Customers at different sites connected across a service-provider network
need to run various Layer 2 protocols to scale their topology to include all
remote sites, as well as the local sites. The Spanning Tree Protocol (STP) must
run properly, and every VLAN should build a proper spanning tree that includes
the local site and all remote sites across the service-provider infrastructure.
The Cisco Discovery Protocol (CDP) must be able to discover neighboring Cisco
devices from local and remote sites, and the VLAN Trunking Protocol (VTP) must
provide consistent VLAN configuration throughout all sites in the customer
When protocol tunneling is enabled, edge switches on the inbound side of
the service-provider infrastructure encapsulate Layer 2 protocol packets with a
special MAC address and send them across the service-provider network. Core
switches in the network do not process these packets, but forward them as
normal packets. Bridge protocol data units (BPDUs) for CDP, STP, or VTP cross
the service-provider infrastructure and are delivered to customer switches on
the outbound side of the service-provider network. Identical packets are
received by all customer ports on the same VLANs.
If protocol tunneling is not enabled on 802.1Q tunneling ports, remote
switches at the receiving end of the service-provider network do not receive
the BPDUs and cannot properly run STP, CDP, 802.1X, and VTP. When protocol
tunneling is enabled, Layer 2 protocols within each customer’s network are
totally separate from those running within the service-provider network.
Customer switches on different sites that send traffic through the
service-provider network with 802.1Q tunneling achieve complete knowledge of
the customer’s VLAN.
Layer 2 protocol tunneling works by tunneling BPDUs in the software.
A large number of BPDUs that come into the supervisor will cause the CPU load
to go up. You might need to make use of hardware rate limiters to reduce the
load on the supervisorCPU. See the “Configuring the Rate Limit for Layer 2
Protocol Tunnel Ports” section on page 9-14.
For example, in the following figure, Customer X has four switches in
the same VLAN that are connected through the service-provider network. If the
network does not tunnel BPDUs, switches on the far ends of the network cannot
properly run the STP, CDP, 802.1X, and VTP protocols.
Figure 4. Layer 2 Protocol Tunneling
In the preceding example, STP for a VLAN on a switch in Customer X, Site
1 will build a spanning tree on the switches at that site without considering
convergence parameters based on Customer X’s switch in Site 2.
The following figure shows the resulting topology on the customer’s
network when BPDU tunneling is not enabled.
Figure 5. Virtual Network Topology Without BPDU Tunneling