the efficient multicast property for that service. IEEE 802.1aq has the property that only the point of attachment of a service needs configuration when a new attachment point comes or goes. The trees produced by the computations will automatically be extended or pruned as necessary to maintain connectivity. In some existing implementations, this property is used to automatically (as opposed to through configuration) add or remove attachment points for dual-homed technologies such as rings to maintain optimum packet flow between a nonparticipating ring protocol and the IEEE 802.1aq network by activating a secondary attachment point and deactivating a primary attachment point.
Failure recovery Failure recovery is driven by IS-IS with the link failure being advertised and new computations being performed, resulting in new FDB tables. Since no Ethernet addresses are advertised or known by IS-IS, there is no re-learning required by the SPBM core and its learned encapsulations are unaffected by a transit node or link failure. Link failure detection may be improved using IEEE 802.1ag Continuity Check Protocol (CCP), which tests link status and reports a failure to the IS-IS protocol. This allows much faster failure detection than is possible using the IS-IS hello message loss mechanisms. Both SPBV and SPBM inherit the rapid convergence of a link-state control plane. A special attribute of SPBM is its ability to rebuild multicast trees in a similar time to unicast convergence, because it substitutes computation for signaling. When an SPBM bridge has performed the computations on a topology database, it knows whether it is on the shortest path between a root and one or more leaves of the SPT and can install state accordingly. Convergence is not gated by incremental discovery of a bridge's place on a multicast tree by the use of separate signaling transactions. However, SPBM on a node does not operate completely independently of its peers and enforces agreement on the current network topology with its peers. This very efficient mechanism uses the exchange of a single digest of link state covering the entire network view, and does not need agreement on each path to each root individually. The result is that the volume of messaging exchanged to converge the network is in proportion to the incremental change in topology and not the number of multicast trees in the network. A simple link event that may change many trees is communicated by signaling the link event only; the consequent tree construction is performed by local computation at each node. The addition of a single service access point to a service instance involves only the announcement of the I-SID, regardless of the number of trees. Similarly, the removal of a bridge, which might involve the rebuilding of hundreds to thousands of trees, is signaled only with a few link-state updates. In a
multi-chassis link aggregation group environment, multiple switch chassis appear as a single switch to the SPB control plane, and multiple links between pairs of chassis appear as an aggregate link. In this context, a single link or node failure is not seen by the control plane and is handled locally, potentially resulting in sub-50 ms recovery times.
Animations Three animated GIFs in this section help to show the behavior of 802.1aq. The first of these gifs, shown in Figure 5, demonstrates the routing in a 66-node network where we have created a 7-member E-LAN using ISID 100. In this example, we show the equal cost tree (ECT) created from each member to reach all of the other members. We cycle through each member to show the full set of trees created for this service. We pause at one point to show the symmetry of routing between two of the nodes and emphasize it with a red line. In each case, the source of the tree is highlighted with a small purple V. The second of these animated GIFs, shown in Figure 6, demonstrates 8 ECT paths in the same 66-node network as Figure 4. In each subsequent animated frame, the same source is used (in purple) but a different destination is shown (in yellow). For each frame, all of the shortest paths are shown superimposed between the source and destination. When two shortest paths traverse the same hop, the thickness of the lines being drawn is increased. In addition to the 66-node network, a small multi-level
data center style network is also shown with sources and destinations both within the servers (at the bottom) and from servers to the router layer at the top. This animation helps to show the diversity of the ECT being produced. The last of these animated GIFs, shown in Figure 7, demonstrates source-destination ECT paths using all 16 of the standard algorithms currently defined. Image:802d1aqELAN7 (cropped).gif|Figure 5 - Animated E-LAN example in a 66-node 802.1aq network with 7 members Image:802d1aqECMP (cropped).gif|Figure 6 - Animated ECT example in a 66-node 802.1aq network with 8 ECT Image:802d1aqECMP16 (cropped).gif|Figure 7 - Animated ECT example 36-node 802.1aq network with 16 ECT ==Details==