MINT Switching

02

MINT switch group

Please Sign in to take into
account course progress

MINT switch group concept

To represent a wireless network as a single large switch, regardless of the physical network topology complexity, devices use the switching mode. InfiNet devices use the proprietary switch groups concept. A switch group has the following properties:

  • switch group is a gateway between MINT and Ethernet protocols, performing frame encapsulation/decapsulation;
  • switch group includes one or more network interfaces of a wireless device, physical and logical;
  • switch groups are defined using identification numbers in the range 1...4999;
  • an Ethernet frame entering the MINT area can be filtered by switch group rules;
  • when an Ethernet frame enters the MINT area, it is checked for matching with the rules of switch groups. If one of the rules matches, the frame is automatically assigned a label equal to the number of the switch group. The tag is placed in the MINT frame header;
  • a MINT frame can only be transmitted between switch groups with the same numbers configured on different devices;
  • devices that are in the same MINT area exchange information about switch groups configured on them, i.e. any device in the MINT area receives information about nodes that have the same switch group.
     

JOIN function

In addition to combining interfaces by including them in a switch group, the MINT protocol allows to combine interfaces using the JOIN function. JOIN and switch groups have the following differences:
 

  • the JOIN function allows to combine only the interfaces to which the MINT areas are connected. Thus, unlike switch groups, the JOIN function does not act as a gateway between network segments of different types;
  • the JOIN function and switch groups operate independently, i.e. a packet falling under the JOIN configuration and one of the switch groups will be processed by both methods;
     
  • the JOIN function works as the hub, i.e. a frame received through an interface that is a member of a JOIN will be transmitted to all interfaces included in the JOIN. For each switch group, a separate MAC switch forwarding table is formed and the frames are redirected based on the entries in this table;
  • the JOIN function does not contain rules by which frames can be filtered by one of the fields in the header.

Switch groups rules

Switching rules are used to define a switch group to which frames received via "eth*" interfaces will be routed. Frame switching will be carried out by a group whose switching rules are matched by this frame. The corresponding switch group decides whether to forward the frame through the specified network interface.

Switching rules contain list of rules and the decision by default (deny/permit). Each rule consists of a sequence number, condition and decision (deny/permit). While viewing the list, it is determined whether the frame matches the condition of each rule. If matches, the rule decision is applied to the frame. Otherwise, the list viewing will be continued. The rules viewing order is performed in accordance with their sequence numbers, in ascending order. If the frame does not match the condition of any rule, then a decision by default on the given group or interface is made.

Each condition includes one or more expressions matched with the following frame parameters:

  • VLAN tag;
  • IP addresses groups (source and destination);
  • MAC addresses groups (source and destination);
  • same QoS field header values;
  • multicast traffic;
  • other criteria.

Each expression contains the name of the acceptable values list corresponding to the frame parameters. In addition, an expression can be specified in the PCAP format (tcpdump). This expression is called "match". Thus, a frame matches the condition if all its parameters belong to the corresponding acceptable values lists, and the whole frame matches the expression "match". If there is no frame parameter element in the condition, then the frame parameter, regardless of its value, is considered to match this condition.

Example of switch group rules

Let's look at the example of traffic distribution by switch groups.There are two switch groups on the device, which include the radio and Ethernet interfaces. Following rules are added to switch groups: all packets with a 94 VLAN tag are included into the first group, and all packets with the "2C56.DC76.CD3B" destination MAC address are included into the second group.

The device receives three Ethernet frames, which are checked for belonging to switch groups (see Figure).

Step 1: Frame 1 enters the device. The VLAN tag of the frame is checked first, since it is 94 the frame is forwarded to the switch group 1. Note that Frame 1 matches the rules of the second switch group - its destination MAC address is "2C56.DC76.CD3B", however, the check goes until the first match, therefore frame 1 belongs to switch group 1 and will not be checked for compliance with the other rules.
 

Step 2: Frame 2 enters the device. The VLAN tag of the frame is checked first, however, its VLAN tag is different from 94. The frame is transferred further and matches with the conditions of the second switch group with which it belongs to.
 

Step 3: Frame 3 enters the device. The VLAN tag is different from 94 and MAC address is different from "2C56.DC76.CD3B". Thus, the frame does not match any of the switch groups rules, therefore is passed to the routing module for processing.
 

Traffic distribution in switch groups

Let's see the examples of networking using MINT switching. Three subscriber stations are connected to the base station sector via radio, a PC is installed behind each of the radio devices, which are configured to address from the same 192.168.10.0/24 subnet. The device management organization is described below, therefore we assume that access to devices can only be obtained locally — the management IP address is associated with the Ethernet interface.

Example 1

Task: it is necessary to provide pairwise connection between PC1 and PC3, PC2 and PC4. At the same time, connectivity between other devices should be absent, i.e. PC1 and PC3 should not be connected to PC2 and PC4.
 

Solution: configure switch groups with number 2 on BS and CPE2, and switch groups with number 3 on CPE1 and CPE3. Go to "Basic Settings → MAC Switch" and click the "Create switch group" button (see Figure). Select interfaces to include to the switch group and click the "Apply" button.

After configuring switch groups on all devices, check the connectivity. Connection is possible only between PC1 and PC3, PC2 and PC4, as it was planned:

Step 1: when checking connectivity by the ping utility, PC4 forms an icmp message, encapsulating it into an IP packet, which is encapsulated into an Ethernet frame.

Step 2: the frame enters the BS device, which, in accordance with the rules formed above, transfers it to the switch group with number 2.

Step 3: switch group number 2 encapsulates an Ethernet frame into a MINT frame.

Step 3a: since the MINT frame has a tag of switch group 2, it can only be transferred to the device with same switch group (data transfer can be organized through intermediate devices without a corresponding switch group). During the exchange of service data, the BS receives information that the switch group with number 2 is configured only on CPE2, so the received icmp message will not be transmitted to CPE1 and CPE3.

Step 4: the MINT frame is transmitted to CPE2 via radio link.

Step 5: CPE2, receives the MINT frame, analyzes its header: the header contains the tag of the switch group 2, to which the frame will be transmitted for further processing.

Step 6: during the frame processing by the switch group, the Ethernet frame is decapsulated from the MINT frame and transmitted to PC2.
 

Similarly, the transfer of icmp messages between PC1 and PC3 occurs with the only difference that the BS device acts as an intermediate node.
 

Example 2

Task: in addition to the first example task, it is necessary to organize the connectivity between PC1 and PC4.

Solution: using of switch groups with numbers 2 and 3 will affect other devices, so we will create switch group with number 4 for the interaction between PC1 and PC4.

Perfom the configuration as in Example 1, all traffic from PC4 go to the switch group 2 of the BS device, since there are no switch group rules and this group is located on the first position in the switch groups list. Switch group rules limit traffic: if no rules configured, all traffic will flow to the switch group, and if filtering is performed only frames that match the rules will be included in the switch group. Since the switch groups rules are processed in order, we will add restrictive rules for switch group 2 to the BS and create a switch group 4 (see Figure). Since traffic of switch group 2 is directed to PC2, by using a pcap-expression it is possible to specify its IP address 192.168.10.2 (see Figure).

Also it is necessary to add a rule for a switch group 3 and create a switch group 4 on CPE1.

Let's check the connectivity of PC1 and PC4. Networking works as planned - PC1 is available from PC4, while PC3 is not available from PC4:

Step 1: when checking connectivity by the ping utility, PC4 forms an icmp message for PC1, encapsulating it into an IP packet, which is encapsulated into an Ethernet frame.

Step 2: the frame enters the BS device, which checks it for compliance with the rules of switch groups:

Step 2a: since the frame source IP address is 192.168.10.4, the destination IP address is 192.168.10.1, the frame does not match the rule of switch group 2.

Step 2b: switch group 4 does not contain rules, therefore the frame entering the MINT domain is associated with switch group 4.

Step 3: MINT frame is sent via radio to CPE1, it can only be transferred to the device with same switch group. During the exchange of service data, the BS receives information that the switch group with number 4 is configured only on CPE1, so the received icmp message will not be transmitted to CPE2 and CPE3.

Step 4: CPE1, receives the MINT frame, analyzes its header: the header contains the tag of the switch group 4, to which the frame will be transmitted for further processing.

Step 5: during the frame processing by the switch group, the Ethernet frame is decapsulated from the MINT frame and transmitted to PC1.

Example 3

Task: Complicate the scheme from Example 2 by deleting all switch groups on the BS, and check the connectivity between PC1 and PC3.

Solution: to delete group click the "Remove Group" button in subsection "MAC Switch":

As it was noted, the switch group is a gateway between the MINT domain and the Ethernet network, therefore the intermediate device for the traffic path in the MINT domain should not contain a switch group, since intermediate device does not transmit traffic between MINT and Ethernet. This confirms the connectivity between PC1 and PC3 in this example.

Remote device management

Infinet Device Management can be organized in two ways: by switching or routing. In this course, the method of organizing management through switching will be described. Switch virtual interfaces (SVI) are used for this purpose.

The SVI interface is a third level (L3) virtual interface. Can be assigned to a switch group to gain access to the device and manage it through this switch group. The system supports up to 4096 virtual interfaces "sviN" (in range 0...4095).

The SVI interface has the following characteristics:

  • It can be assigned to one switch group (any), after which the interface becomes part of this group and exchange the information with other group members. Any frames received by this switch group in accordance with its rules and addressed to the "sviN" interface, as well as copies of multicast and broadcast frames, will be received by the device on behalf of the "sviN" interface.
  • One or more IP addresses can be assigned to the SVI interface.
     
  • Can be assigned as a parent interface for VLAN interfaces. In this case, the VLAN interface becomes part of the switch group.
  • The SVI interface and interfaces that use it as a parent can not be included in any switch group, but can be assigned to this group.
     
  • Can be used to aggregate channels using the LAG interface.
     
  • An SVI is considered as active if it has been created and assigned to a switch group.
     

It is highly recommended to select separate VLAN to perform the device management.

It is highly recommended to select separate VLAN to perform the device management.

Let's select VLAN 100 for device management. In our example, the device with the 172.16.10.15/24 IP address will be configured. The configuration steps are following:

Step 1: to create switch group go to "Basic Settings → MAC Switch" section, click the "Create switch group" button and set group ID 100.

Step 2: to create SVI click the "Create L3 management" button in the configuration menu of the switch group 100. SVI100 will be created automatically.

Step 3: to set IP address for remote unit management go to the "Basic Settings → Network Settings" section and assign 172.16.10.15/24 IP address to "svi100".

Step 4: to include required VLAN traffic to the management group, create VLAN interface by clicking "Create VLAN" button in the "Basic Settings → Network Settings" section, set VLAN device number 100. Make sure, that eth interface is selected as a parent and set VLAN ID 100.

Step 5: add "vlan 100" and "rf*" interfaces (if necessary) to the management switch group. No additional rules are required.

Pseudo-radio interface (PRF)

MINT architecture protocols can work not only by radio, but also through a wired Ethernet interface. To perform this, the system has a pseudo-radio interface (PRF), which can be associated with any wired interface. Using PRF allows to combine several MINT areas into one and to include InfiMUX in MINT.
 

Let's look at scheme with three Base Station sectors (BS1, BS2, BS3), each of which is connected to one subscriber terminal. Each radio link can be shown as a separate MINT area (see figure). In case PC2 generates a message for PC3, it will be encapsulated into an Ethernet frame, which will be encapsulated into a MINT frame of area 2 in accordance with the rules of CPE2 switch groups. After that, BS2 decapsulates the Ethernet frame and transmits it to the switch. The switch forwards the received frame in accordance with its MAC switch forwarding table to the port to which the BS3 is connected. The BS3 encapsulates the Ethernet frame into the MINT frame and transmits through area 3. CPE3 decapsulates the Ethernet frame and sends it directly to PC3.

The disadvantages of this solution are the need to configure switch groups on each radio device, as well as the impossibility to realize all the MINT protocol capabilities. For example, since CPE2 and CPE3 are in different MINT areas, they have no information in the routing table about each other and not able to track metrics change, depending on the radio link state.

The MINT area can be extended using PRF interfaces. In this case, devices connected to the switch will be able to see each other, as if they are connected via a radio interface and are MINT neighbors.

Follow the steps below to configure a PRF interface:

Step 1: click the "Create PRF" button in the "Network Settings" section.

Step 2: make sure that the interface is in the "up" state, the parent interface and the channel are selected correctly. Within one L2 domain, four independent MINT domains can be formed using different channels, i.e. communication will be established only between PRF-interfaces with the same "Channel" values.

Step 3: go to "Link Settings" section, check the prf interface state and join the interfaces.

MINT area 2 was joined with area 3 into a single area. Now, if PC2 generates a message for PC3, it will be encapsulated in an Ethernet frame that enters into MINT area 2 in accordance with the rules of CPE2 switch groups. Further, the frame is distributed along the MINT area, it is decapsulated at CPE3 and transmitted to PC3. The MINT area expanding allows to distribute the MINT protocol mechanisms to devices connected through a switch. For example, if you need to transfer data between CPE2 and CPE3, switch groups on BS2 and BS3 devices may not be configured.
 

Network map

MAC switch forwarding table

Infinet devices use MAC switch forwarding table while data transferring. An example of switch table is shown in the figure below. Table has a following fields:

  • Destination device MAC address;
  • Gateway MAC address;
  • Interface through which the destination device is available;
  • Route cost.

The Infinet device receives an Ethernet frame with the destination MAC address "28D24480EE89", which is the address of the external device. The radio device encapsulates the received Ethernet frame into a MINT frame in accordance with the switch groups rules. For further frame forwarding, the device scans its MAC switch forwarding table. In the MAC switch forwarding table, the gateway with the "000435130E77" MAC address is assigned to the destination address. This means that during the MAC switch forwarding table formation, while ARP requests had been broadcasting, the gateway with this MAC address sent a frame to the MINT area first. In general, the gateway MAC address is the radio interface MAC address of the device behind which the destination is located.

Further, the MAC switch forwarding table is scanned for the gateway MAC address: there are two available routes with a cost 28 and 31. Priority have routes with lower cost. The device encapsulates original Ethernet frame into the MINT frame, sets in the MINT header the gateway MAC address and the switch group identifier.

The frame is distributed hop-by-hop through the MINT area, reaching the gateway device. The gateway checks the MINT frame header, realize that the frame is intended for it, sends the frame for processing to the switch group which number is specified in the MINT header. Next, the Ethernet frame is decapsulated and transmitted to the destination.

As already mentioned, the MINT protocol combines the features of link and network protocols: MINT MAC switch forwarding tables are built same as routing tables, but use MAC addresses. At the same time, the cost used in the MINT MAC switch forwarding table is based on the radio link parameters, that is specific of the radio link relative to the wired communication.

Path selection

There are two radio links between PC1 and PC2. Radio devices have PRF interfaces, same switch groups with "rf" and "eth" interfaces on each, all Infinet devices are in the same MINT area.

Loops

If described configuration is used, a loop can appear during the broadcast traffic propagation. Initially, PC1 does not know the PC2 MAC address, therefore, starting an exchange of data, an ARP request will be formed from PC1 to PC2. The ARP request will be encapsulated in an Ethernet broadcast frame.

Small loop

Step 1

  • The switch, receives a broadcast frame and sends it to all ports, except the port to the PC1 direction.

Step 2

  • BS1 and BS2 receive a frame from the Ethernet network, transmit it to the switch group for processing. At this stage, the Ethernet frame is encapsulated in the MINT frame and sent via the RF and PRF interfaces. We won't review transmission through the radio in this lesson.

Step 3

  • The BS1 and BS2 devices receive the MINT frame from each other and, in accordance with the switch group rules, decapsulate the Ethernet broadcast frame and transmit it to the switch.
  • The switch acts as shown in step 1 - receives a broadcast frame, sends its copy to all interfaces, except the one through which it is received. Thus, the frame sent by BS1 will be transmitted to PC1 and BS2, and the frame from BS2 to PC1 and BS1.
  • The situation described in step 1 is repeated - the switch sends Ethernet broadcast frames towards BS1 and BS2, therefore those steps will be cyclically performed, which indicates a switching loop.

Big loop

Step 1

  • The switch, receives a broadcast frame and sends it to all ports, except the port to the PC1 direction.

Step 2

  • BS1, receives an Ethernet frame, encapsulates it into a MINT frame and sends two copies through the radio link - to CPE2 and CPE1.
  • BS2 performs similar as BS1.

Step 3

  • In accordance with the rules of the switch group CPE1 and CPE2 decapsulate the Ethernet broadcast frame from the MINT frame, and transmit it to the switch.
  • The switch, receives a frame from CPE1, sends copies to CPE2 and PC2, and also receives a frame from CPE2 and sends to CPE1 and PC2.

Step 4

  • CPE1, receives an Ethernet broadcast frame, encapsulates it into a MINT frame and sends two copies through the radio - to BS1 and BS2.
  • CPE2 performs similar as CPE1.

Step 5

  • The BS1 and BS2 devices receive MINT frames, decapsulate the Ethernet broadcast frame and transmit to the switch.
  • The switch acts as shown in step 3 - receives a broadcast frame, sends its copy to all interfaces, except the one through which it is received. Thus, the frame sent by BS1 will be transmitted to PC1 and BS2, and the frame from BS2 to PC1 and BS1.
  • The situation described in step 1 is repeated - the switch sends Ethernet broadcast frames towards BS1 and BS2, therefore those steps will be cyclically performed, which indicates a switching loop.
     
Loop prevention

Let's look at the scheme where PC1 and PC2 are connected via two radio links: BS1-CPE1 and BS2-CPE2. BS1 and BS2 Base Station sectors are connected to switch 1, subscriber terminals CPE1 and CPE2 are connected to switch 2. Switch groups with number 1 are created on the radio devices (the number of the switch group must match on all devices) without rules, include eth- and rf-interfaces. The prf interface is created on each radio devices to combine them into a single MINT area, the eth interface is set as the parent interface. The radio interface and the pseudo-radio interface are joined using the JOIN function.
 

There are two ways to prevent the loop:

  • enable STP on all network nodes, which will block the route between BS1 and CPE1;
  • exclude the Ethernet port from the switch group on the BS1 and CPE1 nodes.

In any of the proposed methods, the traffic distribution scheme will depend on the link cost value that are directly related to the radio link parameters.

Option 1 - the BS1-CPE1 link cost is lower than BS2-CPE2

  • PC1 generates a message to the direction of PC2 and transmits it to the switch 1, encapsulating in an Ethernet frame.
     
  • The switch sends the frame to the direction of BS2. If the frame is broadcast, then it is also transmitted in the direction of BS1, but BS1 discards it because the eth interface is excluded from the switch group, or blocked by the STP.
     
  • The BS2 encapsulates the Ethernet frame in the MINT frame and evaluates the MAC switch forwarding table. According to the switch table, BS2 can transmit a frame through the rf or prf interfaces, since the cost of the radio link BS2-CPE2 is higher than BS1-CPE1, then BS2 chooses the prf interface for frame redirection.
  • The frame is transmitted through the MINT area via the BS2 → BS1 → CPE1 → CPE2 path, reaching the CPE2 device, which decapsulates the Ethernet frame and transmits to the switch 2.
  • Switch 2 forwards the frame towards PC2.

Option 2 - the BS1-CPE1 link cost is higher than BS2-CPE2

  • PC1 generates a message to the direction of PC2 and transmits it to the switch 1, encapsulating in an Ethernet frame.
  • Switch 1 transmits a frame to BS2. If the frame is broadcast, then it is also transmitted to BS1, but BS1 discards it because the eth-interface is excluded from the switching group, or blocked by the STP protocol.
  • The BS2 encapsulates the Ethernet frame to the MINT frame and evaluates the switching table. According to the switching table, BS2 can transmit a frame through the rf or prf interfaces, but since the cost of the radio link BS1-CPE1 is higher than BS2-CPE2, then BS2 chooses the rf interface for frame redirection.
  • The frame is transmitted via radio, reaching the CPE2 device, which decapsulates the Ethernet frame and transmits to the switch 2.
  • Switch 2 forwards the frame to PC2.
Back
MINT protocol
MINT switch group
VLAN configuration
Practice: Devices VLAN remote management
Practice: operation with VLAN tag
Practice: Access port configuration
Practice: Trunk - In-Trunk mode configuration
Traffic redundancy schemes
Practice: Failover option configuration
Practice: Mobile projects with InfiMUX
Traffic aggregation schemes
Practice: LAG on InfiMUX configuration
Practice: Full Duplex scheme configuration
Switching for multicast traffic
Next