MAC-Forced Forwarding: A Method for Subscriber Separation on an Ethernet Access Network
RFC 4562
|
| Document |
Type |
|
RFC - Informational
(June 2006; No errata)
|
|
Last updated |
|
2018-12-20
|
|
Stream |
|
ISE
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
| Stream |
ISE state
|
|
(None)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4562 (Informational)
|
|
Telechat date |
|
|
|
Responsible AD |
|
Mark Townsley
|
|
Send notices to |
|
slblake@modularnet.com
|
Network Working Group T. Melsen
Request for Comments: 4562 S. Blake
Category: Informational Ericsson
June 2006
MAC-Forced Forwarding:
A Method for Subscriber Separation on an Ethernet Access Network
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document describes a mechanism to ensure layer-2 separation of
Local Area Network (LAN) stations accessing an IPv4 gateway over a
bridged Ethernet segment.
The mechanism - called "MAC-Forced Forwarding" - implements an
Address Resolution Protocol (ARP) proxy function that prohibits
Ethernet Media Access Control (MAC) address resolution between hosts
located within the same IPv4 subnet but at different customer
premises, and in effect directs all upstream traffic to an IPv4
gateway. The IPv4 gateway provides IP-layer connectivity between
these same hosts.
Melsen & Blake Informational [Page 1]
RFC 4562 MAC-Forced Forwarding June 2006
Table of Contents
1. Introduction ....................................................2
1.1. Access Network Requirements ................................3
1.2. Using Ethernet as an Access Network Technology .............4
2. Terminology .....................................................5
3. Solution Aspects ................................................6
3.1. Obtaining the IP and MAC Addresses of the Access Routers ...6
3.2. Responding to ARP Requests .................................7
3.3. Filtering Upstream Traffic .................................8
3.4. Restricted Access to Application Servers ...................8
4. Access Router Considerations ....................................8
5. Resiliency Considerations .......................................9
6. Multicast Considerations ........................................9
7. IPv6 Considerations ............................................10
8. Security Considerations ........................................10
9. Acknowledgements ...............................................11
10. References ....................................................11
10.1. Normative References .....................................11
10.2. Informative References ...................................12
1. Introduction
The main purpose of an access network is to provide connectivity
between customer hosts and service provider access routers (ARs),
typically offering reachability to the Internet and other IP networks
and/or IP-based applications.
An access network may be decomposed into a subscriber line part and
an aggregation network part. The subscriber line - often referred to
as "the first mile" - is characterized by an individual physical (or
logical, in the case of some wireless technologies) connection to
each customer premises. The aggregation network - "the second mile"
- performs aggregation and concentration of customer traffic.
The subscriber line and the aggregation network are interconnected by
an Access Node (AN). Thus, the AN constitutes the border between
individual subscriber lines and the common aggregation network. This
is illustrated in the following figure.
Melsen & Blake Informational [Page 2]
RFC 4562 MAC-Forced Forwarding June 2006
Access Aggregation Access Subscriber Customer
Routers Network Nodes Lines Premises
Networks
+----+ |
--+ AR +-----------| +----+
+----+ | | +----------------[]--------
|--------+ AN |
| | +----------------[]--------
| +----+
|
| +----+
| | +----------------[]--------
|--------+ AN |
| | +----------------[]--------
| +----+
|
| +----+
| | +----------------[]--------
|--------+ AN |
+----+ | | +----------------[]--------
--+ AR +-----------| +----+
+----+ |
1.1. Access Network Requirements
Show full document text