Highlights of several switch configurations included

12-Layer Forwarding principle

The two-tier forwarding process extracts the source MAC address of the datagram, queries the Mac forwarding post (aka L2fdb), and sends it directly to the corresponding port if found. For addresses not included in the table, send by broadcast, that is, to all ports. Using Address auto-learning (based on source MAC address learning) and aging mechanism (timing mechanism) to maintain Mac forwarding information, two-tier forwarding generally does not change the packet contents.

Introducing VLANs

Although the switch solves the problem of the conflict domain, there is still a broadcast domain problem, which is applied to the VLAN, that is, the VLAN mechanism is introduced on the Layer two switch.

VLAN mechanism can make the host under the same VLAN any communication (two layer switching), different VLAN host communication is completely isolated, such as need to communicate through three layer exchange, block broadcast packet, reduce broadcast domain, provide network security. A VLAN is simply a broadcast domain that can form a VLAN across multiple physical devices, making network construction and maintenance more convenient.

VLAN partitioning method can be divided according to the switch port, according to the MAC address to divide, according to the network layer (IP address, IP subnet) to divide, according to IP multicast division.

VLAN protocol format

TPID: Protocol flag, usually 0x8100 priority: First level CFI: Specification indication, total set to 0 VLAN Id:vlan number

VLAN Port

VLAN-based port partitioning can be categorized into a variety of port types: Access, trunk, Hybird. A port of type access can only belong to 1 VLANs, typically used to connect to the computer's port trunk type port may allow multiple VLANs through, can receive and send multiple VLANs of the message, generally used for the connection between the switch port Hybrid type of port can allow multiple VLANs through, can receive and send multiple VLANs of the message, can be used to connect between switches, can also be used to connect the user's computer

The hybrid port and trunk ports are handled the same way when they receive data, except when sending data: The hybrid port allows multiple VLANs to be sent without a label, while the trunk port allows only the default VLAN messages to be sent without tagging.

Switch interface Access data processing process under VLAN

1) acess Port Ticker: Receive a message to determine if there is VLAN information: If not, hit the upper port of the Pvid, and exchange forwarding, if there is a direct discard (default)

2) acess port text: The VLAN information of the message is stripped, sent directly out

3) Trunk Port Ticker: received a message to determine if there is VLAN information: if there is no port Pvid, and Exchange forwarding, if there is to determine whether the trunk port to allow the VLAN data entry: If can be forwarded, otherwise discarded

4) Trunk Port text: Compare the Port's pvid and the VLAN information that will send the message, if the two are equal then stripped VLAN information, and then sent, if not equal to send directly

5) Hybrid Port Ticker: received a message, determine if there is VLAN information, if not the upper port of the Pvid, and exchange forwarding, if there is a hybrid port to determine whether the VLAN data entry; Otherwise discarded (the UNTAG configuration on the port is not considered, the UNTAG configuration only acts when the message is sent)

6) Hybrid Port transmitter: 1. Determine the properties of the VLAN on this port (disp interface to see which VLANs are UNTAG and which are tags) 2. If it is UNTAG, the VLAN information is stripped, then sent, if the tag is sent directly

23-Layer Switching principle

Layer three switch

1. Problems when using routers for inter-VLAN routing

Now, we know that as long as we can provide inter-VLAN routing, computers that belong to different VLANs can communicate with each other. However, if you use routers for inter-VLAN routing, it is likely that the router will become a bottleneck for the entire network as traffic between VLANs increases.

The switch uses a dedicated hardware chip called the ASIC (applicationspecified Integrated Circuit) to process the exchange of data frames, which can be exchanged at cable speeds (Wired speed) on many models. Routers, on the other hand, are basically software-based processing. Even if a packet is received at the cable speed, it cannot be forwarded in an unlimited speed condition and therefore becomes a speed bottleneck. In the case of inter-VLAN routing, traffic is concentrated into the converged link portion of the router and switch interconnect, which is particularly prone to becoming a speed bottleneck. And from the hardware, because of the need to set up routers and switches, in some small space environment may even set the location of the problem.

2. Three layers switch (Layer 3 switch)

To solve the above problems, the three-layer switch came into being. A layer three switch is essentially "a (second layer) switch with routing capability." Routing is the function of the third layer of the network layer in the OSI Reference Model, so a switch with a third-tier routing capability is referred to as a "layer three switch".

For the internal structure of the three-layer switch, you can refer to the following diagram.

In one body, the switch module and the Router module are set up, and the built-in routing module is the same as the switching module, and the ASIC hardware is used to process the route. As a result, high-speed routing can be achieved compared to traditional routers. Also, the Routing and switching modules are aggregated and linked, and because of the internal connection, considerable bandwidth can be ensured.

Inter-VLAN routing using layer three switches (intra-VLAN communication)

How does the data in the layer three switch propagate? Basically, it is the same as when connecting a router to a switch using a converged link.

Assume that the 4 computers shown in the following figure are interconnected with a three-tier switch. When using a router connection, it is generally necessary to set up sub-interfaces for each VLAN on the LAN interface, while the layer three switch internally generates "VLAN interface" (VLAN Interface). VLAN interface, which is the interface for sending and receiving data from each VLAN. (Note: On Cisco's Catalyst series switches, VLAN Interface is known as svi--switched Virtual Interface)

To compare VLAN routing with routers, let's consider what happens when computer A communicates with Computer B. First, the data frame with the destination address B is sent to the switch, and the MAC address List of the same VLAN is retrieved to discover that computer B is attached to port 2 on the switch, so the data frame is forwarded to Port 2.

Inter-VLAN routing using layer three switches (inter-VLAN communication)

Next, consider what happens when computer A communicates with computer C. For the destination IP address, computer A can tell that the communication object is not part of the same network and therefore sends data to the default gateway (Frame 1).

The switch forwards the data frame to the routing module via an internal aggregation link after retrieving the list of MAC addresses. The data frame is appended with the VLAN identification information belonging to the Red VLAN (frame 2) When the link is passed through the internal aggregation.

When the routing module receives the data frame, it is identified by the VLAN recognition information appended by the data frame that it belongs to the Red VLAN, which determines that the Red VLAN interface is responsible for receiving and routing processing. Because the target network 192.168.2.0/24 is the network of the direct-attached router and corresponds to the Blue VLAN, it is then forwarded back to the switching module from the Blue VLAN interface via the internal aggregation link. This time, the data frame is appended to the identifying information belonging to the Blue VLAN (frame 3) when it is passed through the aggregation link.

After the switch receives this frame, it retrieves the MAC address list of the Blue VLAN and confirms that it needs to be forwarded to Port 3. Because Port 3 is the usual access link, the VLAN recognition information is removed (Frame 4) before forwarding. Finally, Computer C successfully receives a data frame forwarded by the switch.

The overall process is very similar to what happens when using an external router-all through the "sender → switch module → routing module → switching module → receiver".

Reference resources:

"1" Huawei access, hybrid and trunk differences and Settings http://www.educity.cn/net/1284108.html "2" two-layer forwarding principle, http://www.cnblogs.com/luoxn28/p /5858332.html "3" three layer switching principle, http://network.51cto.com/art/201402/428887.htm "4" VLAN principle, Http://blog.csdn.net/cwm_meng_ home/article/details/49762807