Bridging Protocols Overview - UNH-IoL

Download Report

Transcript Bridging Protocols Overview - UNH-IoL

Bridging Protocols Overview
Bridge Functions Consortium
Bridging Protocols

Filtering Database (802.1Q/802.1D)
Spanning Tree Protocol (802.1D clauses 8 & 9)
VLANs (802.1Q)
GARP/GVRP (802.1D clause 12/802.1Q clause 11)
GARP/GMRP (802.1D clause 10 & 12)

Link Aggregation




(802.3ad)
Bridging History


Back in the days before Ethernet was the
clear winning technology on the LAN,
Token Ring and FDDI were popular
This meant two different methods of
bridging
1)
Source Route Bridging
a.
2)
Used by Token Ring and FDDI
Transparent Bridging
a.
Used by Ethernet
Source Route Bridging

Source Route Bridging allows load balancing to
avoid congestion. This is done by routing packets
over two or more routes to a destination.
Source LAN
Switch 2
Switch 1
Switch 3
Destination
LAN
Server
Transparent Bridging




The transparent bridging method follows the plug and
play philosophy.
Each bridge contains one (or more) Filtering Databases
that learn and remember MAC addresses on its networks.
Forwarding decisions are then made with consultation of
the Filtering Database. If a destination MAC address has
been learned, the packet is then forwarded out of that
port.
These addresses then will be cleared from the Filtering
Database if they are not active for a specific amount of
time. This range is defined by Aging Time, which can be
set in the management.
Filtering Database


One database
contains MAC
addresses, which
port they’re on, and
if they’re active or
disabled
Duplicate MAC
addresses not
allowed (the second one
would replace the first)
Entry
1
2
3
4
5
6
7
8
9
10
11
12
MAC Addr
0800900A2580
002034987AB1
00000C987C00
00503222A001
Port
1
1
2
2
active
yes
yes
yes
yes
Learning of Addresses

The Filtering Database learns a station’s location
from the source address on an incoming frame
Frame with source address
00Frames
22 22 33
33the
44 destination
is
with
received
1. 33 33 44 are
addresson
00Port
22 22
Destination
addresson
notport
yet 1learned.
only forwarded
This source
addressout
is all ports.
Packet
is forwarded
“learned” by the filtering
database. All future frames
Frame with destination address
destined for this MAC address
00 22 22 33 33 44 is received
will be forwarded ONLY out of
on Port 4.
this Port.
Port 1
Switch
Port 4
Multicast Frames

Multicast Frames originate from one source and
have the possibility of going to more than one
destination. An example of this is the Spanning
Tree BPDU.
Switch 2
Switch 3
Switch 4
Shared LAN
Switch 1
The Permanent Database

Upon Bridge Initialization, a reserved block of Multicast
Addresses is transferred to the Filtering Database
Assignment
Bridge Group Address (Span. Tree)
IEEE Std. 802.3, Full Duplex Pause Operation
Slow Protocols Multicast Address
Reserved for future standardization
01
01
01
01
01

Value
80 C2 00 00
80 C2 00 00
80 C2 00 00
80 C2 00 00
To
80 C2 00 00
00
01
02
03
0F
Currently only 3 of these multicast addresses are
standardized. The rest are reserved for future use.
Frames containing these addresses in the source are never
learned or forwarded.
Basic/Extended Filtering Services




Bridges that support Basic Filtering Services
can dynamically learn all MAC addresses
except those from the Permanent Database
These addresses can also be statically
configured so that they do not age out
Switches filtering frames from the Permanent
Database are said to support Basic Filtering
Services
Extended Filtering Services are implemented
by devices that support advanced features
like GARP
Aging Time





Aging time is defined as a range of 10 to one million
seconds
One million seconds = 11 days 13 hrs 46 min and 40 sec
The default time is 300 seconds
The Filtering Database starts aging time when an address is
learned and resets it whenever another frame arrives on
that port
Why is aging time important?

When aging time expires, the address and port are discarded from
the Filtering Database.
Filtering Database Review



Every bridge has a table called a Filtering
Database
Entries in this table are updated upon receipt
of frames, the source addresses and the
ports they arrive on are learned
Once a MAC address is associated with a
port, frames containing that destination
address are only forwarded out of that port
Filtering Database Review

(cont.)
In real switches these tables vary in
size, most have the capability of holding
several thousand MAC addresses. I’ve
seen one that has the capacity to learn
more than 150,000 addresses
(3Com9100).
Spanning Tree Protocol (STP)

“An algorithm,…, used to prevent logic loops in
a bridged network by creating a spanning tree…
When multiple paths exist,…, STA lets a bridge
use only the most efficient one. If that path
fails, STA automatically reconfigures the network
to make another path become active, sustaining
network operations…”
Definition of Spanning Tree Algorithm from Newton’s Telecom Dictionary.
The Spanning Tree Poem
I think that I shall never see
A graph more lovely than a tree.
A tree whose crucial property
Is loop-free connectivity.
A tree that must be sure to span
So packets can reach every LAN.
First, the root must be selected.
By ID, it is elected.
Least-cost paths from root are traced.
In the tree, these paths are placed.
A mesh is made by folks like me,
Then bridges find a spanning tree.
-Radia Perlman
What is a Spanning Tree?


Only one active path
exists between any
two devices.
Resembles a family
tree. (problems arise in both
when loops occur)
Why Spanning Tree?

The purpose of Spanning Tree is to
have bridges dynamically discover a
subset of the topology that is loop-free
and yet has just enough connectivity so
that there is a path between every pair
of nodes in the LAN.
How does Spanning Tree work?



The basic idea behind the Spanning
Tree Protocol is that bridges transmit
special messages to each other that
allow them to calculate a spanning tree
Configuration Bridge Protocol Data Units
(BPDUs)
Sometimes referred to a Config. BPDUs
STP Example
Root
C
A
B
D
E
F
Port States

Bridge ports operate the Spanning Tree
Algorithm using the following states:





Blocking – incoming frames are discarded
Listening – incoming frames are discarded, but the
port is in the process of transitioning to Learning
Learning – incoming frames are discarded, but
their source addresses and ports are placed in the
Filtering Database
Forwarding – incoming frames are forwarded,
source addresses are learned
Disabled – the port is disabled by management
Configuration BPDUs

The Configuration BPDU contains enough info so
that bridges can do the following:
1)
2)
3)
4)
5)
Elect a single bridge to be Root Bridge
Calculate the distance of the shortest path from
themselves to the Root Bridge
Elect a Designated Bridge for each LAN segment,
which is the bridge in the LAN segment closest to the
Root Bridge, to forward packets from that LAN
segment toward the Root Bridge.
Choose the port, called the root port, that gives the
best path from themselves to the Root Bridge.
Select ports to be included in the spanning tree.
These include only root ports and designated ports.
Inside Config BPDUs




Destination MAC Address: 01 80 C2 00 00 00
 Special Multicast address for Spanning
Tree
Root ID
 ID of the bridge assumed to be root
Bridge ID
 ID of the bridge transmitting BPDU
Cost
 Cost of least-cost path to the root from
the transmitting bridge (at least the best
path of which the transmitting bridge is
currently aware of)
Inside Config BPDUs



Protocol ID = 0x0000
Protocol Version ID and BPDU
Type = 0x00
If transmitting bridge is Root,
Message Age = Zero, otherwise
it is set to the value of the Root
Port’s Message Age timer plus
an increment of one*
Path Cost

Path costs are designed to be
associated with the speed of the link
Link Speed
Recommended
value
Recommended
range
Range
4 Mb/s
250
100–1000
1–65 535
10 Mb/s
100
50–600
1–65 535
16 Mb/s
62
40–400
1–65 535
100 Mb/s
19
10–60
1–65 535
1 Gb/s
4
3–10
1–65 535
10 Gb/s
2
1–5
1–65 535
Bridge Initialization





Root ID set to Bridge ID
Root Path Cost set to zero
All ports on bridge become designated
ports
Configuration BPDU transmitted on each
designated port
Hello Timer is started
How this all works together

A bridge continuously receives
Configuration BPDUs on each of its ports
and saves the “best” configuration
message from each port. The bridge
determines the best configuration
message by comparing not only the
Configuration BPDUs received on a
particular port, but also the configuration
message that the bridge would transmit on
that port.
How is “best” determined?

Given two Configuration BPDUs—C1 and C2—
C1 is the “best” if:




the root ID in C1 is numerically lower then the root
ID in C2
If the root IDs are equal, then if the cost in C1 is
numerically lower than the cost in C2
If the root IDs and cost are equal, then if the Bridge
ID in C1 is numerically lower than the Bridge ID in
C2
The final tiebreaker is the port ID. Each port on
a switch has a port ID. Useful if two ports from
the same switch are on one LAN segment.
Transmitting BPDUs




If Hold Timer is active the Configuration
BPDU will be transmitted upon
expiration.
Ensures no more than one
Configuration BPDU is transmitted per
Hold Time period
Transmit only if Message Age < Max
Age
After transmission Hold Timer is reset
BPDU Processing



Received Configuration BPDU is checked
against stored BPDU
If the received BPDU is better or the
same but with a smaller age, then
stored BPDU is overwritten
Bridge then recalculates root, root path
cost, and root port
Message Age



Each Configuration BPDU contains a
message age field
Incremented after every unit of time
If message age = max age then the
BDPU is discarded
“Root” or “Path to Root” Fails



Bridge will no longer receive fresh BPDUs
Gradually increases message age on
currently stored Configuration BPDU
When max age occurs bridge will recalculate
root, root path cost, and root port
Hello Time/Root BPDU Propagation



The Root Bridge periodically transmits
Configuration BPDUs every hello time
When the Root Bridge generates a
Configuration BPDU the message age field is
set to 0
Upon receipt, Bridge will transmit
Configuration BPDU on each port for which it
is the Designated Bridge, and increment the
message age by at least one*
Designated Bridge
Topology Change?
Stopping Loops during Topology Change




Use two substates: Listening and Learning
Data received while in these states is not
forwarded
Received Configuration BPDUs are stored
Root, root path cost, and root port are
calculated
Topology Change Procedure
1)
2)
Bridge notices that the Spanning Tree
algorithm has caused it to transition a port
into or out of the blocking state
Bridge periodically transmits a Topology
Change Notification BPDU with same period
as hello time. It continues this until the
Root bridge acknowledges by setting the
topology change bit in its Configuration
BPDUs.
Topology Change Procedure
3)
(cont.)
A bridge that receives a Topology Change
Notification BPDU on a port for which it is the
Designated Bridge does two things:
1)
2)
Performs step 2 from previous slide (notifies the
root bridge of topology change)
Sets the topology change acknowledgement flag
in the next Configuration BPDU it transmits on the
LAN from which the Topology Change Notification
BPDU was received
Topology Change Procedure
4)
(cont.)
Root Bridge sets the topology change
flag in its Configuration BPDUs for a
period equal to the sum of forward
delay and max age, if the Root Bridge
a.
b.
Notices a topology change because one
of its ports has changed state, or
Receives a topology change notification
message
Topology Change Procedure
5)
(cont.)
A bridge that is receiving
Configuration BPDUs with the topology
change flag set (or the Root Bridge
that is setting the topology change
flag in its Configuration BPDUs) uses
the forward delay timer until it starts
receiving Configuration BPDUs without
the topology change flag set
Networkwide Parameters

For correct operation some parameters need
to be uniform throughout the Spanning
Tree. The Root Bridge includes the following
values in its Configuration BPDUs:
1)
2)
3)
Max age: time after which Configuration BPDUs
are discarded
Hello time: interval, used by the Root Bridge,
between issuing Configuration BPDUs
Forward Delay: amount of time in learning and
listening states (half the time of transition from
blocking to forwarding)
Management Parameters


Bridge priority: a 2-octet value that
allows the network admin. to influence
the choice of the Root Bridge and the
Designated Bridge
Port Priority: a 1-octet value that allows
the network admin. to influence the
choice of port when a bridge has two
ports connected to the same LAN
segment
Why eliminate Loops?

Loops cause traffic to build up in a
network until the network no longer
function due to full bandwidth usage
LAN Connection
A
Incoming broadcast
frame
B
Performance Issues

Two properties make bridge
performance crucial:
1)
2)
Lack of receipt of BPDUs causes bridges
to add connectivity. If a bridge does not
receive any Configuration BPDUs on some
port it will take over as the Designated
Bridge on that port.
Extra connectivity will cause loops
What affects Bridge Performance?



Network Congestion
Bridge will discard packets before looking
at them if CPU can’t keep up
Bridge must be able to transmit BPDUs
no matter how congested the network is

This involves being able to move BPDUs to
the front of the queue
VLANs (Virtual Local Area Network)

“A means by which LAN users on different
physical LAN segments are afforded priority
access privileges across the LAN backbone in
order that they appear to be on the same
physical segment on an enterprise-level logical
LAN. VLAN solutions, which are priority in
nature, are implemented in LAN switches, and
VLAN membership is defined by the LAN
administrator on the basis of either port address
or MAC address.”
Definition of VLAN from Newton’s Telecom Dictionary.
How VLANs work:
1)
2)
LAN Bridge receives tagged data from workstation
Bridge reads current tag, and forwards data with a VLAN
ID (tag) corresponding to the VLAN the data came from
(explicit tagging)

OR
1)
LAN Bridge receives untagged data from workstation
2)
Bridge determines the VLAN membership of data by
noting the port on which it arrives (implicit tagging)
Basic VLAN Concepts

Port-based VLANs


Tagged Frames


Allow for multiple VLANs to cross one link
Access Links


VLAN ID and Priority info is inserted (4 bytes)
Trunk Links


Each port on a switch is in one and only one VLAN
(except trunk links)
The edge of the network, where legacy devices attach
Hybrid Links

Combo of Trunk and Access Links
Basic VLAN Concepts

Priority-tagged frame


tag header carries priority info., but no
VLAN ID
VLAN-tagged frame


(cont.)
tag header carries both VLAN ID and
priority info.
Port VLAN ID (PVID)

provides the VID for untagged and prioritytagged frames received on that Port
Trunk Link


Attaches two VLAN-aware switches
Carries Tagged frames ONLY.
Access Links


Access Links are Untagged for VLAN unaware
devices
The VLAN switch adds Tags to received
frames, and removes Tags when transmitting
frames.
VLAN ID (Tag)


4 Bytes inserted after
Destination and Source
Address
Length/Type Field

VLANs = 0x8100

Priority Bit


Range: 0-7
VLAN ID

Range: 0-4094
Tagging Conversions
Port VLAN ID



Each port has a VLAN ID configured on it
Indicates which VLAN untagged data
should be associated with
Does not constrain the port to a specific
VLAN, nor does it mean that only
untagged data can be processed
Sample VLANs
Traffic Segregation
Workgroups: Physically Defined

A mobile user from
workgroup C, in
building 2, needs to
do work in building 1.
By physically changing
buildings he must
change the workgroup
section of the LAN
which he/she is in.
VLANs: Logically Defined

With VLANs he/she
can physically
change buildings,
but remain in the
same workgroup.
Broadcast Domains (Layer 2)


broadcast domain: a network (or portion of a
network) that will receive a broadcast packet
from any node located within that network
broadcast packet: an Ethernet packet sent to
the broadcast address (FF:FF:FF:FF:FF:FF)
which designates the packet as destined for
all nodes in the broadcast domain
Constricting Broadcast Domains

What defines the edge of a layer 2
broadcast domain?



Router: does not forward layer 2 broadcast
frames
Filtering Database: by configuring the
broadcast address to be not forwarded
VLANs: broadcast packets are tagged so
they do not leave the configured topology
of the VLAN
Security


Data is contained in the VLAN’s topology
By allotting sensitive data its own VLAN,
only those nodes in the VLAN will see it.
GARP/GVRP

Generic Attribute Registration Protocol

GARP VLAN Registration Protocol
How does GARP work?




Devices declare their desire for a given
attribute by making a declaration
Done by issuing a Join event
Declarations can be withdrawn by issuing
a Leave event
Devices enter a registration for an
attribute on a given port when they hear a
declaration for the attribute on that port
GARP



General-purpose protocol that supports
a specific class of applications within
bridges
Defines a subset of the spanning tree
that contains devices interested in a
given network commodity
Referred to as an attribute
GVRP 
GARP VLAN Registration Protocol
Disadvantages to Static VLANs



Static VLANs are created via management
Must be maintained by a network admin
Static VLANs must be reconfigured for
every network topology change
GVRP Simplifies All This!

GVRP creates dynamic VLANs



No manual configuration needed
GVRP is maintained by the devices
themselves
Topology change? No problem, GVRP
recreates the dynamic VLAN automatically
What can GVRP do for you?


Allows the creation of VLANs with a specific
VID and a specific port, based on updates
from GVRP-enabled devices.
Advertises manually configured VLANs to
other GVRP-enabled device. As a result of
this the GVRP-enable devices in the core of
the network need no manual configuration in
order to inter-operate.
GVRP Info



GVRP is a GARP application that
registers attributes for dynamic VLANs
GVRP deals only with the management
of dynamic VLANs
Everything that you have learned about
static VLAN packet format and
transmission applies
How GVRP does all this:

The method of advertisement used by
GVRP-enabled devices consists of
sending Protocol Data Units (PDUs),
similar to Spanning Tree BPDUs, to a
known multicast MAC address (01 80 C2
00 00 21) to which all GVRP-enabled
devices listen to for updates. GVRP
advertisement follows the definition of
GARP.
What do these PDUs contain?

A single PDU may contain several different
messages telling the GVRP-enabled device to
perform a specific action.


Join: register the port for the specified VLAN
Leave: de-register the port for the specified VLAN


LeaveAll: de-register all VLAN registrations on that port
Empty: request to re-advertise dynamically and
statically configured VLANs
Windows screenshot —>
Vendors (current):
Cisco Systems, 3Com
and Hewlett Packard
Several others are
developing working
implementations also.

Industry Implementation Example

3Com manufactures Network Interface Cards that take
advantage of GVRP
Accessed via the Control Panel (DynamicAccess )
Extremely easy to configure
®


Example: GARP/GVRP
S
E
E
RED
S
S
E
E
GOLD
THE END
Any Questions?