Got it

Direct Forwarding and Tunnel Forwarding [From Beginner to Expert - WLAN Fundamentals] - Section 9 Highlighted

Latest reply: Feb 2, 2021 04:34:29 6516 6 2 0 1

Hello, Community friends!

This post talks about Direct Forwarding and Tunnel Forwarding, as part of the WLAN Fundamentals section. Please check below for more information on the topic.

Background

In the AC + Fit AP networking mode, two types of network packets are transmitted: management packets (also called control packets) used by an AC to manage and control APs, and service packets, which are user data packets sent by STAs.

576dfe7328559.png

The dotted lines in the preceding figure specify packet forwarding paths. Management packets are transmitted only between an AC and an AP and must be forwarded through the Control And Provisioning of Wireless Access Points (CAPWAP) tunnel. Service packets are transmitted between a STA and the network to be accessed. Service packets can be forwarded in direct forwarding (local forwarding) or tunnel forwarding (centralized forwarding) mode. In tunnel forwarding mode, service packets are forwarded through the CAPWAP tunnel. In direct forwarding mode, service packets do not pass through the CAPWAP tunnel.

The following describes how management packets are forwarded, and then the forwarding processes of service packets in direct and tunnel forwarding modes.

Forwarding Process of Management Packets

The following figure shows the forwarding process of a management packet. A simple network is used as an example to simplify the description.

576dfea152e1e.png

In the figure, Payload is the actual information that the AC wants to send to the AP, that is, the content of a management packet. (The direct and tunnel forwarding modes are used to forward only service packets. Management packets are forwarded in only one forwarding mode.)

1. Encapsulation

Before sending a Payload, the AC needs to encapsulate the Payload in the CAPWAP tunnel by adding the CAPWAP field to the Payload. A packet with the CAPWAP field is considered to be a packet encapsulated in a CAPWAP tunnel.

The AC then adds the UDP/IP and 802.3 fields to the packet. The 802.3 field in a packet indicates that the packet will be transmitted over wired Ethernet networks.

Finally, the AC adds a management VLAN tag to the packet. The management VLAN tag refers to the outer VLAN tag added to an encapsulated CAPWAP packet. The management packet is forwarded between the AC and AP carrying the management VLAN tag.

2. Transmission

The network between the AC and AP needs to allow the packet carrying the management VLAN tag to pass through so that the management packet can be transmitted properly between the AC and AP.

l  If the AP and AC are connected through a Layer 3 network, the management VLAN tag changes during packet forwarding, and VLAN m' is different from VLAN m. (In this example, Layer 3 forwarding is performed on the switch. m indicates management.)

l  If the AP and AC are connected through a Layer 2 network, the management VLAN tag remains unchanged, and VLAN m' is the same as VLAN m.

3. Decapsulation

When the packet from an upstream device reaches the interface of the switch that connects to the AP, the outer management VLAN tag needs to be removed before the packet is sent to the AP. By default, the AP can only identify and forward management packets without management VLAN tags. The AP performs CAPWAP decapsulation and then identifies the Payload of the management packet.

In practice, the port VLAN ID (PVID) of an interface on the switch that directly connects to the AP must be set to a management VLAN ID. In this way, when packets are sent to the AP from this interface, the outer management VLAN tags of the packets can be removed.

If no PVID is configured on the interface or the AP receives packets carrying management VLAN tags, you need to set the management VLAN to VLAN m on the AP. In this way, after receiving a packet carrying a management VLAN tag, the AP can still identify and remove the management VLAN tag, and perform CAPWAP decapsulation to obtain the Payload.

For the process of an AP sending a management packet to an AC, simply reverse the preceding process. When the packet encapsulated in the CAPWAP tunnel reaches the interface of the switch that directly connects to the AP, the switch adds a management VLAN tag to the packet and then forwards it to the AC. When the packet reaches the AC, the AC removes the management VLAN tag, performs CAPWAP decapsulation, and obtains the packet content.

Direct Forwarding of Service Packets

The following figure shows the direct forwarding process of a service packet.

576dfeb871072.png 

In the figure, Payload is the actual information that the network device accessed by the STA wants to send to the STA. An AC can be deployed in inline mode or in bypass mode. The two ACs in the preceding figure do not exist on the same network. No matter where the AC is located, service packets are always forwarded from the Internet to the STA along the same path.

1. Encapsulation

The Payload sent to the STA is encapsulated before entering the Internet. The encapsulation does not refer to CAPWAP encapsulation. During the encapsulation, the 802.3 field and a service VLAN tag are added to the Payload. (The UDP/IP field is contained in the Payload but not shown in the preceding figure.) A service VLAN tag refers to the outer VLAN tag added to a service packet. In direct forwarding mode, service packets are not encapsulated in the CAPWAP tunnel.

2. Transmission

Indirect forwarding mode, the network between the Internet and AP must allow packets carrying service VLAN tags to pass through so that service packets can be transmitted properly between the Internet and STA.

l  In inline networking mode, the AC is directly connected to the switch, as shown in the preceding figure. When receiving a Payload from the upper-layer network, the switch only forwards the packet, and does not perform CAPWAP encapsulation. The AC deployed in inline mode receives the packet in the same format as that received by the switch. The AC then forwards the received packet to the lower-layer network device.

l  In bypass networking mode, the AC does not receive any service packets. In this case, service packets are directly forwarded to the STA through the switch and AP, but do not pass through the AC.

The service VLAN tag of a service packet may also change during forwarding.

l  If the AP connects to the Internet through a Layer 3 network, the service VLAN tag changes during packet forwarding, and VLAN s' is different from VLAN s. (In this example, Layer 3 forwarding is performed on the switch. s indicates service.)

l  If the AP connects to the Internet through a Layer 2 network, the service VLAN tag remains unchanged, and VLAN s' is the same as VLAN s.

Indirect forwarding mode, the network between the Internet and AP must allow packets carrying service VLAN tags to pass through.

3.  Removing the service VLAN tag

When the service packet from the upstream network device reaches the AP, the AP removes the outer service VLAN tag and changes the 802.3 field to the 802.11 field. A service packet with the 802.11 field is to be forwarded through wireless transmission. The AP then transmits the service packet to the STA.

4. Parsing the service packet

After receiving the service packet, the STA removes the outer 802.11 field. The STA then parses the Payload field and identifies the Payload content. Since the STA cannot identify packets with VLAN tags, the AP must remove the VLAN tag before sending the service packet to the STA.

For the process of an STA sending a service packet to the upper-layer network device, simply reverse the preceding process. The STA adds the 802.11 field to the packet and then sends the packet to the AP through wireless transmission. The AP converts the received packet into the 802.3 format, adds a service VLAN tag to the packet, and then forwards it through upper-layer network devices to the destination.

Tunnel Forwarding of Service Packets

The following figure shows the tunnel forwarding process of a service packet.

576dfedbe0793.png 

In the figure, Payload is the actual information that the network device to be accessed wants to send to the STA, which is the actual content of the service packet. The following uses AC inline networking as an example to describe how a network device sends a service packet to a STA.

1. Encapsulation

Similar to the direct forwarding mode, in tunnel forwarding mode, a Payload sent to the STA is encapsulated before entering the Internet. The encapsulation does not refer to CAPWAP encapsulation. During the encapsulation, the 802.3 field and a service VLAN tag are added to the Payload. (The UDP/IP field is contained in the Payload but not shown in the figure). After encapsulation, the service packet is forwarded directly to the AC. In tunnel forwarding mode, all service packets must be forwarded to the AC.

After receiving the service packet, the AC considers the service packet to be a new Payload, and adds the CAPWAP field, UDP/IP field, 802.3 field, and a management VLAN tag to the packet. The AC processes service packets and management packets similarly.

The service packet forwarded between the AC and AP always carries the service VLAN tag.

2. Transmission

In tunnel forwarding mode, network devices between the Internet and AC must allow packets carrying service VLAN tags to pass through, and network devices between the AC and AP must allow packets carrying management VLAN tags to pass through. In this way, service packets can be normally transmitted between the Internet and STA.

Service packets transmitted between an AC and an AP are encapsulated in the CAPWAP tunnel. A service VLAN tag can be considered as a part of a new Payload packet and cannot be perceived by network devices. Therefore, network devices on the network between the AC and AP only need to permit packets with management VLAN tags to pass through. As long as management VLAN tags can pass through the network, service VLAN tags contained in the management VLAN tags can also pass through the network. The management VLAN tag of a packet may also change during the packet forwarding process.

l  If the AP and AC are connected through a Layer 3 network, the management VLAN changes during the packet forwarding process. VLAN m' is different from VLAN m.

l  If the AP connects to the AC through a Layer 2 network, the management VLAN remains unchanged, and VLAN m' is the same as VLAN m.

3. Removing the service VLAN tag

When the packet from an upstream device reaches the interface of the switch that directly connects to the AP, the outer service VLAN tag needs to be removed before the packet is sent to the AP. If the service VLAN tag is not removed, a management VLAN needs to be configured on the AP. The following process is the same as the processing of the management VLAN tag. The difference lies in the packet processing process on the AP.

After receiving a service packet, the AP performs CAPWAP decapsulation, removes the service VLAN tag, and changes the 802.3 field to the 802.11 field. Since the service packet is sent to the STA, the service packet without a VLAN tag needs to be transmitted to the STA through wireless transmission so that the STA can receive the data that can be identified.

4. Parsing the service packet

The STA parses the service packet in the same way as that in direct forwarding mode. After receiving the service packet, the STA removes the outer 802.11 field and then parses the Payload field. Since the STA cannot identify packets with VLAN tags, the AP must remove the VLAN tag before sending the service packet to the STA.

For the process of an AP sending a service packet to the upper-layer network, simply reverse the preceding process.

Comparison Between Tunnel Forwarding and Direct Forwarding

In direct and tunnel forwarding modes, service packet are processed in different ways. The two forwarding modes have their advantages and disadvantages. In tunnel forwarding mode, all service data needs to be forwarded by an AC, facilitating service packet management and control on the AC. Service packets are encapsulated in the CAPWAP tunnel, improving service packet security. However, the AC must endure a heavy load because all service packets are forwarded to the AC. The direct forwarding mode has opposite advantages and disadvantages compared with the tunnel forwarding mode. The following table outlines the differences between the tunnel and direct forwarding mode:

Data Forwarding Mode

Advantage

Disadvantage

Tunnel forwarding

An AC centrally forwards data packets, ensuring security and facilitating centralized management and control. New devices are easy to deploy and configure, with small changes to the existing network.

Service data must be encapsulated and forwarded by an AC, reducing packet forwarding efficiency and burdening the AC.

Direct forwarding

Service data does not need to be forwarded by an AC, improving packet forwarding efficiency and reducing the burden on the AC.

Service data cannot be centrally managed or controlled. New device deployment causes large changes to the existing network.

 

You need to choose either tunnel or direct forwarding based on your requirements and actual network conditions.

The post is synchronized to: From Beginner to Expert-WLAN Fundamentals

  • x
  • convention:

debugger
Created Jun 25, 2016 06:15:22

OK, very useful
View more
  • x
  • convention:

wissal
MVE Created Apr 11, 2018 10:11:58

useful document, thanks
View more
  • x
  • convention:

I%20would%20like%20to%20share%20with%20you%20my%20experience%2C%20I%20am%20a%20telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20a%20telecom%20operator%20who%20is%20a%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20networks%20department%2C%20during%20my%20career%20I%20have%20managed%20various%20projects%20for%20various%20network%20nodes.%3Cbr%2F%3EAt%20the%20same%20time%2C%20temporarily%20I%20give%20courses%20in%20telecom%20engineering%20schools%2C%20to%20bring%20the%20operational%20side.
tesfama
Created Mar 20, 2020 16:16:31

very helpful
View more
  • x
  • convention:

Hi%20my%20name%20is%20Tesfamariam.%20I%20am%20an%20IP%20and%20wireless%20engineer%20at%20Huawei%20partner%20company.
VinceD
Created Jan 23, 2021 16:13:55

very informative.
View more
  • x
  • convention:

I%20love%20to%20learn%20new%20things%20everyday.
user_4000619
Created Jan 28, 2021 17:25:49

thanks
View more
  • x
  • convention:

Zebra
Created Feb 2, 2021 04:34:29

Thanks for sharing
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.