Application of VLAN technology in broadband access system

1 Introduction
There are many kinds of technologies to realize broadband access, among which the Fttx+lan scheme is one of the hottest technologies at present. The so-called Fttx+lan technology, is in the fiber to the community based on the use of computer LAN access to end users, the use of optical fiber plus 5 lines, as well as Ethernet exchange technology, to achieve "gigabit to the community, hundred trillion to the building, 10 trillion to the family." This broadband construction program can provide a wide range of broadband services based on IP technology. However, because Fttx+lan is a shared-based Ethernet technology, it exposes serious deficiencies in terms of networking, billing, security, and manageability. Telecom operators have identified some of the following problems.
1 Network security problems: Some malicious users to modify the IP address or MAC address, and other ways to attack the network, resulting in network paralysis or other users of the business can not run normally.
2 User Data Isolation problem: the community in the user's computer internal communication is generally less, in order to ensure data security, convenient access control and billing, require all the data are sent to Zanzoor access Network Residential network of multi-layer switch processing.
3 Customer Service Quality assurance Problem (QoS): The current Ethernet only provides the best effort mechanism, congestion is difficult to meet real-time business requirements.
4 User management issues.
5 User billing, authentication issues.
In addition, there are how to save the legal IP address of the public network, Ban equipment power supply and so on. The focus of this paper is to put forward a solution to network security, data isolation and user management through VLAN technology.
2 VLAN Technology Introduction
The basic structure of the Fttx+lan scheme is as follows: the establishment of Gigabit Ethernet switch (Zan equipment) in the residential district, the establishment of a two-layer Ethernet switch in the building, through the mbit/s optical port connected to Zan equipment. In order to guarantee the user's information security, the Telecommunication department requires the information isolation between each port of the broadband access device, that is, the information exchange between the two ports must be completed by Zan equipment. At present, the broadband access devices designed by Ethernet switch chip need to rely on multi-layer VLAN technology to realize isolation.
The most primitive definition of a LAN is a private network located in the same building, at the same university or within a few kilometres of territory. The LAN is now usually defined as a single broadcast domain. That is, the user's broadcast information will be received by every user on the LAN, but not outside this broadcast domain. Generally speaking, broadcast domains rely on physical connections, but the VLAN (virture Local area networks) technology has changed that. VLAN technology allows network administrators to logically partition a LAN into several different broadcast domains. This is a logical division, not a physical one. Users who belong to the same VLAN can be distributed in different places without having to be lumped together. VLAN technology mainly has the following characteristics.
1 simplifies the deletion, addition and alteration of the terminal. When a terminal is physically moved to a new location, its characteristics can be redefined from the network management workstation. For a terminal that moves only on the same VLAN, it still retains the previously defined characteristics.
2 control communication activities. Broadcast, multicast traffic is restricted to the inside of the VLAN, and a terminal belonging to the same VLAN can receive this information.
3 improves the security of workgroups and networks. Dividing the network into different domains can increase security by controlling the size and composition of VLANs to limit the number of users in the same broadcast domain.
Making full use of VLAN's function and designing the VLAN structure flexibly can improve the Fttx+lan broadband access technology due to the sharing of Ethernet.
Application of 3 VLAN technology in Fttx+lan scheme
Ban devices are now generally selected with multiple VLAN features of the two-tier C2 Ethernet switch, the switch supports based on ports and 802. Large capacity VLAN of the 1Q protocol. To enable port data isolation, we can define the ports of the switch as untaged ports, and each port is divided into a separate port based VLAN. Therefore, each port will automatically give no 802 when it receives packets. The 1Q label Packet plus a label based on the Port VLAN ID. Because the different ports belong to different VLAN, so the packet can not be forwarded directly to other ports within the two-tier switch, the communication between VLANs can only be completed through the multilayer switch routing of the Zan side, which solves the problem of the ban side data isolation.
Because each port is assigned a different VLAN ID, each frame in the Ethernet tab has a different VLAN Id,zan side of the device can be used to identify the packet is from the ban side of the device to send to the port, so by querying the Zan device port, Mac, IP address of the binding relationship table, Realize the user's access control, billing and management, improve the security of the network.
Sometimes several users on the ban side of the two-tier switch need to form a traditional VLAN, which requires two-tier switches to support multi-tier VLANs, that is, each untaged port is supported on 802, in addition to the port based VLAN. 1Q of VLAN.
4 Summary
To sum up, the use of multi-layer VLAN technology, can realize the data isolation of the port, improve network security, facilitate the telecommunications sector to the user management. If the two-tier switch supports IGMP snooping, the multicast function can be implemented. The disadvantage is that the port provided to the user must be a untaged port, which is based on 802 for future development. 1Q different priority of multiple service access, to achieve User Service quality assurance has a certain impact; and using VLAN to realize data isolation makes the switch setup and management more complex.