The format of GPON 1:1 VMAC is different from that of other 1:1 VMAC. Table 9-4 describes the default format of GPON 1:1 VMAC and Table 9-5 describes the default format of other 1:1 VMAC.
Table 9-4 GPON 1:1 VMAC format
MAC Address Description
47-42 bits Reserved bits, configurable through the CLI.
41 bit Indicates whether the local MAC address is
valid or the MAC address is assigned by an internal organization.
40 bit Unicast address
39-24 bits OLT ID configured by the user.
23-18 bits ID of the GPON slot to which the user
belongs.
17-13 bits ID of the GPON port to which the user
belongs.
12-3 bits ID of the ONT to which the user belongs.
2-0 bits Unique MAC address dynamically allocated
by the OLT to the user.
Table 9-5 1:1 VMAC format
MAC Address Description
47-42 bits Reserved bits, configurable through the CLI.
41-40 bits Fixed values (1 for bit 41 and 0 for bit 40).
39-21 bits DSLAM ID configured by the user.
20-15 bits ID of the slot to which the user belongs.
14-6 bits ID of the port to which the user belongs.
5-0 bits Unique MAC address allocated to the user.
Module
Feature Description 9 Layer 2 Protocol Handling
NOTE
To ensure the uniqueness of the MAC address, the DSLAM or OLT ID must be configured before the VMAC function of the VLAN is enabled. The uniqueness of the DSLAM or OLT ID needs to be ensured during the configuration; otherwise, two different DSLAMs or OLTs may be allocated the same VMAC.
9.3.6 Glossary, Acronyms, and Abbreviations
Glossary
Table 9-6 Glossary of the terms related to the access user bridging feature
Term Description
User board In this document, a user board refers to the board that provides users with the access service.
S+C forwarding
In the S+C forwarding mode, Ethernet packets are forwarded according to the two-layer VLAN tags in the header. The external-layer VLAN tag is the S-tag and the internal-layer tag is the C-tag.
Acronyms and Abbreviations
Table 9-7 Acronyms and abbreviations of the access user bridging feature Acronym/
Abbreviation Full Spelling Description
SCUN Super Control Unit Board VerN
The SCUN control board. It provides up to 24 10GE ports, and 4 GE ports on the front panel.
SPU Service Process Unit It provides 8 GE ports and 2 10GE ports on the front panel.
OLT Optical Line Terminal Null
ONU Optical Network Unit Null
ONT Optical Network Terminal Null
VMAC Virtual MAC Null
ARL Address Resolution List Null
LTM Linktrace Message Null
LTR Linktrace Reply Null
Module
Feature Description 9 Layer 2 Protocol Handling
9.4 N:1 VMAC
VMAC means virtual MAC address. In N:1 VMAC, the device replaces a set of user MAC addresses with a unique virtual MAC address. The user MAC addresses and the VMAC of the device are in an N:1 mapping.
9.4.1 Introduction
Definition
VMAC is abbreviated from virtual MAC address. It means that the MA5600T/MA5603T replaces the source MAC address of a user terminal with a virtual MAC address. N:1 VMAC is also called single-MAC. In N:1 VMAC, a set of user MAC addresses are replaced with a unique virtual MAC address. When it comes to the MA5600T/MA5603T, all users of each service board are mapped to one virtual MAC address.
Purpose
In the typical Layer 2 forwarding model, a device is identified by its MAC address. However, not all such devices are directly controlled by the operator, so their MAC addresses may not always be trustable. Certain network devices have been used to solve the problem of MAC address conflict, but this is only part of the problems.
l The uniqueness of a MAC address can be guaranteed only at the network element (NE) level but not at the network level.
l An NE can detect conflicting MAC addresses but cannot differentiate an authorized user from an unauthorized user.
VMAC comes up as an ideal solution. VMAC enables the operator to replace the MAC addresses of devices with pre-defined (controllable) MAC addresses. Adopting VMAC enhances the Layer 2 forwarding model in two aspects:
l Security:
Replacing the MAC addresses of devices with operator-defined MAC addresses ensures the uniqueness of MAC addresses in an entire network. This in turn avoids the problems arising from MAC address conflict.
l Measurability:
By ensuring the uniqueness of the MAC addresses in an entire network, the operator can connect multiple DSLAMs and edge routers by using the same VLAN. In this way, the operator can expand the number of devices sharing the same subnet and thus improve the allocation efficiency of the IP address pool.
In addition, since N:1 VMAC allows multiple user MAC addresses to be replaced by one virtual MAC address, this also solved the problem of insufficient MAC address entries on the carriers' upper-layer aggregation devices.
Benefit
Benefits to carriers Module
Feature Description 9 Layer 2 Protocol Handling
l Security is enhanced. Users with untrusted MAC addresses are denied the access to carriers' networks; instead, users access the networks with the trusted virtual MAC addresses allocated by carriers' equipment.
l MAC address space is saved. In an Layer 2 network with a large number of users, the MAC address space of the equipment usually bottlenecks the network. The N:1 VMAC feature greatly saves the MAC address space.
Benefits to users
This feature prevents MAC address conflicts and protects users from MAC address spoofing.
9.4.2 Specifications
The specifications of the N:1 VMAC feature are as follows:
l Supports N:1 VMAC in PPPoE access. Supports up to 1K PPPoE users.
l Supports N:1 VMAC in PPPoA access. Supports up to 1K PPPoA users.
l Supports the global-level VMAC switch; Supports the VLAN-level PPPoE and PPPoA N:
1 VMAC feature.
l The QinQ private line service does not support the N:1 VMAC function.
9.4.3 Availability
License Support
N:1 VMAC is a basic feature of the MA5600T/MA5603T. Therefore, the corresponding service is provided without a license.
Version Support
Table 9-8 lists the versions that support the N:1 VMAC feature.
Table 9-8 Base version required for the N:1 VMAC feature
Product Version
MA5600T/MA5603T V800R006C02 and later versions
Feature Dependency
PPPoE N:1 VMAC and anti-MAC spoofing are mutually exclusive. When the two features are enabled at the same time, only PPPoE N:1 VMAC takes effect.
Hardware Support
Boards supporting N:1 VMAC: all xDSL boards, GPON boards, the OPFA board, and OPGD board.
Module
Feature Description 9 Layer 2 Protocol Handling