SPBM Fundamentals and Testing: Baystack PV

Baystack PV
SPBM
Fundamentals and testing
Ionut Orbesteanu
Luxoft Professional Romania
Purpose of this presentation
• To introduce SPBM as a method of network virtualization and
possible advantages over the traditional enterprise network
model.
• Describe the mechanisms on which SPBM relies: IS-IS, L2-

VSNs, the various new VLAN and interface types, MAC-in-
MAC encapsulation, and CFM.
• Describe the way customer traffic (unicast, unknown unicast,

multicast and broadcast) is handled in the SPBM cloud.
• Provide guidelines into the configuration of SPBM in the test

environment and on what roles different Avaya platforms can
have in the SPBM network.
• Provide some information on the tools used to test SPBM,

and common trouble areas.

Related subjects to be covered in
future presentations
•SPB L3VSNs and GRT Shortcuts(currently not supported on

either ERS4800 and VSP7K)
•Avaya Fabric Attach
•SPBM with SMLT(SMLT is supported on VSP7k release 10.3, on

UNIs only).
•SPBM with constrained multicast (to be introduced in the near

future on VSP7k and ERS4800).

The enterprise network model
• In a Layer 2 only environment, VLANs have to span the entire

network (including the core). Spanning tree needs to be used
to avoid loops in the network and prevent broadcast storms.
• Spanning tree is very slow to converge and difficult to

configure.
• Spanning tree blocks various links through the network,

leaving only one path or “tree” between all nodes, preventing
loops but losing a lot of bandwidth.
• All client MAC addresses need to be learned in all of the

network.
• To avoid the disadvantages of spanning tree, the enterprise

or “layered” model is used, where L2 VLANs terminate in the
access layer, and Layer 3 protocols are used in the
distribution to route traffic towards and through the core.
The enterprise network model

The layered model
• The layered model uses three levels, access, distribution and

core, and the user traffic is aggregated from the clients up to
the core where it is forwarded towards the destination nodes.
The routing is handled by powerful routing protocols like
OSPF, and re-convergence in case of link/node failure is fast.
• Protocols like OSPF do not block links, and other features like
ECMP can be used for efficient bandwidth usage.
• Modern multilayer switches install L3 information in hardware

so that when traffic needs to be routed, it is done at “wire-
speed”, same as L2 traffic. The devices CPU is only used
when new L3 information is discovered and processed.

Disadvantages of the layered model
• Tedious configuration process. In addition to per-node

protocol configurations (OSPF system-id/area etc.), VLANs
and L3 VLAN interfaces or Brouter ports need to be
configured, then enabled for OSPF, IP addressing, interfaces
added into VLANs and so on.
• All this work provides lots of potential for human error.
• Every additional protocol adds complexity and overhead to

the network.
• Whenever a new service (VLAN) needs to be added, the VLAN

has to be extended on all access switches up to the
distribution layer, where IP addressing and OSPF
configurations are made.

Why SPBM?
• In contrast, SPBM reduces the network core to a single

Ethernet base link-state protocol, eliminating the need for the
overlay protocols found in the layered model.
• Once the SPBM infrastructure is created, additional services

(such as VLAN extensions) are created by configuring the
end-points only. Once a service, or I-SID (individual service
identifier) is created on two edge devices, a path is
immediately generated between the two nodes through the
SPBM core.
• All nodes in between are automatically provisioned by the

powerful IS-IS link-state protocol.
• The configuration steps for IS-IS are straightforward and

easy, as is adding new services.

What is SPB (802.1aq)?
• The functionality behind Avaya’s implementation of SPB is

described in IEEE 802.1aq standard. The standard is
purposed to “allow for true shortest path forwarding in a
mesh Ethernet network context utilizing multiple equal cost
paths. This permits it to support much larger Layer 2
topologies, with faster convergence, and vastly improved use
of the mesh topology”
• SPB does this by combining single point provisioning with a

high speed modified version of IS-IS.
• The protocol was designed as a replacement for STP/MSTP,

but also to provide for much larger L2 topologies and also
faster convergence times and better use of bandwidth
through load balancing.

SPBM network example

SPBM Mechanics
To achieve these ends, SPBM as used by Avaya uses two mechanisms: MAC-in-
MAC encapsulation and IS-IS:
•IS-IS is a robust link-state protocol. With SPBM, it is used by each node in the
network to discover a path to each other node. It is then used to discover where
certain services are configured.
•The concept of MAC-in-MAC encapsulation(described in IEEE 802.1ah)

separates client MAC addresses(C-MAC) from the “backbone” MAC-addresses
used by the nodes in the SPBM cloud. The encapsulation is done only at the edge
of the SPBM cloud, where the traditional L2 network meets the SPBM model. Each
edge node encapsulates the customer packet (including source/destination mac-
address) with a backbone source/destination mac-address, or B-MAC. When the
packet reaches the destination edge-node(or nodes in case of broadcast traffic), it
is then de-capsulated and forwarded to the receiving client in the same manner as
it would in a traditional network.

SPBM Node Types
• Two types of nodes need to be defined:

 Backbone edge Bridge (BEBs)
 Backbone core Bridge (BCBs)
• BEBs terminate the SPBM cloud, at this node is where I-SIDs

are configured and discovered.
• BCBs are the nodes in the SPBM cloud, they do not learn
customer mac-addresses (the standard L2 address, in a
SPBM deployment are known as C-MACs). BCBs only forward
IS-IS updates, as well as encapsulated traffic to other nodes,
based only on source and destination B-MAC header. These
nodes however “discover” I-SIDs, in order to compute
multicast trees to forward multicast/broadcast traffic(this will
be detailed later).

SPBM interface types
In current SPBM deployments, three types of interfaces are used:

 User Network Interfaces (UNIs)
 Network to Network Interfaces (NNIs)
 Switched-UNI Interfaces
 Transparent UNI
•User Network Interfaces exist only on BEBs. These interfaces are

members of the customer VLANs. It is where clients(PCs, servers,
phones etc.) are connected.
•Network to Network Interfaces are where other SPBM nodes are
connected. These interfaces should only be part of backbone
VLANs(described later), and cannot be added to customer VLANs. IS-
IS forms adjacencies over the NNIs
•Switched-UNIs are a special association between a SPB-Switched
type VLAN, an I-SID number and a port(to be described later in this
presentation).

SPBM VLAN Types
• Customer VLAN(C-VLAN) – this type of VLANs are configured

only on edge nodes. The C-VLAN is a port type VLAN with an
associated I-SID number. Ports added to this VLAN are called
UNIs (user network interface). Customer MAC-addresses(C-
MACs) are learned on these VLANs.
• Backbone VLANs(B-VLANs) – this is a “spbm-bvlan” type

VLAN that is used solely by SPBM for ISIS traffic and
encapsulated user traffic. Only two B-VLANs can be
configured per node. When ISIS is configured on an
interface(thereby creating a network to network interface or
NNI), that port is added to both B-VLANs and all traffic sent
on the port will be tagged with the B-VID. All encapsulated
traffic will use Bridge MAC Addresses (B-MACs).

SPBM over IS-IS
• The infrastructure on which SPBM runs is created with a
modified version of the link-state protocol called
“Intermediate System to Intermediate System” or IS-IS.
• IS-IS in this case runs on a pure L2 environment, and special
TLVs have been devised to suit this specific feature.
• With SPBM IS-IS, each particular node is identified by its
system-id and node nick-name. Once configured, the sys-id
doubles as B-MAC for that node.
• When IS-IS is configured and enabled on interfaces,

adjacencies are brought up between all connected nodes.
Then, each node computes the shortest path to reach each
other node in the SPBM network, using the SPF algorithm.
After this is done, the infrastructure for SPBM is set.
• Every time a service(or i-sid) is created at two edge points,

link-state updates are generated by IS-IS, and paths are
generated between all nodes with the same service.
SPBM over IS-IS
• After the infrastructure is created, services, or I-SIDs as called in

a SPBM network can be added at the BEB nodes. When a
service is added, this information is propagated by IS-IS through
the core to all nodes. When two identical I-SIDs appear on two
separate edge nodes, a path is quickly computed by each node
for that I-SID.
• When traffic needs to be forwarded through the SPBM cloud, the

source edge node will encapsulate it with its own B-MAC, and
the destination B-MAC for the node it must reach. Every other
core node that will receive this encapsulated packet will forward
it solely on the information contained in the new SPBM
header(destination B-MAC), so the SPBM core is “transparent”
to all services that run on top of it.

Customer traffic through the cloud
• SPBM cloud handles the various types of traffic differently.

Unicast traffic is forwarded between two nodes only. When
Customer traffic from across the cloud is received on a NNI
port, the BEB will de-capsulate the packet and associate the
remote C-MAC with the I-SID and the source B-MAC. Unicast
traffic for the remote C-MAC will be forwarded in the SPBM
cloud only to the associated B-MAC.
• Broadcast and Unknown-Unicast traffic are handled the same

way. When SPBM nodes discover I-SIDs, they generate
multicast trees to all nodes that have that particular service
identifier configured. Broadcast and U-Ucast traffic on any
BEB will be forwarded only to the other two BEBs that have
the specific I-SID configured.

Customer traffic through the cloud
• As of releases 5.8 and 10.3, no specific treatment of multicast

traffic is installed. Multicast traffic is treated the same as
broadcast and U-Ucast traffic. In the future, a SPBM specific
mechanism will be added to forward multicast traffic only to
nodes where subscribers exist; this mechanism will not rely
on existing protocols, such as PIM. For this presentation we
will treat multicast traffic the same as broadcast/ u-ucast.
This concludes the brief introduction to SPBM, the presentation

will now provide a more in dept view to SPBM functionality.

IS-IS Overview
• IS-IS is a link-state routing protocol, similar to OSPF,

designed by ISO(International Organization for
Standardization).
• Like OSPF, it uses the shortest path first algorithm(or SPF)

for route calculation.
• Unlike OSPF, it runs on top of the OSI suite instead of the

TCP/IP stack. Because of this, it can run directly in L2 and
does not need L3 addressing for topology calculations.
• For the purpose of brevity, this presentation will detail only

IS-IS functionality as designed for SPBM, instead of
describing the full protocol.

IS-IS Overview
IS-IS terms:
• IS- intermediate system, similar to router in OSPF, is the node

that generates link-states updates.
• Area - tipicaly a division unit in a routing domain(an OSPF

network for instance). In a SPB deployment, a single manual
area can be configured, and must be the same for all devices
in the SPB cloud.
• Designated IS- same as Designated Router in OSPF. A special

point must be made here, SPBM in the current deployment
does not support broadcast interfaces, so no Designated IS
can be elected. Only point-to-point interfaces are supported.

IS-IS Overview
• Network Service Access Point (NSAP) - NSAP is the ISO

network layer address. It identifies an abstract network
service access point and describes the network address in
the ISO reference model.
• Link State Database (LSDB) - All link states in the network

form the LSDB. LSDBs are created at each node. IS-IS uses
SPF algorithm and the LSDB to generate its own routes.
• Link State Packet (LSP) – Like with OSPF, each IS can

generate a LSP which contains all the link state information
known to the IS. Each IS collects all the LSPs in the local area
to generate its own LSDB.

IS-IS Overview
• IS-IS uses a system of levels to determine which
routers can establish adjacencies with each
other.
• Level 1 routers only establish adjacencies with

other L1 routers and with L1/2 routers. L1 routers
are analogous to OSPF stub routers. A sequence
of L1 routers define an area.
• L1/2 routers establish adjacencies with L1 and

L2(analogous to ABRs in OSPF).
• L2 routers only establish adjacency with L2 and

L1/2. A collection of L2 routers is similar to Area
0, or the OSPF backbone.
• The most important note here is that SPBM IS-IS

currently supports only Level 1 routers . Only one
area can be used, and must be the same for all
nodes.
Addressing in IS-IS
• Since IS-IS works on the OSI layer, it uses NSAP (Network

Service Access Point) addressing instead of IP addresses to
communicate between routers.
• NSAP is the addressing standard for Connectionless Network

Protocol (CLNP). This address must be configured on all the
nodes in the network. However it is not configured directly, it
is generated by appending the area value to the system-id.
SEL(protocol identifier) value is always “00” for IS-IS.

IS-IS Addressing using NSAP
The IS-IS NSAP consist s of three parts:

Manual Area - The manual area or area address is
anywhere from 1 to 13 bytes long. The next bytes are the
assigned domain (area) identifier, which is up to 12
bytes. The manual area is configured by the user and
must be the same on all devices in the SPB network.

SEL (or NSEL) -The last byte (00) is the n-selector. This
part is automatically attached as there is no user input
accepted.

System ID - The system ID is manually configured by the
user. It is 6 bytes long(same as a MAC address), and
must be unique to the each node in the SPBM network.
The system ID is used as the nodes B-MAC. All
encapsulated traffic in the SPBM backbone will use
nodes system-ids for source/destination addressing.
IS-IS Packet Types
• IS-IS Hello Packets- same as with OSPF, the hello packets are
used to discover neighbor IS-IS nodes. These packets are
used to initialize adjacencies between nodes.
• LSPs- Link State Packets are used to exchange information

about link-states, router states and services. The nodes
exchange information by flooding these LSPs in the SPBM
cloud. The LSPs are stored in the LSDB(link-state database)
and are used by the SPF algorithm to compute the shortest
path between nodes. Same as with OSPF, the LSDB must be
the same across all the nodes in the network.
• CSNP- Complete Sequence Number Packets, contains the
most recent sequence of numbers of LSPs in the LSDB of one
node, and is periodically flooded in the network.
• PSNP- Nodes may receive CSNPs and discover they are
missing some link-state packets, in which case they generate
Partial Sequence Number Packets- requests for missing
LSPs.
IS-IS Hello Packet
• Used to discover neighbor SPBM nodes
• Source-ID – The B-MAC(or System-ID) of the node
• Holding time –if no hello packet is received from

the neighbor within this interval, the adjacency
is disabled. The holding time is calculated by
multiplying the hello-interval timer with the
hello multiplier, both parameters are configurable.
• IS-IS control traffic is sent to an “All L1 Bridges”

multicast mac-address 09-00-2B-00-00-05.

IS-IS Link-state Packet
• Used to communicate information in the

SPBM cloud.
• The sequence number is used to track the

link-state information in the LSDB.
• LSPDBOL- the overload bit. If this is set in a

LSP packet, it indicates that the node
generating this packet has its LSDB
overloaded, and that the node should not be
used in the path calculations of other
nodes.

IS-IS Network Types
• Broadcast network – similar to the OSPF networks where

multiple routers are connected on a single segment (i.e.
through a switch), and where a DR/BDR(DIS in the case of IS-
IS) election occurs. This type of network is not supported with
SPBM.
• Point-to-Point network- this is the type of network used with

SPBM.
 Each node declares another reachable when a hello
packet is received.
 After hello packets are exchanged a CSNP is generated to
trigger synchronization between the two LSDBs.
 LSPs are used to forward information between the two
nodes.
 PSNPs may be used to request information on missing
LSPs.

Other IS-IS Parameters
• ISIS system name – a useful but not mandatory parameter

that can be configured for IS-IS. The system name acts like a
“nick-name” that can be used for quickly identifying the node
in adjacency/topology outputs and other databases or
outputs. The system name can also be used with Connectivity
Fault Management (CFM) for connectivity testing
(L2ping/traceroute etc.) It is recommended to set an individual
system name to each node. By default, the hardware platform
name is used (i.e. 4850GTS)
• Metric type– for setting the IS-IS metric type. Only wide metric
can be used.
• IS-type – node ISIS level. Cannot be modified, SPBM nodes
are Level 1 only.
• Manual Area- A single area can be configured, must be the
same on all nodes in the network.

IS-IS interfaces parameters
• Authentication – MD5 and simple authentication keys can be

used in hello packets, in the same way as with OSPF. The
authentication must be configured on both ends of a link
between two nodes or the adjacency does not form.
• Link cost can be configured on IS-IS interfaces (or NNIs). This

cost is then used by the SPF algorithm in path computations.
Link cost does not vary automatically with interface type (as it
does for OSPF Brouter interfaces), and the default value is 10.
• ISIS hello-interval/multiplier for configuring how often a hello

packet is expected on the interface. The “dead neighbor”
timer is the multiplier times interval value. The same value for
both parameters should be configured on both ends of the
link, though this is not mandatory.

SPBM Configurations
• Though SPBM runs over IS-IS, the configuration procedure

requires that SPBM parameters be configured prior to
enabling IS-IS. This section will detail SPBM parameters that
are configured on each node
• The SPBM instance – must be the same on all the nodes in

the SPBM core.
• SPBM nick-name – mandatory, the SPBM system nickname

(x.xx.xx, hex) must be unique to each node in the SPBM
network. It is used in the unicast/multicast FIBs(forward
information base), as well as in multicast/broadcast traffic
forwarding in the SPB core.

SPBM Configurations
• SPBM B-VLANs – One or two SPBM-bvlan type

VLANs(described in following slides) can be configured.
Configuring two B-VLANs is recommended for load
balancing. The same B-VLANs have to be used in all the
SPBM cloud. If both are configured, the primary one must be
specified. All control information (IS-IS packets) are sent on
the primary.
• SPBM Ethertype - Ethertype used for SPBM packets, must be

same on all nodes.

SPBM Configurations
The sequence for configuring SPBM is the following:
•Boot the stack or standalone in SPBM operational mode; When SPBM is

enabled on the device, it needs to reboot before any further SPBM/ISIS
configurations can be made.
•Create any MLTs/DMLTs/LAGs before configuring IS-IS.
•Create B-VLANs and the SPBM instance. Specify the primary B-VLANs.
•Create the NNIs by configuring ISIS on the interfaces and optional

authentication.
•Configure the IS-IS system-id and optional sys-name(recommended).
•Enable IS-IS globally.

SPBM Configuration Example
Have the following topology. The configuration example is for B1:



At this point the SPBM/IS-IS configuration is complete. If IS-IS hellos are received on
the NNIs the device will start establishing adjacencies. The user can now start
configuring C-VLANs by associating existing VLANs with individual service
identifiers (or I-SIDs).

The IS-IS adjacency table
If hellos are exchanged on NNIs and no issues are present (no

authentication mismatch or duplicate system-id), adjacencies are
established between devices;
This can be verified with the “show isis adjacencies” command.

The IS-IS unicast FIB
Once adjacencies are up, nodes will start discovering the other SPBM devices in
the cloud. The “show isis SPBM unicast-fib” command will display the discovered
nodes in the topology:

The IS-IS unicast FIB
Notice that all nodes discovered in the network have an entry for each of the two
backbone VLANs.
The discovered SPBM nodes can also be seen in the LSDB:

SPBM L2-VSNs
Once the IS-IS infrastructure is up and running, services can be

configured and distributed along the SPBM core. The individual
service identifier, or I-SID, is a number between 1 and 16777214
used to uniquely identify a “service” in the SPBM core. There are
several ways these services can be configured:
C-VLANs and UNIs
Switched type VLANs and switched-UNIs
Transparent UNIs (Transparent UNIs are not available on

ERS4800 as of release 5.8 but can be configured on VSP7K).
Once an I-SID appears on two devices, paths are generated

automatically between the two or more nodes.

The C-VLAN and UNI
This is the most common type of configuration. A Customer

VLAN is created by associating a port type VLAN with a service
identifier with one of the two commands:
#vlan i-sid <vid> <i-sid>
#i-sid <i-sid> vlan <vid>
Once these configurations are made a C-VLAN is configured, and

all ports added to it become UNIs. Traffic received on UNIs is
placed automatically on the single associated I-SID and
forwarded to other nodes that have this service configured*.
Configured VLANs can be seen with the following commands

#show i-sid
#show vlan i-sid
#show isis spb i-sid configured

Switched-VLAN and Switched-UNI
Another type of interface is the switched-UNI. A switched-UNI

interface allows the association of a VLAN and I-SID to a specific
port.
Switched-UNI interfaces are connected to non-SPBM capable

network devices, instead of hosts.
Switched UNI interfaces always receive tagged traffic.

Switched-VLAN and Switched-UNI
The user must first create switched-type VLANs.

#vlan create <vid> type SPBM-switched
To create a switched-UNI the following command is used:

#i-sid <i-sid> vlan <vid> port <pid>
Configuration example:
The user creates VLAN 201-202, switched type VLANs. Then he

creates two switched-UNIs on the same port. Traffic tagged with
VID 201 on port 2/15 will be sent to I-SID 11201, and traffic tagged
with VID 202 will be sent to I-SID 12202.
To see the configured switched-UNIs, use the “show i-sid”

command:

SPBM Transparent UNI
The third type of interface is the SPBM transparent UNI. All
traffic, tagged or untagged, received on a transparent UNI is sent
in the single associated I-SID. There are some rules regarding
the configuration of transparent UNIs:
The I-SID used must not be associated with other C-VLANs or
Switched-UNIs.
The port to be used must not be member of any VLANs or active
STGs.
Control traffic (LLDP, BPDUs etc.) received on transparent UNIs
are forwarded directly in the I-SID and is not sent to the CPU.
To configure a transparent UNI the following command is used:
#i-sid <i-sid> port <pid>
To display configured transparent UNIs use the command:
#show i-sid

SPBM Topology/interfaces example

I-SID discovery
The type of UNIs used is relevant only on the BEB nodes; the
interface type describes how traffic received from hosts and non-
spbm devices is handled and on what I-SIDs it is placed on. Past
the edge bridge, only I-SID information is distributed in the SPBM
cloud. The I-SID information is propagated in the IS-IS network
through IS-IS LSPs(the I-SID information is carried in TLV 144).
This information is then used by the BEBs and BCBs in the

SPBM “cloud” to forward encapsulated customer traffic to the
nodes that have that particular service configured.

I-SID configuration/discovery
In this example, the IS-

IS network is already
configured, and all
adjacencies are up.

I-SID configuration/discovery
The user wants Client A

to communicate with
Client C and Client B
with Client D.
All the user needs to do

is to configure the
corresponding VLANs
and I-SIDs on both ends
to achieve connectivity.

I-SID configuration example
With the IS-IS infrastructure configured the user simply has to
provision the end-points, that is, to configure the VSNs and add
the client ports to these VLANs to achieve client connectivity.

I-SID Discovery
After these configuration steps, connectivity is achieved
between the desired clients; There are several ways of displaying
the discovered services:
#show isis spbm i-sid <all/discover>
#show isis spbm multicast-fib <i-sid[i-sid]>

MAC-in-MAC Encapsulation
Apart from IS-IS that builds the transparent infrastructure over

which SPBM operates, as well as propagate I-SID information,
the other major component is MAC-in-MAC encapsulation. All
customer traffic that is received on a UNI is encapsulated with a
new header, comprised of the source and destination Backbone
MAC(B-MAC) addresses of the appropriate nodes where this
traffic is intended to arrive.
As in all networks, there are four types of customer traffic:
•Known unicast traffic

•Unknown unicast traffic (u-ucast)
•Broadcast traffic (b-cast)
•Multicast traffic
The following slides will address how these different types of

traffic are handled in the SPBM core, and describe MAC-in-MAC
encapsulation in detail.
MAC-in-MAC Encapsulation
The type of customer traffic determines the way it is

encapsulated in the SPBM core; All customer traffic received on
an UNI, that is intended for a remote node, is encapsulated with a
source/destination Backbone-MAC header.
•The source B-MAC is always the originating BEBs system-ID.
•For unicast traffic, the destination B-MAC is the BEB where the
destination C-MAC is located. Unicast encapsulated traffic is
forwarded using the unicast-fib.
•For multicast/broadcast/u-ucast traffic, a specially constructed

multicast address is used. Multicast encapsulated traffic is
forwarded using the multicast-fib, which contains the multicast
addresses and associated outward interfaces.

The Unicast tree
Each node in the IS-IS network discovers every other node and computes the
unicast-tree, the shortest path from every node to itself:
Each node will know where else in the network a particular I-SID is configured. It
will then use the unicast tree and the discovered i-sid information to compute the
multicast-fib, a database that associates an i-sid specific multicast address that
points to any other node that has that i-sid.

The SPBM multicast address
For every I-SID/Node pair, a multicast address is generated by the following

formula:
In the previous topology, node B1 has:

-SPBM nickname 1.05.01
-one of the I-SIDs is 13501 (hex:34BD)
For this pair, the combination will be:
13:05:01:00:34:BD

The Multicast-FIB(continued)
When B1 discovers that B2, and V2 have also configured i-sid 13501, it will update
the multicast FIB entry for the remote node/I-SID pair:
•It will calculate the multicast b-mac for B2/i-sid 13501 and V2/i-sid 13501. It will
then add entries in its multicast FIB using these addresses, pointing to all UNIs in
the VLAN associated with i-sid 13501.
•It will calculate the m-cast address for itself and i-sid 13501. This address is
attached to an entry pointing to the outbound NNIs.

The Multicast-FIB
B1 is now ready to handle multicast traffic received on its UNI or on either NNIs.
When each node needs to send out multicast traffic in the SPBM cloud, it
encapsulates it using the multicast address generated for its own node/i-sid pair.
Traffic received on its UNI will be forwarded out on both NNIs to B2 and V2,
encapsulated with the multicast B-MAC DA.

The Multicast-FIB
Edge nodes B2 and V2 generate their own multicast table:
Notice that node B2 has two UNIs associated with i-sid 13501. Both entries are
present in the multicast table, because multicast traffic received on a UNI is
forwarded both on the i-sid as well as on other associate UNIs.
The Multicast-FIB
All BCBs in between the edge nodes generate their own multicast fibs to handle
broadcast encapsulated traffic received from BEBs:
PP1 multicast-fib :
PP2 multicast-fib :

Encapsulated broadcast traffic in the
SPBM cloud
Whenever a BEB receives unknown/broadcast/multicast customer traffic on one
of its UNIs, it encapsulates it with its own B-MAC-SA, and its own derived
multicast address as B-MAC-DA.

Broadcast traffic on BCB nodes
Whenever the encapsulated traffic is received on each BCB, it is forwarded out

the appropriate interface according to each intermediate nodes multicast-fib.

Broadcast traffic on BCB nodes
All broadcast/unknown unicast and multicast traffic is forwarded using these

multicast B-MAC addresses and the multicast-trees computed by each node.
There is a single path that a multicast stream can take throughout the network, so
broadcast traffic is not looped around the SPBM cloud.
All traffic originated at the edge is broadcasted at first. In the case of unknown
unicast traffic however, if the destination customer MAC-address is discovered by
the originating edge bridge, that stream will no longer be broadcast to all nodes
that have the i-sid configured, and will be sent to the specific end node only.

Unicast traffic in the SPBM network
In this demonstration, client A,C,D

and E are all in C-VLAN 1501. Client
A sends a traffic stream to Client C;
Edge bridge B1 does not know the
customer MAC address of client C,
so it encapsulates the traffic with
the multicast MAC-DA for I-SID
13501. This traffic is then
forwarded to all nodes in the
multicast-fib.

Edge bridge B2 receives the

multicast stream. The traffic is de-
capsulated and sent to client C.
It also records that Client A C-MAC

is located on I-SID 13501, and at
node B1(identified by its B-MAC).
If Client C responds, the traffic is
encapsulated with nodes B1
unicast B-MAC.

When edge bridge B1 receives traffic
from B2, it decapsulates and forwards
the packets to Client A. It also records
that Client C customer MAC-address
is on I-SID 13501 at node B2.
If anymore traffic needs to be sent to Client C, this traffic is now known unicast, and
will be forwarded only to B2. The specific destination node B-MAC address will be
used to encapsulate the packet. All BCB nodes in between will use the unicast-FIB to
forward the packet. For example, on PP1:
Note that each node in the unicast-FIB is

learned on both B-VLANs. However,
depending on the service number, it will be
encapsulated with a single B-VID.
Load balancing
In the above output you can notice that one I-SID is allocated on
the primary B-VID, and the other I-SID on the secondary. This is
SPBM mechanism for load balancing on equal cost paths.

Load balancing
In this output the outgoing interfaces are displayed. Load balancing

in SPBM is done by sending all traffic in odd numbered I-SIDs on
the primary B-VID, and all traffic in even numbered I-SIDs on the
secondary. The primary B-VID always uses one of the two equal
cost links and the secondary the other. If only one link is available,
or if the preferred route(lower cost) is on one link, all traffic will be
sent on that link.
Platform roles in the SPBM network
In the current software releases (5.8 and 10.3), different hardware platforms can
perform different roles in the SPBM network.
ERS4800 units can only act as BEB(send UNI-NNI/NNI-UNI traffic) devices. This
platform cannot forward NNI-to-NNI traffic*
VSP7K can act as both BCB and BEB nodes.
PP8000 platforms can be used as both BCB and BEB nodes.
To deny the forwarding of NNI-NNI traffic on ERS4800, the overload bit feature is
used.

The overload bit
The overload bit is a field in all LSPs/hello packets that when set, indicates that
the generating nodes LSDB is overloaded, and is only to receive traffic that it is
destined to. That means that this node cannot be used to transit traffic destined
for other nodes.
The ERS4800, as of 5.8, cannot be used as a BCB node because of hardware

limitations. All packets generated by this platform will have the overload bit set,
and this setting cannot be disabled.
Consider the following example; two VSP7k nodes are connected via an ERS4800
device:
•In this case, the ERS4800 will establish adjacency with both VSP7Ks
•Each VSP7K will receive LSPs from the ERS4800 node notifying each other about
the other VSP. The LSPs are stored in each VSPs LSDB; however, the LSPs have
the overload bit set.
•Because the overload is set, the VSPs do not use ERS4800 as a transit nodes in
the unicast-fib, so the two VSPs cannot send traffic to each other.

CFM
Connectivity Fault Manager is a feature used to test connectivity between nodes

in the SPBM cloud, or to trace paths to nodes where specific services are located;
it has three components:
•L2Ping – the equivalent of L3 ICMP, it can be used to see if a node in the SPBM
cloud, specified by system-id(B-MAC) or system name, is alive and reachable.
•L2Traceroute – same as traceroute, can be used to trace a remote node, also

indicating all intermediary nodes.
•L2Tracetree – this tool is used to generate a path from the originating node to all
other nodes in the network that have a particular service(i-sid) configured.

CFM
CFM has three configurable parameters:
Global state enable/disable
MEP ID – Maintenance end point ID, by default 1.
Level – a level is a segment in a network typically operated and maintained by a

single authority. In order for CFM to work, the same level needs to be configured
on all devices. Default level is 4.
The last two parameters should be left at default values(they do not have
application in current deployments).

CFM Examples
Refer to the previous topology:

L2 Ping / Traceroute example
To use CFM, simply enable the feature globally. The device must be in SPBM
enabled state:
CFM must be enabled on both source/end nodes.

L2 ping example:

L2 Ping / Traceroute example
L2 Traceroute displays all transit nodes to a specific remote node
By specifying the other B-VLAN with traceroute in the second command we can
see that load balancing is being done by B1.

L2 Tracetree Example
L2 Tracetree displays the path to nodes where a specific service is configured:

Testing tools
The SPBM/ISIS infrastructure is transparent to the users that are connected, so

the usual testing tools can be used to generate traffic or simulate hosts, services,
servers and so on in the SPBM network:
•Ixia IXExplorer for user traffic or to simulate clients.
•Ixia IXAuthenticate to simulate EAPOL clients in C-VLANs.
•Ixia IXLoad to simulate clients/services/customer traffic
In addition to these tools, IXNetwork can be used to simulate high numbers of IS-
IS nodes and I-SIDs. IXNetwork is very useful for scaling tests.

Simulating IS-IS routers with
IXNetwork
With IXNetwork release 6.30 and above it is possible to simulate IS-IS nodes/I-
SIDs. The tester can configure an Ixia interface to simulate a BCB node and
establish adjacency with an Avaya SPBM stack. The software also permits
simulating a SPBM cloud behind the BCB, in order to inject a high number of
nodes and i-sids in the DUTs FIBs/LSDBs. The following slides will present the
configuration procedure.

IXNetwork configuration
The first step is to add an ixia chassis/interface in IXNetwork

In the protocols tab, enable IS-IS L2/L3 protocol on the interface.

In the protocol interfaces tab, use the SPB ISIS wizard to configure the interface

When the wizard starts, select core side

in the first tab.
• In the next screen, enable interface

tagging, use the primary B-VLAN, no
increment.
• Set the maximum area address to 0(it will
be auto-detected).
• Set the base VID per bridge to 2.
• The start Base VID is the primary B-VLAN,
in this case 1000.
• Set Base VID increment to 1.
• Skip the next screen
• In screen 4 we configure the topology behind our

simulated core node.
• In this example, select a single row and 10

columns(the number of simulated nodes is rows_nr x
columns_nr).
• Configure the B-VLAN information same as before.
• In this example we also add 2 i-sids per b-vid. Also

change transmission type to multicast.
• Skip screen 5, in screen 6 select overwrite existing

configuration.

The protocol information has been generated on the interface. Some further
modifications need to be made however so that the protocol is simulated as close
as possible to the Avaya implementation;
First off, change the VLAN priority to 7.
Enable the protocol. Also, use the top filter to only display tabs relevant to SPBM.

Assign and enable the interface.
Maximum area addresses in Advanced tab is 0.

In interfaces/advanced tab select “auto adjust supported protocols”.
In SPB Base VID Ranges change B-VLAN priority to 7. Also, change ECT
algorithm type for the secondary B-VLAN.

In SPB Node Base VID Ranges make the same modifications:
Modify the i-sid so that odd i-sids are sent on the primary b-vid and even i-sids on
the secondary.
Enable the protocol simulation.

On our ERS4800 stack we connected the ixia port to 1/15. We also enabled IS-IS
on this port and configured SPBM globally. Additionally we configured the same i-
sids as in the previous slides.
If everything is configured correctly the stack should establish adjacency with the
ixia port, and should learn all the simulated nodes and i-sids(in our case, the i-
sids are learned from each simulated node):

Also, all the i-sids are correctly discovered on the DUT:
Notice that odd numbered i-sids are discovered on

SPBM and other features
SPBM is supposed to be an alternative to a traditional L2/L3 deployment, and as

such is expected to work well with the other Avaya features.
•The management VLAN: it is possible to associate an I-SID to the management

VLAN. By doing so, the SPBM device/stack can be managed through the i-sid
from another point of the SPBM cloud.
•L3 operation mode is currently not supported on stacks that have SPBM enabled.
L3 routing cannot be done by SPBM devices at this time.
•IGMP Snooping can be done on customer VLANs(where both server and clients
are in the local C-VLAN). However multicast traffic sent on the i-sid is handled the
same as broadcast traffic.

Access control features on C-VLANs
Features that are usually installed where hosts meet the network are expected to
work on C-VLANs and UNIs as well as on switched-UNIs:
•DHCP Snooping
•Dynamic ARP-inspection
•IP Source guard
•EAPOL
•MAC Security/MAC-DA filtering

Common problem areas
From the testing perspective, SPBM is prone to hardware related issues.

Depending on the testing phase, the following tests have discovered issues:
Configuration issues:
-Creating/deleting NNIs. Finding ways of removing the NNIs from the B-VLANs
without actually deleting the interfaces (for instance removing the tagging on
NNIs).
-Configuring SPBM or using CFM from EDM/EDM-Off-box.
-Creating/deleting C-VLANs.
-Issues with per interface configurations, such as IS-IS authentication

Functionality issues:
-Many issues have appeared with maintaining configurations (interfaces, C-VLANs

and so on) after resets/base unit failovers/renumbering.
-Traffic forwarding issues, especially with broadcast/multicast traffic (for instance

traffic forwarded back in the same c-vlan, or duplicated on remote nodes etc.)
-Testing with DMLTs and NNIs discovered many issues: traffic multiplied or
partially or totally dropped when sent on DMLTs instead of single links.
Enabling/disabling particular links in DMLTs caused traffic drop(with enough
bandwidth available).
-Traffic forwarding patterns after stack failover, for instance traffic sent to the
wrong i-sid after a base-unit reset.
-IS-IS globally disabled after reset.
-Management VLAN not working.

-CFM functionality problems(receiving two responses instead of one etc.)
Certain access control features had issues when installed on C-VLANs (with no
issue when installed on regular VLANs):
-MAC-security, MAC-DA filtering not working on UNIs.
-No guard-rail present to prevent the user from enabling access control features
on NNIs.
-EAPOL issues on UNIs(filtered traffic to authenticated traffic or traffic forwarded

to client after log-off).
-MHMV EAPOL mode with SPBM
-Security features not available on switched-type VLANs.
-DHCP snooping filtering valid DHCP offers received on trusted NNIs.

SPBM in the engineering menu
It is possible to check on various hardware

configurations from the engineering menu:
The sequence for the ISIS menu is A-L-L:
-The user can check if certain configurations have

been installed correctly with the “Dump”
commands.
-Debugging with verbosity levels from 1 to

5(hardcore!) can be configured from the
engineering menu.

Applications for SPBM
With the added Fabric Attach feature, it is desired in the future that configuration
complexity(and human error) will be reduced to a minimum. The technology is
designed to be used in data centers as well as in Campus type networks.
SPBM and Avaya Fabric Connect are marketed as a very simple and automatic
model to create connectivity. The key advantages that are advertised by Avaya are
the simple configuration and the ease of adding new services.
SPBM was already deployed in the 2014 Sochi Winter Olympics, where it was
used in the Olympic village, as well as for broadcasting video feeds from the
events.

End of presentation
Thank you 

SPBM Fundamentals and Testing: Baystack PV

Uploaded by

Copyright:

Available Formats

SPBM Fundamentals and Testing: Baystack PV

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SPBM Fundamentals and Testing: Baystack PV

Uploaded by

Copyright:

Available Formats

Baystack PV

• Describe the mechanisms on which SPBM relies: IS-IS, L2-

• Describe the way customer traffic (unicast, unknown unicast,

• Provide guidelines into the configuration of SPBM in the test

• Provide some information on the tools used to test SPBM,

Luxoft Professional Romania

•SPB L3VSNs and GRT Shortcuts(currently not supported on

•Avaya Fabric Attach

•SPBM with SMLT(SMLT is supported on VSP7k release 10.3, on

•SPBM with constrained multicast (to be introduced in the near

Luxoft Professional Romania

• In a Layer 2 only environment, VLANs have to span the entire

• Spanning tree is very slow to converge and difficult to

• Spanning tree blocks various links through the network,

• All client MAC addresses need to be learned in all of the

• To avoid the disadvantages of spanning tree, the enterprise

Luxoft Professional Romania

• The layered model uses three levels, access, distribution and

• Modern multilayer switches install L3 information in hardware

Luxoft Professional Romania

• Tedious configuration process. In addition to per-node

• All this work provides lots of potential for human error.

• Every additional protocol adds complexity and overhead to

• Whenever a new service (VLAN) needs to be added, the VLAN

Luxoft Professional Romania

• In contrast, SPBM reduces the network core to a single

• Once the SPBM infrastructure is created, additional services

• All nodes in between are automatically provisioned by the

• The configuration steps for IS-IS are straightforward and

Luxoft Professional Romania

• The functionality behind Avaya’s implementation of SPB is

• SPB does this by combining single point provisioning with a

• The protocol was designed as a replacement for STP/MSTP,

Luxoft Professional Romania

Luxoft Professional Romania

•The concept of MAC-in-MAC encapsulation(described in IEEE 802.1ah)

Luxoft Professional Romania

• Two types of nodes need to be defined:

• BEBs terminate the SPBM cloud, at this node is where I-SIDs

Luxoft Professional Romania

In current SPBM deployments, three types of interfaces are used:

•User Network Interfaces exist only on BEBs. These interfaces are

Luxoft Professional Romania

• Customer VLAN(C-VLAN) – this type of VLANs are configured

• Backbone VLANs(B-VLANs) – this is a “spbm-bvlan” type

Luxoft Professional Romania

• When IS-IS is configured and enabled on interfaces,

• Every time a service(or i-sid) is created at two edge points,

• After the infrastructure is created, services, or I-SIDs as called in

• When traffic needs to be forwarded through the SPBM cloud, the

Luxoft Professional Romania

• SPBM cloud handles the various types of traffic differently.

• Broadcast and Unknown-Unicast traffic are handled the same

Luxoft Professional Romania

• As of releases 5.8 and 10.3, no specific treatment of multicast

This concludes the brief introduction to SPBM, the presentation

Luxoft Professional Romania

• IS-IS is a link-state routing protocol, similar to OSPF,