assignment
TRANSCRIPT
ASIA PACIFIC UNIVERSITY COLLEGE OF TECHNOLOGY AND INNOVATION
UCTI LEVEL 2
INDIVIDUAL ASSIGNMENT
LAN Switching & WAN Networks (LSWN) CT032-3-2-LSWN
JACKIE WONG CHING CHUNGTP023665
UC2F1007IT (NC)
Lecturer: Salmiah AminHand In Date: 29th April 2011
0
Table of Contents
Question 1............................................................................................................................4
Layer 2 Switching............................................................................................................4
Layer 3 Switching............................................................................................................6
Layer 2 switches (Store-and-Forward and Cut Through)................................................8
Layer 3 switches (Pure Routers)....................................................................................10
Spanning Tree Algorithm...............................................................................................11
Medium-sized Switched LAN Design...........................................................................16
Question 2..........................................................................................................................19
Virtual Local Area Network..........................................................................................19
VLAN Membership for MAC Layer end users.............................................................21
VLAN Mechanism.........................................................................................................23
802.1Q Standard.............................................................................................................24
Referencing........................................................................................................................28
1
Asia Pacific University College of Technology & Innovation
LAN Switching & WAN Networks (LSWN) -CT032-3-2
Individual Assignment
Intake : UC2F1007 IT {NC}
Lecturer : Salmiah Amin
Email ID : [email protected]
Date Due : 29th April 2011 (Week 13)
Question 1
a) Compare and contrast between the functionality, pros and cons of Layer 2 (bridging) and Layer 3 (pure routing) LAN switches.
[10 marks]
b) Illustrate using diagrams to describe the functionalities of common Layer 2 switches (Store-and-Forward and Cut Through) and Layer 3 switches (Pure Routers).
[15 marks]
c) Describe the functionality of Spanning Tree algorithm and explain the benefits of implementing such algorithm.
[9 marks]
d) Designing a medium-sized switched LAN:This case study is to design a switched LAN that spans two buildings. Each building will contain about 500 end users and a series of servers and other common resources. i) Building 1 – Core and Centralized Resources Areas design
Building 1 contains 500 end users, of which 300 are to be attached to MicroLAN and 200 are to receive dedicated switch ports. Within the building are five Novell servers and ten UNIX servers providing NFS services. This building also contains the Internet router/network address translator for this organization. The core area of this building will consist of one backbone switch providing 30 fast Ethernet interfaces. This switch should have a multi-gigabit internal forwarding rate based on the large number of 100-megabit interfaces required. Attached to this backbone switch will be the 15 servers and the router. Each server will be given a 100-megabit interface to the backbone switch and as such should be capable of delivering and receiving that much data. This may require that the servers be upgraded in some cases.
2
ii) Building 2 – Core and Centralized Resources Areas designBuilding 2 houses 500 end users and 20 server-type devices, including one mainframe. The users are all to be given dedicated switch ports. To build the core of this building, a single large backbone switch will be deployed. This switch will have about 40 fast Ethernet interfaces. The internal capacity of this switch should be in the multi-gigabit per second range to support so many interfaces. Each of the server resources will be given a dedicated 100-megabit Ethernet switch port. It may be necessary to provide one FDDI interface to the supercomputer, since that is its preferred technology.
iii) Building 1 to Building 2 connection To connect the two buildings, a trunk group of four to six full-duplex fast Ethernet interfaces will be used. Other options could include the use of a gigabit Ethernet link between chassis, if it is available, or the use of trunked FDDI connections if long distance is needed. The trunk group should be deployed with only a few links initially, since both buildings contain servers. Once the system is operational, the traffic levels and patterns through the trunked inter-building links should be closely monitored. If the links are saturated, adding more links should alleviate the issues.
Draw the network diagram to implement the above design specification and requirements. [21 marks]
Question 2
a) Describe with proper justification the reasons for implementing VLANs.[10 marks]
b) Describe four (4) methods how MAC layer end-users are associated with a particular VLAN or VLANs.
[8 marks]
c) Describe the advantages and disadvantages of VLAN tagging. [8 marks]
d) Describe the minimum functionality, features, and capabilities of 802.1Q standard for VLANs.
[9 marks]
3
Question 1
Layer 2 SwitchingLayer 2 switch uses the Media Access Control address (MAC address). It uses MAC address of the network interface cards (NICs) of the host to decide where to forward and drop frames in a Local Area Network.
There are three functions performed by Layer 2 switching:
i) Address learning Layer 2 switches use a MAC forward/filter table to create and maintain information of devices located in a network. The forward/filter table contains information of network address of devices for sending frames to its destination. (TopBits, n.d.)When a device wants to send frames to another device, it will retrieve network address from forward/filter table of the switch and forward the frames to the destination. A point-to-point connection will be established between two devices to share information.
ii) Forward and filter decisionsIn this forword and filter decisions method, the switch will examine the the destination hardware address of the frame whenever a frame is received on a switch interfac. Then, the swtich will compares this address to the information contained within the MAC forward/filter table. (TopBits, n.d.)
When destination hardware address is found in the MAC forward/filter table, the frame will be forwarded to the correct destination interface. Bandwidth will be allocated for network segments after the frame is forwarded to the correct destination interface. This concept is known as frame filtering. (TopBits, n.d.)
If the destination hardware address s not found in the MAC forward/filter table, the frame is flooded out all active destination interfaces. The frame will be received by any interface, but no frame will be received if no respond is send to the switch. When a device responds by returning a frame, the switch adds the MAC address of the devices to the MAC forward/filter table. This proces will enables switch establish a point-to- point connection between the two devices. If a server transmits a broadcast on the LAN, the switch, by default, floods the frame out all its ports. Then only the devices will give respond will receive the frames. (TopBits, n.d.)
4
iii) Ensuring loop avoidanceIn a network connection, network loops can typically occur when there are numerous connections between switches. Multiple connections between switches are usually created to allow redundancy. To prevent network loops from occurring, and to still maintain redundant links between switches, the Spanning-Tree Protocol (STP) can be used. (TopBits, n.d.)
Advantages of Layer 2 switching :
Low cost Hardware-based bridging High speed Wire speed Low latency Increases bandwidth for each user
Disadvantages of Layer 2 swithcing:
Broadcast and multicast problem Slow convergence time of the Spanning-Tree Protocol (SPT) Conflict of network domain
5
Layer 3 Switching
A Layer 3 switch is a high-performance device for network routing. A Layer 3 switch can support the same routing protocols as network routers do. Both inspect incoming packets and make dynamic routing decisions based on the source and destination addresses inside. (Mitchell, 2011)
There are a few functions performed by Layer 3 switching:
i) Packet Switching
Layer 3 implements a transport method of carrying these packets is called packet switching. The IP packet within the frame contains a source network layer IP address and a destination network layer IP address. The router maintains a routing table of network paths it has learned, and the router examines the network layer destination IP address of the packet. When the router has determined the destination network from the destination IP address, the router examines the routing table and determines whether a path exists to that network. (Castelli, 2004)
ii) Route Processing
Layer 3 switches perform table lookups determining the next hop along the route, which in turn determines the output port over which to forward the packet or frame. The router or Layer 3 switch makes this decision based on the network portion of the destination address in the received packet. (Castelli, 2004)
During the routing processing, when the destination network is unreachable, that means there is no path to the destination network and no default network. In this case, the packet is discarded. (Castelli, 2004)
If the packet is able to be sent to its destination network, the route lookup will determine the network hop to deliver the packet. During this process, the first hop to transmit the packet will be lookup and then the next hop will be determined to find the nearest path until the final destination is reached. (Castelli, 2004)
When the destination network is able to be directly attached to the router, the port can directly attached to the network and reachable. For directly attached networks, the next step maps the host portion of the destination network address to the data link MAC address for the next hop or end node using the Address Resolution Protocol table (for IP). It does not map the destination network address to the router interface. It needs to use the MAC of the final end node so that the node picks up the frame from the medium. Also, you are assuming IP when stating that the router uses the ARP table. Other Layer 3 protocols, such as Internetwork Packet Exchange (IPX), do not use ARP to map their addresses to MAC addresses. (Castelli, 2004)
6
Address Resolution Protocol (ARP) is a network layer protocol used in IP to convert IP addresses into MAC addresses. A network device looking to learn a MAC address broadcasts an ARP request onto the network. The host on the network that has the IP address in the request replies with its hardware MAC address. This is called ARP mapping, the mapping of a Layer 3 network address to a Layer 2 data link address.
Routing table lookup in an IP router is more complex than a MAC address lookup for a bridge, because at the data link layer addresses are 48-bits in length with fixed-length fields. Additionally, data-link address space is flat, meaning there is no hierarchy or dividing of addresses into smaller and distinct segments. MAC address lookup in a bridge entails searching for an exact match on a fixed-length field, whereas address lookup in a router looks for variable-length fields identifying the destination network. (Castelli, 2004)
IP addresses are 32 bits in length and consists of two fields which is the network identifier and the host identifier.
Both the network and host portions of the IP address can be of a variable or fixed length, depending on the hierarchical network address scheme used. Discussion of this hierarchical, or subnetting, scheme is beyond the scope of this book, but suffice to say you are concerned with the fact that each IP address has a network and host identifier.
The routing table lookup in an IP router determines the next hop by examining the network portion of the IP address. After it determines the best match for the next hop, the router looks up the interface port to forward the packets across.
(Castelli, 2004)
7
Layer 2 switches (Store-and-Forward and Cut Through)
LAN switches come in two basic architectures, store-and-forward and cut-through. A store-and-forward switch accepts and analyzes the entire packet before forwarding it to its destination. It takes more time to examine the entire packet, but it allows the switch to catch certain packet errors and collisions and keep them from propagating bad packets through the network. Cut-through switches only examine the destination address before forwarding it on to its destination segment. Cut-through switches do not perform any error checking of the frame because the switch looks only for the packet's destination MAC address and forwards the packet to the switch port.
Store –and -Forward
.
Figure 1: Diagram of Store-and-Forward
The store-and forward method store the entire packet into internal memory, and then
performs a Cycle Redundancy Check (CRC) to to check the packet for errors before
forwarding the packet to its destination. However, this level of error-checking introduces
the highest latency of any of the switching methods. Bad data packets are discarded if
got any errors are found in the packet. After the error cheking, if the packet is error-free,
the packet will be dropped into the buffer. Source Address Table (SAT) is a table which
store lists of Media Address Control (MAC) address of network devices. Every packet
must go through the SAT Lookup Filter/Forward process to determine the destination
where the packet should be fowarded. Without any interruption, the transmission of the
frame will be operated until the packet is sent to its network destination.
8
Figure 2 : Diagram of Cut-Through forwarding logic
Cut-through is another method of forwarding logic which used in switch. The purpose of
using cut-through is to reduce latency of packet transmission. The Cut through switching
operates by eliminating the complete buffering of the packets as they are switched. This
method will only store the header of the frame in order to determine the destination.
Using this forwarding logic, the packet will be redirect to the correct port destination.
With cu-through switches, the whole packet is not buffered entirely before forwarding
process begins. This result in a much lower latency for a single packet forwarding
operation than a store-and-forward operation. This lack of buffering of packet also
eliminates the error isolation capabilities of switches.
In Figure 2, the cut-through switch would have switch the packet the other segment
before even it could examine the Cyclic Redundancy Check (CRC) to determine if the
packet contained errors. This fundamental flaw of cut-through switches will cause the
switch attempated to correct it with a modified cut-through algorithm. This algorithm
calculates the CRC for all packets which undergo cut-through mode. If the calculation
has show that thereis many bad packets has forwarded to other segments, it reverts to
store-and-forward operation until the error packet rate drops below some other defined
threshold. In reality, it maybe a good solution but it is still allows a reasonable number of
9
error packets forwarded to other segment before the store-and-forward mode become
operational. (J.Roese, 1998)
Layer 3 switches (Pure Routers)
Layer 3 switch is also known as pure router. The fundamental of router operation are
complex and having lower performance than LAN switching. Figure 3 illustrate the
process of moving data through a router.
Figure 3 : Router Forwarding Logic Abstraction
The process of forwarding a packet from a port on a router to another is much more
complex than the process of LAN switch. The reason of its complexity is because the
forwarding operations of routers are done in terms of layer three protocols such as IP,
IPX, AppleTalk, ICMP, ARP, RIP, OSPF and others.
Based on Figure 3, when packets is received by a router, all MAC layer fields will be
removed. This MAC layer filelds do not serve any process in router forwarding logic.
Then, thee router will identify protocol that contains in the packet. Every layer three
protocol has its own unique frame format and forwarding rules.
When the protocol is identified, the switch will perform a routing table calculation and
determine the destination of the packet will be forwarded. Many high end routers will
cache the route table lookup to improve performance for this step. After the destination is
determined, the router will apply access lists or policy or accounting servies to the packet.
If the internal operations are completed, the router will build a new MAC layer packet
and deliver it to the next hop in the path. Since the router is connectionless, this process
10
will be repeated for every packet until all the packets is sent to its destination. (J.Roese,
1998)
Spanning Tree Algorithm
Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. (Tripod.com, 2005) Spanning tree algorithms were developed to prevent redundant transmission of data along intermediate hops between a source and destination host on a mesh network topology. Without spanning trees, a mesh network can be flooded and rendered unusable by messages circulating in an infinite loop between hosts. (Mitchell, 2011)
The primary Spanning Tree Protocol (STP) is IEEE standard 802.1D, an algorithm commonly used on Ethernet networks. This algorithm works by limiting the paths messages can travel at any given time to a fully connected tree rather than a mesh. As hosts join and leave the network, this protocol dynamically updates the tree accordingly. (Mitchell, 2011)
The three basic steps in the execution of the STP algorithm are as follows:
1. Identify Root Bridge A root bridge is a switch that has all ports actively forwarding information. A root bridge is typically chosen automatically, based on bridge priority. The root bridge serves as the center of the network and should be placed near the focal point of all network traffic (i.e., near the servers). (Adtran, 2004)
2. Identify Root PortEvery bridge which is not the root bridge must determine which of its ports is closest to the root bridge. This port is designated as the root port. (Adtran, 2004)
3. Identify Designated PortsEvery LAN segment must designate a port from among all the ports on all the bridges connected to that segment. Traffic from that segment will head towards the root bridge through the designated port. (Adtran, 2004)
All switches in an extended LAN participating in Spanning-Tree Protocol gather information on other switches in the network through an exchange of data messages. These messages are bridge protocol data units (BPDUs). (Cisco, 1997)
11
BPDU frames contain information regarding the originating switch port, Media Access Control (MAC) address, switch port priority, and the switch port cost. The cost of a switch port is based on the number of network segments the frame crosses before reaching its destination. (eTutorials.org, 2008)
BPDU messages are also exchanged across bridges and switches to detect loops in the network topology. Any loops found are removed by shutting down the selected bridge and switch interfaces and placing the redundant switch ports in a backup, or blocked, state. (eTutorials.org, 2008)
Figure 4: Port stateSource from (Cisco, 1997)
Because of network delay caused by large LAN segments, topology changes can take place at different times and at different places in the switched network. When a switch port transitions directly from nonparticipation to an active, or forwarding, state, temporary data loops can be created. Ports must wait for new topology information to spread throughout the LAN before frames can be forwarded. Switches must also allow the frame lifetime to expire for frames that have been forwarded using the old topology. (eTutorials.org, 2008)
Each port on a switch using STP is in one of the following five states:
i) Blocking state (eTutorials.org, 2008)A port is placed in blocking mode upon startup and when STP determines it is a suboptimal path to the root bridge. Blocked ports do not forward traffic. Discards frames received from the attached network segment. Discards frames switched from another port for forwarding. Does not incorporate a host location into its address database; because there is no
learning at this point, there is no address database to update. Receives BPDUs from the network segment and directs them to the switch system
module for processing.
12
Unlike ports in the listening, learning, and forwarding state, a port in the blocking state does not process BPDUs received from the switch system module.
Receives and responds to network management messages, such as a network administrator disabling the port.
After 20 seconds, the switch port moves from the blocking state to the listening state.ii) Listening state (eTutorials.org, 2008)
The listening state is the first transitional state for a port after the blocking state. The listening state is where the STP determines that the port should participate in frame forwarding. The switch does not perform any learning or forwarding functions while in the listening state, and it therefore does not incorporate station locations into its address database as it would if the switch were in a blocking state, because there is no address table to update (while in a blocking state). In the listening state, a switch performs the following functions: Discards frames received from the attached network segment. Discards frames switched from another port for forwarding. Receives BPDUs from the network segment and directs them to the switch system
module for processing. Processes BPDUs received from the switch system module. Receives and responds to network management messages, such as a network
administrator disabling the port.
After 15 seconds, the switch port moves from the listening state to the learning state.
iii) Learning state (eTutorials.org, 2008)In the learning state, the switch port prepares to participate in the network by forwarding frames. Learning is the second transitional state through which a port moves toward the end goal: frame forwarding. It is the STP that moves the port from the listening to the learning state.A port in the learning state performed: Discards frames received from the attached network segment. Discards frames switched from another port for forwarding. Incorporates LAN host location information into its address database. Receives BPDUs from the network segment and directs them to the switch system
module for processing. Receives, processes, and transmits BPDUs received from the system module. Receives and responds to network management messages, such as a network
administrator disabling the port.
After 15 seconds, the switch port moves from the learning state to the forwarding state.
13
iv) Forwarding state (eTutorials.org, 2008)A port in the forwarding state forwards frames across the attached network segment. The forwarding state is the last state a port enters during the creation of the network topology.A port in the forwarding state performed: Forwards frames received from the attached network segment. Forwards frames switched from another port for forwarding. Incorporates LAN host location information into its address database. Receives BPDUs from the network segment and directs them to the switch system
module for processing. Processes BPDUs received from the switch system module. Receives and responds to network management messages, such as a network
administrator disabling the port.
A port stays in the forwarding state until a change occurs in the network topology, such as the addition of a new bridge or switch, a new bridge or switch port, or the failure of a bridge, switch, or port. When a change in the topology is detected, all switches recompute the network topology; this process is called convergence.
v) Disabled state (eTutorials.org, 2008)A port in the disabled state does not participate in frame forwarding or the operation of STP because a port in the disabled state is considered nonoperational.A disabled port state performed: Discards frames received from the attached network segment. Discards frames switched from another port for forwarding. Does not incorporate LAN host location information into its address database. Receives BPDUs, but does not direct them to the switch system module. Does not receive BPDUs for transmission from the switch system module. Receives and responds to network management messages, such as notification of
a network administrator enabling a port.
14
Benefits
1. RedundancySTP provides redundancy to all devices in the network. This is accomplished in the STP by ensuring that each device has a path to multiple switches. When there are multiple paths for each device to send data, it will choose only one path is active at a time to send data. In the event that the active path experiences an error, another path will be opened. This allows the device to have constant access to the rest of the network even in the event of network connectivity problems along one or more lines. (Enne, 2011)
2. Loop PreventionA loop exists when there is more than one available path between devices. This can result in duplicate data and confusion in the data-forwarding process. STP, however, only allows a single active path between devices at a time, which prevents the formation of loops in the network. (Enne, 2011)
3. Root SwitchThe creation of a root switch helps to eliminate loops and reduce network traffic. A LAN using STP has a number of switches but only one root switch. A switch is a piece of networking equipment, also known as a bridge, that connects segments of a network to each other. The root switch of an STP network is elected as the result of data gathering by all switches in the network and determination of the logical center of the network rather than the physical center. The root switch is the switch that has the shortest path to the majority of network devices. The other switches then calculate the shortest path to the root switch and set all other paths as backups. (Enne, 2011)
15
Medium-sized Switched LAN Design
16
24-Port Ethernet Hub
24-Port Ethernet Hub
24-Port Ethernet Hub
Workgroup Switch24 Ethernet
2 Fast Ethernet
Modular Core SwitchFast Ethernet Ports
24-Port Ethernet Hub
Workgroup Switch24 Ethernet
2 Fast Ethernet
Workgroup Switch24 Ethernet
2 Fast Ethernet
Novell Server
UNIX
Router
Modular Core SwitchFast Ethernet Ports
Workgroup Switch24 Ethernet
2 Fast Ethernet
Novell Server
UNIX
Workgroup Switch24 Ethernet
2 Fast Ethernet
Trunk
Workgroup Switch24 Ethernet
2 Fast Ethernet
Workgroup Switch24 Ethernet
2 Fast Ethernet
Supercomputer
Periphery Area
Core Switch Area
Shared Resources AreaShared Resources Area
17
Building 1
500 end users, of which 300 are to be attached to MicroLAN and 200 are to receive dedicated switch ports
five Novell servers and ten UNIX servers providing NFS services Internet router/network address translator one backbone switch providing 30 fast Ethernet interfaces
Assume that not all ports are in use.
Calculate number of 24 - Ports Workgroup switch:
200 user/20 ports = 10
10 Workgroup switch needed.∴
Calculate number of 24 Ports Shared Hub:
300 user/20 ports = 15
15 Shared Hub needed.∴
By using 5 Intermediate Distribution Frame (IDF) switches, each IDF switch is attached with 2 Workgroup switch and 3 Shared Hub.
Unused ports left = 30 – 5 – 10 – 5 – 1
= 9
there are 9 unused ports on the backbone Core Switch.∴
17
Building 2
houses 500 end users with dedicated switch ports 20 server-type devices, including one mainframe a single large backbone switch with 40 fast Ethernet interfaces will be deployed one FDDI interface to the supercomputer
Assume that not all ports are in use.
Calculate number of 24 - Ports Workgroup switch:
500 user/ 20 ports = 25
25 Workgroup switch needed.∴
By using 2 Intermediate Distribution Frame (IDF) switches, one IDF switch with attached 12 Workgroup Switch and another with 13 Workgroup switch.
Unused ports left = 40 – 2 – 20
= 18
there are 17 unused ports on the backbone Core Switch.∴
18
Question 2
Virtual Local Area Network
Virtual Local Area Network (VLAN) is collection of nodes that are grouped together in a single broadcast domain that is based on something other than physical location. A broadcast domain is a network (or portion of a network) that will receive a broadcast packet from any node located within that network. (Tyson, 2001)
There are reasons for implementing VLANs:
i) Simplification of Adds, Moves, and Changes
The most important of implementing VLANs in a network is to simplify the process of adds, moves and changes. In a corporate organization, the process of moving end users is very costly. The costs include those processes to move the end-user’s computer and reconfiguration, changing of network access lists on router, and most importantly, the cost of having end-users unable to operate their routine work until the changes and reconfiguration is done. Therefore, they need a technology that would simplify these processes for significant cost saving.
A VLAN solution can provide this simplicity in any network that implements a router-based hierarchy. The end-user’s PC needs new network address and a reconfiguration of router to assign access control for the user when the user is moved to a new area in the network. In this simple move of end-user’s PC, it needs many additional tasks to adopt the end system to its new location.
In a VLAN system, the network is now able to adjust its configuration when the users are moved. In this situation, VLAN act as a container for subnetting to distribute network address to every user in the network. In addition, more advanced systems can dynamically adapt the VLAN to any location the user moves to without manual intervention.
ii) Control of Broadcast and Multicast TrafficVLANs provide broadcast and multicast control over switched LANs. It allows size of a switched LAN is scaled based on the level of broadcast and multicast traffic. VLANs also can be used to group broadcast-intensive users to one broadcast domain, which enables to control end-users access to a limited broadcast traffic.For example, a network administrator can limit the broadcast traffic to different group of users. Some users are only allowed to access a specific broadcast traffic.
19
iii) Creation of Private NetworksVLANs can be used to create private virtual networks. By using VLANs, different groups of private virtual networks can be supported operating under a single network. This private virtual network concept implements a logical VLAN for each group of users which means that users are sharing the same physical topology but logically separate networks.For example, in a company, network administrator can use VLANs to separate a single physical network into many private virtual networks for different departments. Using these private virtual networks, network sharing can be shared privately in a department.
iv) SecurityVLANs can enchance security of data broadcast to be only accessiable by those users who can have authorize to access to the specific broadcast of data and reduce thechances of an outsider gaining access to the data. VLAN's can also be used tocontrol broadcast domains, set up firewalls, restrict access, and inform thenetwork manager of an intrusion.
(J.Roese, 1998)
v)
20
VLAN Membership for MAC Layer end users
VLAN membership defines how groups of MAC layer end users are associated with a particular VLAN or VLANs. There are many methods for this process, ranging from simple port association to complex protocol-based association.
i) VLAN Membership by Port InheritanceThe first mechanism to create VLAN is known as port inheritance, or port-based VLANs. This mechanism works by port switching in the VLAN. Every users on that port will be associated with that VLAN by inheritance from the switch port. For example, in a bridge with four ports, ports 1, 2, and 4 belong toVLAN 1 and port 3 belongs to VLAN 2 (see Figure 5).
Port VLAN1 12 13 24 1
Figure 5: Assignment of ports to different VLAN's.
This method of VLAN Membership is most useful in grouping together physical areas of a network. By associated the VLAN with switched ports, the VLAN is also associated with the physical areas those switch ports connect to.
ii) VLAN Membership by MAC AddressThe second level of VLAN association is based on end-user MAC address. Every network-connected device has its own MAC address. Those devices are assigned to VLANs according to their MAC address, which means they can track MAC addresses to decide membership. (see Figure 6)
MAC Address VLAN00-80-C7-60-44-71 100-50-C6-88-41-6D 200-50-C4-13-21-5D 200-80-5F-98-9D-29 1
Figure 6: Assignment of MAC address to different VLAN's
This method is most suitable in situation where end-users move around the network. By associating their MAC address to a set of VLANs, the user’s PC can move anywhere in the network and keep its membership.
21
iii) VLAN Membership based on Upper-Layer Protocol or ServiceThe third level of VLAN membership is based on upper-layer protocols and services. This type of VLAN is used to logically group the broadcast traffic of a particular protocol or service. In a network, every users may only access a particular protocol or services broadcast or multicast traffic. Therefore, this type of VLAN is used for grouping those users who only access a particular protocol or services broadcast or multicast traffic(see Figure 7).
Protocol VLANIP 1IPX 2IP/IPX 3
Figure 7: Assignment of protocol to different VLAN's
This type of VLAN is most useful for broadcast and multicast control on switched LANs. By ceating different VLANs for specific protocols, users ultilizing those protocols are allowed to see the broadcasts of that VLAN, while users not un the VLAN are prevented from seeing that protocol. By isolating a protocol to only the users ultilizing that protocol, the switched LAN is able to scale up to much larger sizes.
iv) VLAN Membership by IP Subnet AddressMembership is based on the Layer 3 header. VLAN membership can be classify based on the IP address subnet. (see Figure 8).
IP subnet VLAN192.20.160.0 1202.221.161.0 2168.18.0.0 3
Figure 8: Assignment of IP subnet addresses to different VLAN's
Although VLAN membership is based on Layer 3 information, this has nothing todo with network routing and should not be confused with router functions. In thismethod, IP addresses are used only as a mapping to determine membership inVLAN's. No other processing of IP addresses is done.In Layer 3 VLAN's, users can move their workstations without reconfiguring theirnetwork addresses. The only problem is that it generally takes longer to forwardpackets using Layer 3 information than using MAC addresses.
22
v)
23
VLAN Mechanism
The primary VLAN distribution mechanism in use is known as frame tagging. A frame tag is defined as an identifier within packets that describes the packets’ VLAN membership. Frame tags can either be explicit or implicit. An explicit frame tag consists of an additional field or fields added to existing packets, making them as belonging to one or more VLANs. An implicit frame tag is an existing field in the origina packet that identifies its membership in VLANs.
Premable SFD Destination Address
Source Address
Length Data field CRC
Figure 9 : Structure of implicit frame tag
Preamble SFD Destination Address
Source Address
Explicit TAG
Data Field CRC
Figure 10 : Structure of explicit frame tag
An implicit tagging is shown in Figure 9. An implicit tag is defined as the switch using internal characteristic of the original packet to identift its VLAN. Some of the fields that can be used as implicit tags are the source or destination addresses. An example of an implicit tag is a packet sent to the BPDU multicast address.
Most vendor do not implement implicit tagging, because it is difficult to be ultilized. But, it also can be used to eliminates the posibility of oversized packets and generally increases the overall efficiency of the switches’ forwading logic, since no packet modification is required.
An explicit tagging is shown in Figure 10. It shows a modification on the original packet by adding an explicit tag in its structure. This kind of tagging is done for packets that cannot support the concept of an inplicit tag. Many vendor simply implement explicit tags on all the packets. By using this method, the more complex analysis of implicit tags is not needed.
The disadvantage of explicit tagging is that it add to the size of the original packet and may cause oversized packet to be generated on interswitch links. If this happen, there is no guarantee that the packet can be delivered. Because of this, some vendors have linited their use of explicit tagging to broadcast and multicast.
(J.Roese, 1998)
24
802.1Q Standard
Fuctionality
IEEE 802.1Q standard is mainly focused on the mechanisms of the VLAN-capable switches. The standard provides a set of functions which is implemented defined in 802.1Q, allow the standard to be interoperability with other vendor’s 802.1Q switches. This limited scope of implementing a basic model of VLAN-capable switches fails to provice comprehensive VLAN implementation technology in partical network. (J.Roese,1998)
Features
The general goals of the 802.1Q standard are to simply to define an architecture for VLANs and the protocols and fuction requirements of an 802.1Q VLAN switch. The actual specification is based on other IEEE 802.1 standards such as transparent bridging and spanning tree algorithm. 802.1Q introduced the concept of a virtual bridged network or VLAN and defines an operational model of VLAN-capable switch for implementation of IEEE 802.1Q VLAN.
802.1Q VLANs have the capabilities for identify end systems or switch neighbors using new ingress and egree rules, GARP VLAN Registration Protocol (GVRP) and its distribution mechanism. Each of these three areas allows the switch has the capability to create logical bridged LANs over common switch fabric.
(J.Roese, 1998)
25
Capabilities
New Ingress and Egress Rules
An 802.1Q-capable bridge must be able to properly deliver packets to a specified VLAN.
Since the bridges are just devices with many interface and some forwarding logic, their
forwarding logic can be modified by the VLAN switch to understand the concept of
having multiple independent broadcast domains accessible via one bridge. This
modification is done based on the new ingress and egress rules. These rules are used to
define the handling of inbound and outbound of the packets.
The 802.1Q-compatible switches classify the inbound packets based on the VLAN
identifier (VID) of the port were received on. It is possible that the switch will receive a
packet on a port connected to another 802.1Q-compatible switch or an end user capable
of categorizing user’s packets into VLAN. This ingress categorization of packets involves
the addition of a frame tag if needed. The frame indicates the VLAN ID of the packet
along with others information related to the priority of the packet and addressing format.
The delivery mechanisms of 802.1Q also known as Egress Rules. In this rules, the switch
will examine the packets received and deliver the packets to ports based on the VLAN
membership for sharing.
(J.Roese, 1998)
26
GARP VLAN Registration Protocol (GVRP)
GVRP is generally used to support multiple switch topologies abd VLAN-aware end
nodes. This protocol is a signaling method used to identify VLAN membership to peer
switches in the network. In a switched VLANs, GVRP is used to identify its capabilities
for attaching switches over the spanning tree topology or GVRP end system to attach the
switch port.
For communication between the end system and the 802.1Q switch, GVRP is used to
register end user with support to a VLAN port ID and allows the switch to forward
received packets with that VID to the port with the end user. GVRP must be used for
commuication between switches to identify which VLAN are to be sent up or down the
spanning tree link. Each switch must register with others switch within VLANs, so that
the packets can be delivered to the switch with those VIDs.
(J.Roese, 1998)
Distribution Mechanism
802.1Q provides a tagging-based distribution mechanism to allow multi-switch VLAN
networks. The tagging mechanism standarization is one of the most difficult areas in the
standard. 802.1Q standard has define a several frame formats for tagging because the
frame formats for Ethernet, Token ring and FDDI are very different from one another. In
the explicit, there are two major elements: a Tag Protocol ID (TPID) and a Tag Control
Information field (TCI).
Tag protocol ID is used in the existing Ethernet II and Ethernet SNAP headers to identify
the packet as tagged packet. IEEE specified 8100 as the registered protocol type for
802.1Q tagging.
There are three fields in TCI. The first field is the priority field. 802.1Q supports tagging
of packets for not just VLAN ID but also to established packet prioritization. Three bits
of the two-byte TCI are allocated for priority. Therefore, it gives the network a total of
eight levels of prioritization, which can mapped to vendor-specific queuing and priority
mechanisms.
27
The next bit is used to indicate the address format of the packet. It is known as the
canonical format indicator and assists the switches in converting from Ethernet least
significant bit first addressing to Token Ring / FDDI most significant bit first addressing.
The final 12 bits of the TCI are the VID, indicating the VLAN this packet associated
with.
With the use of GVRP mechanisms for identifying the VLAN that exists between
switches, the tagging mechanisms can mark the packet as a member of a specific VLAN.
The packet can be sent through spanning tree backbone of switches and assuring it is
being delivered to the right VLAN as indicated in VID. In short, this tagging allows the
VLAN’s packet to travel in the different link of switches and still allow for the correct
identification of the VID of packet.
(J.Roese, 1998)
28
Referencing
Adtran, 2004. [Online] Available at: http://www.at2.com/downloads/documents/adtran/adtran_span_tree_config_guide.pdf [Accessed 23 April 2011].
Castelli, M.J., 2004. How a LAN Switch Works. [Online] Available at: http://www.ciscopress.com/articles/article.asp?p=357103&seqNum=4 [Accessed 9 April 2011].
Cisco, 1997. Understanding Spanning-Tree Protocol. [Online] Available at: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi2/cwsiug2/vlan2/stpapp.htm [Accessed 23 April 2011].
Enne, V., 2011. The Advantages of Spanning Tree Protocol. [Online] Available at: http://www.ehow.com/list_6157099_advantages-spanning-tree-protocol.html [Accessed 23 April 2011].
eTutorials.org, 2008. Root Bridge or Switch Port. [Online] Available at: http://etutorials.org/Networking/Lan+switching+first-step/Chapter+7.+Spanning+Tree+Protocol+STP/Root+Bridge+or+Switch+Port/ [Accessed 23 April 2011].
eTutorials.org, 2008. Spanning Tree Protocol Configuration. [Online] Available at: http://etutorials.org/Networking/Lan+switching+first-step/Chapter+7.+Spanning+Tree+Protocol+STP/Spanning+Tree+Protocol+Configuration/ [Accessed 23 April 2011].
J.Roese, J., 1998. Switched LANs - Imnplementation, Operation, Maintanance. In McGraw-Hill Series on Computer Communication. Boston: International Thomson Computer Press.
J.Roese, J., 1998. Switched LANs - Imnplementation, Operation, Maintanance. In McGraw-Hill Series on Computer Communication. Boston: International Thomson Computer Press. pp.32-33.
Mitchell, B., 2011. Layer 3 Switches - What Is a Layer 3 Switch? [Online] Available at: http://compnetworking.about.com/od/hardwarenetworkgear/f/layer3switches.htm [Accessed 9 April 2011].
Mitchell, B., 2011. Spanning Tree - Protocol and Algorithm of Spanning Tree. [Online] Available at:
29
http://compnetworking.about.com/od/networkprotocols/g/spanning_tree.htm [Accessed 23 April 2011].
TopBits, n.d. LAN Switching and Switch Types. [Online] Available at: http://www.tech-faq.com/lan-switching-and-switch-types.html [Accessed 12 April 2011].
Tripod.com, 2005. Layer 2 Switching. [Online] Available at: http://netcert.tripod.com/ccna/switches/2switch.html [Accessed 19 April 2011].
Tyson, J., 2001. How LAN Switches Work. [Online] Available at: http://computer.howstuffworks.com/lan-switch16.htm [Accessed 9 April 2011].
30