ETSI ES 203 385 V1.1.1 (2014-11)

Final draft ETSI ES 203 385 V1.1.1 (2014-09)

ETSI STANDARD
CABLE; ®
DOCSIS Layer 2 Virtual Private Networking

2 Final draft ETSI ES 203 385 V1.1.1 (2014-09)

Reference
DES/CABLE-00008
Keywords
access, broadband, cable, data, IP, IPcable,
L2VPN, modem
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2014.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
Contents
Intellectual Property Rights . 7
Foreword . 7
Modal verbs terminology . 7
1 Scope . 8
2 References . 8
2.1 Normative references . 8
2.2 Informative references . 9
3 Definitions and abbreviations . 10
3.1 Definitions . 10
3.2 Abbreviations . 12
4 Requirements and conformance . 15
4.1 Requirements . 15
4.2 Conformance . 16
5 Theory of operation . 16
5.1 L2VPN Features . 16
5.1.1 Transparent LAN Service . 16
5.1.2 Multiple ISP L2VPNs . 18
5.1.3 Management L2VPNs. 18
5.1.4 Other L2VPN-enabled Features . 19
5.1.5 High Availability . 19
5.2 CMTS Layer 2 Forwarding Architecture . 19
5.2.1 L2VPN and Non-L2VPN Forwarding . 19
5.2.2 Point-to-Point and Multipoint L2VPN Forwarding Modes . 20
6 L2VPN Operation (Normative) . 22
6.1 CMTS Bridging Model Requirements . 22
6.2 Configuring L2VPN Forwarding . 23
6.2.1 VPNID Subtype . 26
6.2.1.1 Border Gateway Protocol (BGP) VPNID Subtype . 26
6.2.2 Downstream Classifier L2VPN Encoding . 26
6.2.3 L2VPN SA-Descriptor Subtype . 27
6.2.4 Vendor-Specific L2VPN Encoding . 27
6.2.5 Configuration Error Requirements . 27
6.2.6 Network System Interface (NSI) Encapsulation . 28
6.2.6.1 NSI Encapsulation Subtype . 28
6.2.6.2 IEEE 802.1Q L2VPN Forwarding . 28
6.2.6.3 IEEE 802.1Q L2VPN Forwarding . 28
6.2.6.3.1 Point-to-Point CMTS Forwarding with Point-to-Point 802.1Q Forwarding . 29
6.2.6.3.2 Point-to-Point CMTS Forwarding with L2VPN Bridging Network Element . 29
6.2.6.4 IEEE 802.1Q L2VPN Forwarding . 29
6.2.7 Virtual Private LAN Service (VPLS) and Virtual Private Wire Service . 29
6.2.7.1 PSN Tunnel - Control Plane and Data Plane Encapsulation . 30
6.2.7.2 PW - Control Plane and Data Plane Encapsulations . 30
6.2.7.2.1 PW Signaling without Auto-Discovery . 31
6.2.7.2.2 PW Signaling with Auto-Discovery . 31
6.3 CMTS Upstream L2VPN Forwarding . 33
6.4 CMTS Downstream L2VPN Forwarding . 34
6.4.1 Multipoint Downstream Forwarding . 35 ®
6.4.2 DOCSIS 3.0 L2VPN Downstream Multicast Forwarding . 36
6.5 L2VPN Isolation and Privacy . 36
6.5.1 Protecting L2VPN Traffic . 36
6.5.2 Preventing Leaking of non-L2VPN Traffic . 37
6.5.2.1 Downstream Unencrypted Traffic (DUT) Filtering . 37
ETSI
4 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
6.5.2.2 Downstream IP Multicast Encryption (DIME) . 37
6.5.2.3 Mixing L2VPN and non-L2VPN forwarding on the same CM . 38
6.6 CM and eSAFE Exclusion . 38
6.6.1 CM and eSAFE Host Forwarding Model . 38
6.6.2 Cable Modem MAC Bridge Interface Masks . 39
6.6.3 Embedded Host Exclusion . 40
6.6.4 CMTS embedded host MAC Address Learning . 40
6.6.4.1 Enable eSAFE DHCP Snooping Subtype . 40
6.6.5 Interface-based Classification . 41
6.7 L2VPN Quality of Service . 41 ®
6.7.1 DOCSIS QoS . 41
6.7.1.1 Service Flow Separation . 41
6.7.1.2 Classification and Scheduling . 42
6.7.2 Backbone Network QoS . 42
6.7.2.1 User Priority . 42
6.7.2.1.1 IEEE 802.1d User Priority . 42
6.7.2.1.2 MPLS Traffic Class . 42
6.7.2.1.3 IP Precedence . 42
6.7.2.2 Downstream User Priority Range Classification . 43
6.7.2.3 Downstream User Priority . 43
6.7.2.4 Upstream User Priority . 43
6.8 Stacked 802.1Q Tags or Tag-in-Tag operation . 44
6.9 Spanning Tree and Loop Detection . 44
6.10 High Availability . 45
6.10.1 802 Encapsulation - Active/Standby Layer 2 Trunk Ports . 45
6.10.2 802 Encapsulation - Link Aggregation . 45
6.10.3 MPLS Encapsulation High Availability . 45
6.11 MPLS Encapsulation - PW Redundancy . 45
7 Cable Modem Requirements . 46
8 Service Operations, Administration, and Maintenance (OAM) . 47
8.1 Introduction . 47
8.2 Service OAM Configuration . 47
8.2.1 CM . 48
8.2.2 CMTS . 48
8.3 Fault Management . 48
8.3.1 Continuity Check Messages (CCM) . 48
8.3.2 Loopback . 49
8.3.3 Linktrace . 49
8.4 Performance Management . 49
9 Layer 2 Control Protocol Handling . 49
Annex A (normative): CMTS DOCS-L2VPN-MIB Requirements . 51
A.1 DOCS-L2VPN-MIB Conformance . 51
A.2 DOCS-L2VPN-MIB Definitions . 54
Annex B (normative): Parameter Encodings . 93
B.1 Capabilities . 93
B.1.1 L2VPN Capability . 93
B.1.2 Embedded Service/Application Functional Entity (eSAFE) Host Capability . 93
B.1.3 Downstream Unencrypted Traffic (DUT) Filtering . 93
B.2 Downstream Unencrypted Traffic (DUT) Filtering Encoding . 94
B.2.1 Downstream Unencrypted Traffic (DUT) Control . 94
B.2.2 Downstream Unencrypted Traffic (DUT) CMIM . 94
B.3 L2VPN Encoding . 95
B.3.1 VPN Identifier . 95
B.3.2 NSI Encapsulation Subtype . 96
B.3.2.1 IEEE 802.1Q S-TPID . 98
ETSI
5 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
B.3.2.2 IEEE 802.1Q Encapsulation . 98
B.3.2.2.1 IEEE 802.1Q I-TCI . 98
B.3.2.2.2 MAC Address of the Destination Backbone Edge Bridge (B-DA) . 99
B.3.2.2.3 IEEE 802.1Q B-TCI . 99
B.3.2.2.4 IEEE 802.1Q I-TPID . 99
B.3.2.2.5 IEEE 802.1Q I-PCP . 99
B.3.2.2.6 IEEE 802.1Q I-DEI . 99
B.3.2.2.7 IEEE 802.1Q I-UCA . 100
B.3.2.2.8 IEEE 802.1Q I-SID . 100
B.3.2.2.9 IEEE 802.1Q B-TPID . 100
B.3.2.2.10 IEEE 802.1Q B-PCP . 100
B.3.2.2.11 IEEE 802.1Q B-DEI. 101
B.3.2.2.12 IEEE 802.1Q B-VID . 101
B.3.3 eSAFE DHCP Snooping . 101
B.3.4 CM Interface Mask (CMIM) Subtype . 102
B.3.5 Attachment Group ID . 102
B.3.6 Source Attachment Individual ID . 103
B.3.7 Target Attachment Individual ID . 103
B.3.8 Upstream User Priority . 104
B.3.9 Downstream User Priority Range . 104
B.3.10 L2VPN SA-Descriptor Subtype . 104
B.3.11 Vendor Specific L2VPN Subtype . 105
B.3.12 Pseudowire ID (deprecated) . 105
B.3.13 Pseudowire Type . 105
B.3.14 L2VPN Mode . 105
B.3.15 Tag Protocol Identifier (TPID) Translation . 105
B.3.15.1 Upstream TPID Translation . 106
B.3.15.2 Downstream TPID Translation . 106
B.3.15.3 Upstream S-TPID Translation . 106
B.3.15.4 Downstream S-TPID Translation . 106
B.3.15.5 Upstream B-TPID Translation . 107
B.3.15.6 Downstream B-TPID Translation . 107
B.3.15.7 Upstream I-TPID Translation . 107
B.3.15.8 Downstream I-TPID Translation . 107
B.3.16 L2CP Processing . 107
B.3.16.1 L2CP Tunnel Mode . 108
B.3.16.2 L2CP D-MAC Address . 108
B.3.16.3 L2CP Overwriting D-MAC Address . 108
B.3.17 DAC Disable/Enable Configuration . 108
B.3.18 Pseudowire Class . 108
B.3.19 Service Delimiter . 109
B.3.19.1 C-VID . 109
B.3.19.2 S-VID . 109
B.3.19.3 I-SID . 110
B.3.19.4 B-VID . 110
B.3.20 Virtual Switch Instance Encoding . 110
B.3.20.1 VPLS Class . 110
B.3.20.2 E-Tree Role . 110
B.3.20.3 E-Tree Root VID . 111
B.3.20.4 E-Tree Leaf VID . 111
B.3.21 BGP Attribute sub TLV . 111
B.3.21.1 BGP VPNID . 111
B.3.21.2 Route Distinguisher . 112
B.3.21.3 Route Target (Import) . 112
B.3.21.4 Route Target (Export) . 112
B.3.21.5 CE-ID/VE-ID . 113
B.3.22 VPN-SG Attribute sub TLV . 113
B.3.23 Pseudowire Signaling . 113
B.3.24 L2VPN SOAM Subtype . 113
B.3.24.1 MEP Configuration . 113
B.3.24.1.1 MD Level . 114
B.3.24.1.2 MD Name . 114
ETSI
6 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
B.3.24.1.3 MA Name . 114
B.3.24.1.4 MEP ID . 114
B.3.24.2 Remote MEP Configuration . 114
B.3.24.2.1 MD Level . 115
B.3.24.2.2 MD Name . 115
B.3.24.2.3 MA Name . 115
B.3.24.2.4 MEP ID . 115
B.3.24.3 Fault Management Configuration . 115
B.3.24.3.1 Continuity Check Messages . 116
B.3.24.3.2 Enable Loopback Reply Messages . 116
B.3.24.3.3 Enable Linktrace Messages . 116
B.3.24.4 Performance Management Configuration . 116
B.3.24.4.1 Frame Delay Measurement . 116
B.3.24.4.1.1 Frame Delay Measurement Enable . 117
B.3.24.4.1.2 Frame Delay Measurement One-way-Two-way . 117
B.3.24.4.1.3 Frame Delay Measurement Transmission Periodicity . 117
B.4.24.4.2 Frame Loss Measurement . 117
B.3.24.4.2.1 Frame Loss Measurement Enable . 117
B.3.24.4.2.2 Frame Loss Measurement Transmission Periodicity . 117
B.3.25 Network Timing Profile Reference . 118
B.3.26 L2VPN DSID . 118
B.4 Confirmation Codes . 118
B.5 L2VPN Error Encoding . 118
B.5.1 L2VPN Errored Parameter . 119
B.5.2 L2VPN Error Code . 119
B.5.3 L2VPN Error Message . 119
B.6 CM Interface Mask Classification Criteria. 120
B.7 L2VPN MAC Aging Encoding . 121
B.7.1 L2VPN MAC Aging Mode . 121
Annex C (informative): Example L2VPN Encodings . 122
C.1 Point-to-Point Example . 122
C.2 Multipoint Example . 124
C.3 Upstream L2VPN Classifier Example. 127
Annex D (informative): IEEE 802.1Q Encapsulation . 129
Annex E (informative): Embedded VLAN CM Bridging Model . 130
E.1 IEEE 802.1Q and Embedded VLAN Model . 131
E.2 Embedded Bridge MAC Domain Service Primitives . 132
Annex F (informative): L2VPN Non-compliant CM Restrictions . 134
F.1 Leaking through non-compliant CMs . 134
History . 135

ETSI
7 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://ipr.etsi.org).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This final draft ETSI Standard (ES) has been produced by ETSI Technical Committee Integrated broadband cable
telecommunication networks (CABLE), and is now submitted for the ETSI standards Membership Approval Procedure.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "may not", "need", "need not", "will",
"will not", "can" and "cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms
for the expression of provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
8 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
1 Scope ®
The present document describes requirements on both CMTSs and CMs in order to implement a DOCSIS Layer-2 ®
Virtual Private Network (DOCSIS L2VPN) feature.
The L2VPN feature allows cable operators to offer a Layer 2 Transparent LAN Service (TLS) to commercial
enterprises.
In order to speed time to market, CM-TR-L2VPN-DG-V02 [i.8] offers guidelines to CMTS manufacturers as to how to
phase the implementation of requirements defined in the present document. Phase designations are only applicable to
CMTS products. Cable modems are expected to support all required L2VPN features in Phase 1.
The present document corresponds to the CableLabs L2VPN specification CM-SP-L2VPN-I12 [i.19].
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are necessary for the application of the present document.
[1] IEEE 802.1AX-2008: "IEEE Standard for Local and metropolitan area networks--Link
Aggregation".
[2] IEEE 802.1Q (August 2011): "IEEE Standard for Local and metropolitan area networks - Media
Access, Control (MAC) Bridges and Virtual Local Area Networks".
NOTE: Available at http://standards.ieee.org/findstds/standard/802.1Q-2011.html.
[3] ETSI ES 201 488-3: "Access and Terminals (AT); Data Over Cable Systems; Part 3: Baseline
Privacy Plus Interface Specification".
[4] IETF Internet draft-ietf-mpls-ldp-ipv6-09 (July 15, 2013): "Updates to LDP for IPv6".
NOTE: Available at http://tools.ietf.org/html/draft-ietf-mpls-ldp-ipv6-09
[5] MEF Technical Specification 30.1 (April 2013): "Service OAM Fault Management
Implementation Agreement: Phase 2".
[6] MEF Technical Specification 35 (April 2012): "Service OAM Performance Monitoring
Implementation Agreement".
[7] CM-SP-MULPIv3.0-I22-130808 (August 8, 2013): "DOCSIS 3.0 MAC and Upper Layer
Protocols Interface Specification", Cable Television Laboratories, Inc.
[8] CM-SP-OSSIv3.0-I21-130404 (April 4, 2013): "DOCSIS 3.0 Operations Support System Interface
Specification", Cable Television Laboratories, Inc.
ETSI
9 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
[9] Internet Assigned Numbers Authority (IANA) (June 27, 2014): "MPLS Pseudowire Types
Registry".
NOTE: Available at http://www.iana.org/assignments/pwe3-parameters/pwe3-parameters.xhtml#pwe3-
parameters-2
[10] IETF RFC 2544: "Benchmarking Methodology for Network Interconnect Devices", March 1999.
[11] IETF RFC 2918: "Route Refresh Capability for BGP-4", September 2000.
[12] IETF RFC 3031: "Multiprotocol Label Switching Architecture", January 2001.
[13] IETF RFC 3032: "MPLS Label Stack Encoding", January 2001.
[14] IETF RFC 3931: "Layer Two Tunneling Protocol - Version 3 (L2TPv3)", March 2005.
[15] IETF RFC 4385: "Pseudowire Emulation Edge-to-Edge (PWE3). Control Word for Use over an
MPLS PSN", February 2006.
[16] IETF RFC 4447: "Pseudowire Setup and Maintenance Using the Label Distribution Protocol
(LDP)", April 2006.
[17] IETF RFC 4448: "Encapsulation Methods for Transport of Ethernet over MPLS Networks",
April 2006.
[18] IETF RFC 4667: "Layer 2 Virtual Private Network (L2VPN) Extensions for Layer 2 Tunneling
Protocol (L2TP)", September 2006.
[19] IETF RFC 4761: "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and
Signaling", January 2007.
[20] IETF RFC 4762: "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP)
Signaling", January 2007.
[21] IETF RFC 4893: "BGP Support for Four-octet AS Number Space", May 2007.
[22] IETF RFC 5036: "LDP Specification", October 2007.
[23] IETF RFC 5286: "Basic Specification for IP Fast Reroute: Loop-Free Alternates",
September 2008.
[24] IETF RFC 5925: "The TCP Authentication Option", June 2010.
[25] IETF RFC 6074: "Provisioning, Auto-Discovery, and Signaling in Layer 2 Virtual Private
Networks (L2VPNs)", January 2011.
[26] IETF RFC 6624: "Layer 2 Virtual Private Networks Using BGP for Auto-Discovery and
Signaling", May 2012.
[27] ETSI ES 201 488-2: "Access and Terminals (AT); Data Over Cable Systems; Part 2: Radio
Frequency Interface Specification".
[28] Recommendation ITU-T Y.1731 (November 2013): "OAM functions and mechanisms for
Ethernet based networks".
2.2 Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] DPoE-SP-ARCHv1.0-I01-110225, February 25, 2011: "DOCSIS Provisioning of EPON, DPoE™
Architecture Specification", Cable Television Laboratories, Inc.
[i.2] DPoE-SP-DEMARCv1.0-I02-130614, June 14, 2013: "DOCSIS Provisioning of EPON, DPoE™
Demarcation Device Specification", Cable Television Laboratories, Inc.
ETSI
10 Final draft ETSI ES 203 385 V1.1.1 (2014-09)
[i.3] DPoE-SP-IPNEv1.0-I06-130808, August 8, 2013: "DOCSIS Provisioning of EPON, IP Network
Element Requirements", Cable Television Laboratories, Inc.
[i.4] DPoE-SP-MEFv2.0-I02-130808, August 8, 2013: "DOCSIS Provisioning of EPON, Metro
Ethernet Forum Specification", Cable Television Laboratories, Inc.
[i.5] DPoE-SP-MULPIv1.00-I06-130808, August 8, 2013: "DOCSIS Provisioning of EPON, DPoE™
MAC and Upper Layer Protocols Requirements", Cable Television Laboratories, Inc.
[i.6] CM-SP-eDOCSIS-I26-130808, August 8, 2013: "eDOCSIS Specification", Cable Television
Laboratories, Inc.
[i.7] CM-SP-eRouter-I10-130808, August 8, 2013: "Data-Over-Cable Service Interface Specifications,
eRouter Specification", Cable Television Laboratories, Inc.
[i.8] CM-TR-L2VPN-DG-V02-121206, December 6, 2012: "L2VPN Development Guidelines
Technical Report", Cable Television Laboratories, Inc.
[i.9] MEF 6.1.1: "Layer 2 Control Protocol Handling Amendment to MEF 6.1", January 2012.
[i.10] ETSI TS 101 909-6 (V1.1.1): "Access and Terminals (AT); Digital Broadband Cable Access to the
Public Telecommunications Network; IP Multimedia Time Critical Services; Part 6: Media
Terminal Adapter (MTA) device provisioning".
[i.11] IETF RFC 2685: "Virtual Private Network Identifier", September 1999.
[i.12] IETF RFC 3107: "Carrying Label Information in BGP-4", May 2001.
[i.13] IETF RFC 3209: "RSVP-TE: Extensions to RSVP for LSP Tunnels", December 2001.
[i.14] IETF RFC 3270: "Multi-Protocol Label Switching (MPLS) Support of Differentiated Services",
May 2002.
[i.15] IETF RFC 3985: "Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture", March 2005.
[i.16] IETF RFC 4363: "Definitions of Managed Objects for Bridges with Traffic Classes, Multicast
Filtering and Virtual LAN Extensions", January 2006.
[i.17] IETF RFC 4364: "BGP/MPLS IP Virtual Private Networks (VPNs)", February 2006.
[i.18] IETF RFC 4664: "Framework for Layer 2 Virtual Private Networks (L2VPNs)", September 2006.
[i.19] CM-SP-L2VPN-I12-131120, November 20, 2013: "Layer 2 Virtual Private Networks", Cable
Television Laboratories, Inc.
[i.20] IEEE 802.1D: "IEEE Standard for Local and metropolitan area networks: Media Access
Control (MAC) Bridges".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
bridged network: set of IEEE 802 LANs interconnected by IEEE 802.1d [i.20] MAC bridges
compliant Cable Modem (CM): CM that implements the present document ®
DOCSIS L2PDU: Layer 2 Packet Data Unit of a DOCSIS MAC Frame
NOTE: Follows a MAC Header with FC_TYPE=00. This definition means that a MAC Management message ®
L2PDU, even though the form of a MAC
with FC_TYPE=11 is not considered to be a DOCSIS
Management Message Header is the same form as an L2PDU.
...