1、 International Telecommunication Union ITU-T J.213TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2006) SERIES J: CABLE NETWORKS AND TRANSMISSION OF TELEVISION, SOUND PROGRAMME AND OTHER MULTIMEDIA SIGNALS Interactive systems for digital television distribution Layer 2 virtual private networks f
2、or IP cable modem systems ITU-T Recommendation J.213 ITU-T Rec. J.213 (11/2006) i ITU-T Recommendation J.213 Layer 2 virtual private networks for IP cable modem systems Summary ITU-T Recommendation J.213 describes requirements on both CMTSs and CMs in order to implement a DOCSIS layer-2 virtual priv
3、ate network (DOCSIS L2VPN) feature. The L2VPN feature allows cable operators to offer a layer-2 transparent LAN service (TLS) to commercial enterprises. Source ITU-T Recommendation J.213 was approved on 29 November 2006 by ITU-T Study Group 9 (2005-2008) under the ITU-T Recommendation A.8 procedure.
4、 ii ITU-T Rec. J.213 (11/2006) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, oper
5、ating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, p
6、roduce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In
7、this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. i
8、nteroperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not sugges
9、t that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the eviden
10、ce, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may
11、 be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2007 All rights reserved. No part of this publication may be
12、reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. J.213 (11/2006) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 1 4 Abbreviations and acronyms 3 5 Conventions 4 5.1 Requirements 4 5.2 Conformance 4 6 Theory of operation (Informative) 5 6.1 L2VPN
13、 features 5 6.2 CMTS layer-2 forwarding architecture 7 7 L2VPN operation 10 7.1 CMTS bridging model requirements 10 7.2 Configuring L2VPN forwarding 11 7.3 CMTS upstream L2VPN forwarding . 19 7.4 CMTS downstream L2VPN forwarding 20 7.5 L2VPN isolation and privacy . 22 7.6 CM and eSAFE exclusion 24 7
14、.7 L2VPN quality of service. 27 7.8 Stacked 802.1Q tags or tag-in-tag operation 29 7.9 Spanning tree and loop detection . 29 8 Cable modem requirements 30 Annex A CMTS DOCS-L2VPN-MIB requirements 32 A.1 DOCS-L2VPN-MIB conformance. 32 A.2 DOCS-L2VPN-MIB definitions. 35 Annex B Parameter encodings 53
15、B.1 Capabilities. 53 B.2 Downstream unencrypted traffic (DUT) filtering encoding. 53 B.3 L2VPN encoding 54 B.4 Confirmation codes 60 B.5 L2VPN error encoding . 60 B.6 CM interface mask classification criteria. 62 Appendix I Example L2VPN encodings. 63 I.1 Point-to-point example . 63 I.2 Multipoint e
16、xample 67 I.3 Upstream L2VPN classifier example . 72 iv ITU-T Rec. J.213 (11/2006) Page Appendix II IEEE 802.1Q encapsulation 73 Appendix III Embedded VLAN CM bridging model. 74 III.1 IEEE 802.1Q and embedded VLAN model . 75 III.2 Embedded bridge MAC domain service primitives . 76 Appendix IV L2VPN
17、non-compliant CM restrictions 78 IV.1 Leaking through non-compliant CMs 78 Bibliography. 80 ITU-T Rec. J.213 (11/2006) 1 ITU-T Recommendation J.213 Layer 2 virtual private networks for IP cable modem systems 1 Scope This Recommendation describes requirements on both CMTSs and CMs in order to impleme
18、nt a DOCSIS layer-2 virtual private network (DOCSIS L2VPN) feature. The L2VPN feature allows cable operators to offer a layer-2 transparent LAN service (TLS) to commercial enterprises, which is one of the principal goals of the Business Services over DOCSIS (BSoD) initiative. 2 References The follow
19、ing ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recomm
20、endation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not g
21、ive it, as a stand-alone document, the status of a Recommendation. IEEE 802.1Q IEEE Std 802.1Q-2005, Virtual Bridged Local Area Networks. ITU-T J.122 ITU-T Recommendation J.122 (2002), Second-generation transmission systems for interactive cable television services IP cable modems. ITU-T J.125 ITU-T
22、 Recommendation J.125 (2004), Link privacy for cable modem implementations. 3 Definitions This Recommendation defines the following terms and uses those defined in ITU-T J.122. 3.1 bridged network: A set of IEEE 802 LANs interconnected by IEEE 802.1D MAC bridges. 3.2 compliant CM: A CM that implemen
23、ts this DOCSIS L2VPN Recommendation. 3.3 DOCSIS L2PDU: A Packet PDU of a DOCSIS MAC Frame, i.e., the L2PDU following a MAC Header with FC_TYPE=00. This definition means that a MAC Management message with FC_TYPE=11 is not considered to be a DOCSIS L2PDU, even though the form of a MAC Management Mess
24、age Header is the same form as an L2PDU. 3.4 DOCSIS MAC frame: The unit of transmission on the DOCSIS cable RF interface, consisting of a MAC Header and a (possibly null) Data PDU. The FC_TYPE field of MAC Header identifies the Data PDU as either a Packet PDU (FC_TYPE=00), or a MAC-specific PDU (FC_
25、TYPE=11). 3.5 flooding: An operation of an L2 bridge in which it replicates an L2PDU addressed to a group MAC or unlearned individual MAC address to all Bridge Ports other than the L2PDUs ingress port. 3.6 group MAC (GMAC) address: An IEEE 6-byte MAC address with the first transmitted bit (the group
26、 bit) set to “1“, indicating that the address refers to a group of MAC hosts. In the canonical representation of MAC addresses used for Ethernet transmission, the group bit is the least significant bit of the first byte. The all-1s broadcast MAC address is considered to be a GMAC address. 2 ITU-T Re
27、c. J.213 (11/2006) 3.7 individual MAC address: An IEEE 6-byte MAC address with the first transmitted bit (the group bit) set to “0“, indicating that the address refers to a single MAC host. For the Ethernet MAC addresses of DOCSIS, the group bit is the least significant bit of the first byte of the
28、MAC address. 3.8 L2 forwarder: A network element that forwards layer-2 packets from one L2 interface to another L2 interface. A layer-2 forwarder may operate in point-to-point or multipoint forwarding mode, i.e., forwarding between only two interfaces without learning; or multipoint, forwarding unic
29、ast-destined packets only to the interface from which a MAC address was learned. 3.9 L2 interface: A physical interface port or virtual circuit on which an L2PDU is transmitted. Physical L2 interface ports include an Ethernet NSI at a CMTS or the CMCI port at a CM. Virtual circuit L2 interfaces incl
30、ude a CMTS network system interface (NSI) pseudowire (PW) and a CMTS single-CM BPI security association. An L2 interface may or may not have an ifIndex assigned to it. 3.10 L2 virtual private network (L2VPN): A set of LANs and the L2 forwarders between them that enable hosts attached to the LANs to
31、communicate with layer-2 protocol data units (L2PDUs). A single L2VPN forwards L2PDUs based only on the destination MAC (DMAC) address of the L2PDU, transparent to any IP or other layer-3 address. A cable operator administrative domain supports multiple L2VPNs, one for each subscriber enterprise to
32、which transparent LAN service is offered. 3.11 L2VPN identifier: An octet string that uniquely identifies an L2VPN within a cable operator administrative domain, corresponding to a single subscriber enterprise. 3.12 L3 forwarder: A network element that forwards a layer-3 PDU from an ingress interfac
33、e to one or more egress interfaces. Also called a “router“. 3.13 L2 protocol data unit (L2PDU): A sequence of bytes consisting of a destination MAC address (DMAC), source MAC address (SMAC), (optional) tag header(s), EtherType/Length, L2 payload, and CRC. 3.14 learning: An operation of a layer-2 bri
34、dge by which it associates the source MAC (SMAC) address of an incoming L2PDU with the bridge port from which it arrived. 3.15 multipoint L2 forwarding: Operation of an L2 forwarder among multiple L2 networks that forwards individual MAC destined packets only to the interface from which a source MAC
35、 address was learned and that floods group MAC destined packets to all interfaces. 3.16 non-compliant CM: A CM that does not implement this DOCSIS L2VPN Recommendation. 3.17 point-to-point L2 forwarding: Operation of an L2 forwarder between only two L2 networks with no source MAC address learning. 3
36、.18 security association (SA): An association between the CMTS and a set of CMs in a MAC domain that enables encrypted communication between the CMTS and the CM set. A single CM SA is one with a single CM, and enables a private point-to-point L2 Network connection between the CMTS and the CPE LAN of
37、 that CM. A security association descriptor (SA-Descriptor) is a multiple-part message element defined in the DOCSIS baseline privacy ITU-T J.125 that includes a security association ID (SAID). 3.19 security association ID (SAID): A 14-bit identifier that appears in a BPI extended header (BPI-EH) of
38、 a DOCSIS PDU packet to identify the key used to encrypt the packet. 3.20 tag header: A 16-bit tag protocol ID (0x8100) followed by a 16-bit tag control field. The tag control field consists of a 3-bit User Priority field, a 1-bit Canonical Format Indicator, and a 12-bit VLAN ID IEEE 802.1Q. ITU-T R
39、ec. J.213 (11/2006) 3 3.21 transparent LAN service (TLS): A service offering of a cable operator that implements a private L2VPN among the CPE networks of the CMs of a single subscriber enterprise. 3.22 virtual LAN (VLAN): A subset of the LANs of an IEEE 802.1 bridged network to which a VLAN identif
40、ier (VLAN ID) is assigned. An L2VPN may consist of several VLANs, each with different VLAN IDs, and even of VLANs on different IEEE 802.1 bridged networks with the same VLAN ID. 3.23 virtual LAN identifier (VLAN ID): An IEEE 802.1Q VLAN ID is a 12-bit number that identifies a VLAN within an IEEE 802
41、.1 bridged network. An IEEE 802.1ah stacked VLAN ID consists of an outer service 12-bit VLAN ID and an inner customer 12-bit VLAN ID. 3.24 provisioning L2VPN: An L2VPN for the pre-registration traffic of DHCP, TOD, and TFTP that provisions eCMs and eSAFE hosts. May be combined with a management L2VP
42、N. 3.25 management L2VPN: An L2VPN for the post-registration SNMP traffic to eCM or eSAFE devices. May be combined with a provisioning L2VPN. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: BPI Baseline Privacy Interface BSoD Business Services over DOC
43、SIS CMIM CM Interface Mask CRC Cyclic Redundancy Check DIME Downstream IP Multicast Encryption DMAC Destination MAC DUT Downstream Unencrypted Traffic eCM embedded Cable Modem ITU-T J.126 eMTA embedded Media Terminal Adapter ITU-T J.167 ePS embedded Portal Services ITU-T J.192 eSAFE embedded Service
44、/Application Functional Entity b-ITU-T J.126 GMAC Group MAC address L2 Layer 2 L2VPN Layer 2 Virtual Private Network MAC Media Access Control SAID Security Association Identifier SID (Upstream) Service Identifier SMAC Source MAC TLS Transparent LAN Service TOD Time of Day VPN Virtual Private Network
45、 4 ITU-T Rec. J.213 (11/2006) 5 Conventions 5.1 Requirements Throughout this Recommendation, the words that are used to define the significance of particular requirements are capitalized. These words are: MUST This word means that the item is an absolute requirement of this Recommendation. MUST NOT
46、This phrase means that the item is an absolute prohibition of this Recommendation. SHOULD This word means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different cour
47、se. SHOULD NOT This phrase means that there may exist valid reasons in particular circumstances when the listed behaviour is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behaviour described with this label. MAY This
48、word means that this item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because it enhances the product, for example; another vendor may omit the same item. Some normative statements require a CM or CMTS to silently ignore a condition wh
49、ich may be defined in future Recommendations. A requirement to silently ignore a condition means that the CM or CMTS: MAY increment a vendor-specific statistic; MUST NOT generate a log message; and MUST otherwise ignore the condition and continue operation as if the condition did not occur. 5.2 Conformance A DOCSIS CMTS that claims to implement the DOCSIS L2VPN feature MUST implement the normative provisions of this Recommendation. A DOCSIS CM that claims conformance for DOCSIS L2VPN feature MUST implement the normative requirements of this Recommen
