Juniper Networks 10.4 Networkingat Layer 2: Forwarding Dual-TaggedFrames

Theuse of VLAN tagging to group (or bundle) sets of MACaddresses is a start toward

amethod of forwarding LAN traffic based on informationfound in the frame, not on IP

addressin the packet. However,there is a major limitation in trying to build forwarding

tablesbased on VLAN tags. Simply put, there arenot enough VLAN tags.

Twelvebitsonly supply enough space for 4096 unique VLAN tags. This is hardlyenough

forall the LANs on a largecorporate campus, letalone the whole world. A 12-bit tag might

sufficefor the local campus arena, but for the metropolitanarea, comprising a whole

city,more bits are needed.

switches.As a result, Ethernet frames can be switchedacross a metropolitan area, not

justamong the local organizations devices atthe campus level.

Theouter tagdefined in IEEE 802.1ad is often called the VirtualMetropolitan Area Network

(VMAN)tag, a good way to recall the intended scopeof the specification. The outer tag

isplaced after the MAC source address,moving the inner tag backwards in the frame.

Bothtags can be added at the same time by the same device (calleda push/push

operation),changed by a device (a swap operation),or removed by a device one at a

time(pop) or together (pop/pop). Devicescan perform elaborate variations on these

operations(such as pop/swap/push)to accomplish the necessary networking tasks

withthe frames they process.

changedif necessary.

Howdo nested VLAN tags solve the VLAN numbering limitation?Taken together,the

twoVLAN tags can be thought of as providing 24 bits fortagging space: 12 bits at the

outerlevel and 12 bits at the inner level. However,it is important to realize thatthe bits

arenot acted on as if they were all one tag. Evenwhen the tags are nested, bridges on a

providerbackbone will normally only switch on the outer VLAN tag.All in all, the inner