UNH-IOL_BFC_Knowledgebase_VLAN

Download Report

Transcript UNH-IOL_BFC_Knowledgebase_VLAN 

VLANs and GVRP
Curtis Simonson
Bridge Functions Consortium
InterOperability Lab
July, 2000
Presentation Overview



Standards Involved
Bridging Background
802.1Q/1D:
– the problem
– the solution
» GVRP
» Tagging Frames

Testing It
The ISO OSI Model
Standards Involved




IEEE Standard
The Bridge
Standards
(802.1)
Most widely
used with the
802.3 MAC
(who doesn’t
use Ethernet?)
Bridging is
MAC
independent
Quick Review - Shared Medium
 All
machines “share”
the network
 Only one machine can
talk at any one time
 Distance limitations
 Total throughput limit
 Collision likelihood
increased
Shared Medium (Repeated Network)
 All
machines “share”
the network
 Only one machine can
talk at any one time
 Distance limitations
Repeaters
5m
100m
– At most 205m.
 Total
throughput limit
 Collision likelihood
increased
End Stations
Bridging Review
 Connects
Separate
shared Networks
 Frame Translation/
Encapsulation (Token
Ring to Ethernet)
 Reduces Unicast
Traffic
 Switches: Allow for
multiple conversations
Bridging Background
Bridges work at
layer 2 of the OSI
Model
 Their primary
function is to
relay frames

Filtering Database Review
 One
database contains
MAC addresses,
which port they’re on,
and if they’re active
or disabled
 Duplicate MAC
addresses not allowed
(the second one would replace the
first)
Entry
1
2
3
4
5
6
7
8
9
10
11
12
MAC Addr
0800900A2580
002034987AB1
00000C987C00
00503222A001
Port
1
1
2
2
active
yes
yes
yes
yes
802.1Q - Standard for VLANs
 Defines
a method of
establishing VLANs
 Establishes the Tagged
Frame
 Provides a way to
maintain priority
information across
LANs
Reasons For Standardizing VLANs
 Old
implementations could only be defined in
one switch
 To connect a VLAN to another network, each
VLAN needed a router port
 The only multi-switch VLANs were proprietary:
–
–
–
–
Cisco: ISL
Bay: Lattisspan
3Com: VLT
Cabletron: SecureFast
Standards Based VLANs
 Includes
definition for a new GARP
application called GVRP (GARP VLAN
Registration Protocol)
– Propagate VLAN registration across the net
 Associate
incoming frames with a VLAN ID
 De-associate outgoing frames if necessary
 Transmit associated frames between VLAN
802.1Q compliant switches
What are VLANs - Virtual Local Area Networks?
 Divides
switch into two or
more “virtual” switches
with separate broadcast
domains
 Achieved by manual
configuration through the
switches’ management
interface
 Only that switch will be
segmented
Multiple VLANs in One Switch

Multiple VLANs can be defined on the same switch
Why VLANs?
 Lots
of broadcast traffic wastes bandwidth
– VLANs create separate broadcast domains
» Microsoft Networking
» Novell Networking
» NetBEUI
» IP RIP
» Multicast (sometimes acts like broadcast)
 VLANs
can span multiple switches and
therefore create separate broadcast domains
that span multiple switches
More Reasons...
 Link
Multiplexing
– slower speed
technologies share the
high-bandwidth uplink
– multiple IP subnets on
one physical link with
layer 3 switching (such
as to connect Morse,
Leavitt and Ocean if
we were switched
instead of routed)
And One More Reason...
 Security
– Traffic is only seen by who it is intended for
» example: Two separate VLANs, one for accounting
and one for sales. Sensitive accounting data
transmitted over the network will only be seen by
devices in the accounting VLAN.
Basic VLAN Concepts






Port-based VLANs
– Each port on a switch is in one and only one VLAN (except trunk
links)
Tagged Frames
– VLAN ID and Priority info is inserted (4 bytes)
Trunk Links
– Allow for multiple VLANs to cross one link
Access Links
– The edge of the network, where legacy devices attach
Hybrid Links
– Combo of Trunk and Access Links
VID
– VLAN Indentifier
Tagged Frames
4
Bytes inserted
after Destination
and Source
Address
 Tagged Protocol
Identifier (TPID)
= 2 Bytes (x8100)
– length/type field
 Tagged
Control
Information
(TCI) = 2 Bytes
– contains VID
Trunk Link

Attaches two VLAN switches - carries
Tagged frames ONLY.
Access Links
 Access
Links are Untagged for VLAN
unaware devices - the VLAN switch adds
Tags to received frames, and removes Tags
when transmitting frames.
Hybrid Links
 Hybrid
Links - ALL VLAN-unaware devices
are in the same VLAN
So Far So Good...
 So
one might ask: “how does the Filtering
Database handle VLANs?”
 Two answers:
– multiple (distinct) tables: one for each VLAN
– one table, with a VLAN column
 They
sound similar, but it turns out they are
VERY different
Multiple Tables
MFD (multiple
Filtering Databases) or
it might also be called
Independent Learning
 Each VLAN learns
MAC addresses
independently, so
duplicate MAC
addresses are OK as
long as they are in
different VLANs.
Each Table is
for One VLAN
 Called
Entry
MAC Addr
Port active
Entry
MAC Addr
Port active
1 0800900A2580
Entry
MAC Addr 1 Port yes
active
1 0800900A2580
1 Port yes
Entry
MAC
Addr
active
2 002034987AB1
1 0800900A2580 1 1 yes yes
2 002034987AB1
1 0800900A2580 1 1 yes yes
3 0500A1987C00
2 002034987AB1 2 1 yes yes
3 0500A1987C00
2 002034987AB1 2 1 yes yes
4 00503222A001
3 0500A1987C002 2 yes yes
4 00503222A001
0500A1987C002 2 yes yes
5 4 300503222A001
2
yes
5 4 00503222A001
2
yes
6 5
6
7 65
7
8 76
8
9 87
9
10 9 8
10
11 10 9
11
12 1110
12 11
12
12
One (Big) Table
 Called
SFD (Single
Filtering Database) or
Shared Learning
 No duplicate MAC
addresses
 Asymmetric VLAN
possible
Entry
1
2
3
4
5
6
7
8
9
10
11
12
MAC Addr
0800900A2580
002034987AB1
0500A1987C00
00503222A001
080034090478
049874987AB1
0555A1945600
00503222A023
Port
1
1
2
2
3
5
5
5
active VLAN
yes
2
yes
2
yes
2
yes
2
yes
1
yes
1
yes
3
yes
2
Independent Learning I
 Legacy
router
learns MAC
addresses from
both VLANs
 Requires 2 physical
links
Independent Learning II

VLAN-aware router only needs one physical link
Problems
 Can’t
combine SFD and MFD switches in
one network
 Some switches only do one or the other, and
can’t be changed
 Hybrids of SFD and MFD makes this tricky
Future Additions
 Layer
3 based VLANs
– IP traffic on a different VLAN than IPX
 Multiple
Spanning Trees (one per VLAN)
– allows for using the disabled links
 ATM
to IEEE VLAN mapping
– Emulated LANs
GARP (yeah, I know, “the world according to”… that’s a new one!)
 Generic Attribute
 Standard
Registration Protocol
Defines:
– method to declare attributes to other GARP
participants
– frame type to convey GARP messages:
Protocol Data Unit (PDU)
– rules and timers for registering/de-registering
attributes
GARP - how?
 A device
wants
to declare a
certain attribute
 It sends a
declaration
 The bridge
receives it and
propagates it
throughout the
network.
GARP - two devices
 A second
device wants to
declare a
certain
attribute
 Now a “path”
has been
formed.
GMRP
 GARP Multicast
Registration Protocol
 Defines a GARP Application (instance of
the generic framework)
 Allows devices to declare membership in a
multicast group
GMRP - multiple devices
 Devices
declare
membership in a
multicast group
 All multicast
frames for that
group propagate
only to the proper
devices.
GMRP - Pros & Cons
 Pros:
– provides multicasting
that isn’t broadcasting
– works “through”
legacy bridges
– allows asymmetric
pruning
 Cons:
– end stations must
support 802.1p
– no interface between
IGMP and GMRP (yet)
GVRP - GARP VLAN Registration Protocol
 Disadvantages
to Static VLANs
– Static VLANs are created via management
– Must be maintained by a network admin
– Static VLANs must be reconfigured for every
network topology change
GVRP Simplifies All This!
 GVRP creates
dynamic VLANs
– No manual configuration needed
– GVRP is maintained by the devices themselves
– Topology change? No problem, GVRP
recreates the dynamic VLAN automatically
What can GVRP do for you?
 Allows
the creation of VLANs with a specific
VID and a specific port, based on updates from
GVRP-enabled devices.
 Advertises manually configured VLANs to other
GVRP-enabled device. As a result of this the
GVRP-enable devices in the core of the network
need no manual configuration in order to interoperate.
GVRP Info
 GVRP is
a GARP application that registers
attributes for dynamic VLANs
 GVRP deals only with the management of
dynamic VLANs
 Everything that you have learned about
static VLAN packet format and
transmission applies
VLAN Data Frame Format Review
 GVRP handles
data in the same way as Static
VLANs do.
– Header, inserted after the destination and source
addresses, that contains Protocol Identifier and VID
How GVRP does all this:
 The
method of advertisement used by
GVRP-enabled devices consists of sending
Protocol Data Units (PDUs), similar to
Spanning Tree BPDUs, to a known
multicast MAC address (01 80 C2 00 00 21)
to which all GVRP-enabled devices listen to
for updates. GVRP advertisement follows
the definition of GARP.
What do these PDUs contain?
 A single
PDU may contain several different
messages telling the GVRP-enabled device
to perform a specific action.
– Join: register the port for the specified VLAN
– Leave: de-register the port for the specified
VLAN
» LeaveAll: de-register all VLAN registrations on
that port
– Empty: request to re-advertise dynamically
and statically configured VLANs
Windows screenshot —>
Vendors (current):
Cisco Systems, 3Com
and Hewlett Packard
Several others are
developing working
implementations also.
 Industry
Implementation Example
– 3Com manufactures Network Interface Cards that take
advantage of GVRP
– Accessed via the Control Panel (DynamicAccess )
– Extremely easy to configure
®
Example: GARP/GVRP
S
E
E
RED
S
S
E
E
GREEN