802.1Q VLAN and 802.1P

Source: Internet
Author: User

This article mainly introduces the implementation of 802.1Q VLAN protocol in Ethernet switches, as well as some basic content of the 802.1p protocol. For details about the implementation of these two protocols, refer to the relevant information of 802.1Q and 802.1p protocols.

I. 802.1Q Protocol

802.1Q Protocol, namely Virtual Bridged Local Area Networks protocol, mainly defines VLAN implementation. Next we will first describe the basic concepts of VLAN.

Virtual LANs is developing rapidly. Major network vendors in the world have implemented VLAN Protocols in their switch devices. As the name suggests, VLAN is a Virtual LAN. For example, for a QuidwayS2403 switch, you can divide 24 10 M Ethernet ports into several groups, such as protocol groups, ATM groups, and test groups, each user in the group is like a user in the same LAN (maybe the user in the protocol group is located on many switches rather than a switch). At the same time, users who are not in this group cannot access members of this group.

In fact, VLAN members can be defined in four categories:

1. VLAN division by port

VLAN division is based on the port of the Ethernet switch, for example, 1 ~ of S2403 ~ Port 4 is vlan a, 5 ~ 17 is vlan B, 18 ~ 24 is vlan c. Of course, these ports belonging to the same VLAN can be discontinuous. The administrator determines how to configure these ports. If there are multiple switches, for example, you can specify 1 ~ 1 ~ of port 6 and switch 2 ~ Port 4 is the same VLAN, that is, the same VLAN can span several Ethernet switches. According to the port division, VLAN is currently the most commonly used method, the IEEE 802.1Q Protocol specifies how VLAN is divided based on the port of the switch. The advantage of this division method is that it is very simple to define VLAN members, as long as all ports are defined. Its disadvantage is that if the user of vlan a leaves the original port and reaches A port of A new switch, it must be redefined.

2. VLAN division based on MAC addresses

VLAN division is based on the MAC address of each host, that is, the group of hosts with each MAC address is configured. The biggest advantage of this VLAN division method is that when a user moves from a switch to another switch, the VLAN does not need to be reconfigured, it can be considered that this method is based on the user's VLAN according to the MAC address. The disadvantage of this method is that all users must perform configuration during initialization, configuration is very tiring if there are hundreds or even thousands of users. In addition, this division method also reduces the efficiency of the switch, because each switch port may have many members of VLAN groups, so that broadcast packets cannot be restricted. In addition, for users who use laptops, their network cards may be changed frequently, so that the VLAN must be configured continuously.

3. VLAN division based on the network layer

This VLAN division method is based on the network layer address or protocol type of each host (if multiple protocols are supported), although this division method may be based on network addresses, such as IP addresses, but it is not a route. Do not confuse it with a network-layer route. Although it views the IP address of each data packet, it does not use routes, so there is no RIP, OSPF or other routing protocols, but bridge switching based on the Spanning Tree Algorithm,

The advantage of this method is that the user's physical location has changed, and there is no need to reconfigure the VLAN to which the user belongs, and VLAN can be divided according to the protocol type, which is very important for network managers, this method does not require additional VLAN tags to identify VLANs, which can reduce network traffic.

The disadvantage of this method is efficiency, because it is time-consuming to check the network layer address of each packet (compared with the previous two methods ), generally, the switch chip can automatically check the Ethernet rst header of the packets on the network. However, to enable the chip to check the IP rst header, a higher technology is required and time-consuming. Of course, this is also related to the implementation methods of various vendors.

4. IP multicast as VLAN

IP multicast is actually a VLAN definition, that is, a multicast group is a VLAN. This division expands the VLAN to the WAN, so this method has more flexibility, it is also easy to expand through routers. Of course, this method is not suitable for LAN, mainly because of low efficiency. for LAN multicast, there is a layer-2 multicast protocol GMRP.

We can see from the above that different VLAN definition methods have their own advantages and disadvantages. Therefore, many manufacturers' switches have implemented more than one method, network administrators can choose according to their actual needs. In addition, many vendors consider the complexity of VLAN configuration when implementing VLAN, it also provides automatic configuration and convenient network management tools.

In the past, various vendors claimed that their switches implemented VLANs, but the methods implemented by different vendors were different, so they could not connect to each other. In this way, once a user buys a switch from a vendor, you cannot buy other vendors. Now, the VLAN standard is the 802.1Q protocol proposed by IEEE. Only by supporting the same open standard CAN network interconnection be ensured and network equipment investment be protected.

The following describes the advantages of VLAN:

1. reduce the cost of moving and changing, that is, to dynamically manage the network. That is, when a user moves from one location to another, its network properties do not need to be reconfigured, this kind of dynamic management network brings great benefits to network managers and users. A user can access the network without any modification wherever he is, this prospect is very promising. Of course, not all VLAN definition methods can achieve this.

2. the most ambitious goal of a VLAN in a virtual working group is to establish a virtual working group model. For example, on a campus network, the same department is like on the same LAN, it is easy to access each other and exchange information. At the same time, all broadcast packets are restricted to the virtual LAN without affecting other VLAN users, if a person switches from one office location to another, and he is still in the Department, his configuration does not need to be changed, but he changed the system, so you only need to configure the network manager. The goal of this function is to establish a dynamic organizational environment. Of course, this is just a ambitious goal. To achieve it, we also need some other support, including management and other aspects.

3. Restrict broadcast packets. According to the 802.1D transparent bridge algorithm, if a packet cannot find a route, the switch will send the packet to all other ports, this is the broadcast-based forwarding of the Bridge. As a result, the bandwidth is undoubtedly greatly wasted. If VLAN is configured, when a data packet is not routed, the switch only sends this packet to all other ports belonging to the VLAN, instead of all ports of the switch. In this way, the packet is limited to one VLAN. To some extent, you can save bandwidth.

4. Security: because a VLAN is configured, packets from one VLAN are not sent to another VLAN. In this way, users of other VLANs cannot receive packets from any VLAN, this ensures that the information of this VLAN is not eavesdropped by other VLAN users, thus realizing information confidentiality.

Theoretically, a VLAN can be extended to the WAN. However, this is unwise because a VLAN allows broadcast packets to be sent out and does not have a good routing algorithm, packets are often forwarded in the form of broadcasts. Without a doubt, the valuable bandwidth of the WAN is greatly wasted. Therefore, Port-based, it is unreasonable to extend the VLAN of the MAC address and network address to the WAN. However, the VLAN concept based on Multicast can be flexibly and effectively extended to the WAN. Generally, Ethernet switches implement port-based VLANs, and some also implement VLAN Based on MAC addresses and network layer addresses, in a vro, the so-called multicast VLAN can be implemented through the IGMP multicast protocol.

The 802.1Q Protocol defines a port-based VLAN model, which is the most commonly used method. Next we will focus on how the switch chip implements VLAN. For more details, refer to the 802.1Q protocol. Because the Protocol text is very abstract, let's take TI's exchange chip as an example to illustrate how it is easier to understand. In the example, TNETX4090 provides eight M Ethernet ports and one 1G Ethernet port.

Each host that supports the 802.1Q Protocol adds a 4-byte 802.1Q Authorization header after the source address in the original Ethernet rst header when sending data packets, connect to the original Ethernet length or type domain. For the Encapsulation Format of the Ethernet accept header, see Ethernet training materials.

The four-byte 802.1Q Tag header contains two bytes of Tag Protocol Identifier TPID -- Tag Protocol Identifier, whose value is 8100 ), TCI -- Tag Control Information). TPID is a new type defined by IEEE, indicating that this is an article with the 802.1Q label,

VLAN Identified (vlan id): This is a 12-bit domain that specifies the vlan id, a total of 4096. Each packet sent from a host that supports the 802.1Q protocol will contain this domain, to specify which VLAN you belong to. Currently, TNETX 3270 only supports 32 VLANs.

Canonical Format Indicator (cfi): this bit is mainly used for the RST Format when the bus-type Ethernet is used to exchange data with FDDI and the gateway. TNETX 3270 ignores this bit.

Priority: The three digits indicate the Priority of the token. There are a total of eight priorities, which are mainly used to send packets preferentially when the switch is blocked. TNETX 3270 and TNETX 4090 support only one priority, so this priority is useless,

It is not hard to see that the four bytes in the 802.1Q label header are newly added. Currently, the computers we use do not support 802.1Q, that is to say, the Ethernet rst header of the data packet sent by our computer does not contain these four bytes, and cannot recognize these four bytes. In the future, software and hardware will support the 802.1Q protocol. For a vswitch, if all hosts connected to the Ethernet segment can identify and send such packets with the 802.1Q label header, we call this port the Tag Aware port. On the contrary, if the port of the switch says that the Ethernet segment to be connected has a host that does not support the Ethernet subnet header, the port of the switch is called the Access port. from the current situation, we can see that, the ports of all vswitches belong to the latter type.

Now, how does a switch support VLAN? Yes, for example, switch 1 ~ Port 4 belongs to the same VLAN. When Port 1 comes in with a packet, the switch will see that the packet does not have the 802.1Q label header. Then, according to the VLAN group to which port 1 belongs, the system automatically adds a label header for the VLAN to the packet and then delivers the packet to the database query module. The database query module routes the packet based on its destination address and VLAN, then it is handed over to the forwarding module. The forwarding module shows that this is a packet containing the label header, and the computer that actually sends the port connected to the Ethernet segment cannot recognize this packet. Therefore, it then removes the label header added by the switch when the packet comes in. If the computer supports this label header, you do not need to add or delete the label header from the switch. whether to add or delete the label header depends on whether the host of the Ethernet segment connected to the switch recognizes this packet, which type of port is the port of the vswitch. Of course, the ports connected by the two switches are generally Tag Aware ports. In this way, the label header is not required when the switches and switches exchange data packets.

The process consists of three steps::

1. Receiving process: This process is used to receive data packets. A data packet can contain a label header or a label header, the switch will know that the corresponding label header is added based on the VLAN to which the port belongs.

2. Search/route process: This process determines the port to which the data packet is sent based on the destination MAC address of the data packet and the information registered in the database with the vlan id.

3. Sending process: send data packets to the Ethernet segment. If the host of the network segment cannot identify the 802.1Q label header, remove the label header. If it is a port connected to other switches, generally, this parameter is not removed.

For more information about the receiving, querying, and sending processes, see TNETX 3270. The following describes the process of receiving and sending a packet without a label header.

For details about the routing process, refer to TNETX 3270.

If Chris sends a data packet to Jackie, the process is as follows:

1. Chris sends a packet to Jackie.

2. The packet arrives at Port 9 of vswitch 1, which is a packet without a label header. Therefore, vswitch 1 adds a vlan id to the packet.

3. query the database based on the target MAC address and vlan id, knowing that the packet needs to be sent to ports 24, 25, and 26. These three ports are bundled together. For the upper layer, these three ports are like a port. In fact, the switch will decide which port to send out based on the traffic of the three ports ). If you do not know, the packet will be sent to port 6. Of course, when you send the packet to the Ethernet segment of port 6, the label header will be removed first, And Altaf will discard the packet after receiving the packet, because the destination address is not it. Because port 24 is the Tag Aware port, the label header of the packet sent to the port 24 is not removed.

4. After receiving this packet, the TNETX 4090 vswitch finds the route in its database based on the VLANID and the destination MAC address. At last, it knows that the packet should be sent to port 45 or 6 ), the label header is still not removed.

5. After receiving the packet, vswitch 2 searches for the route in its database based on the vlan id and the destination MAC address, knowing that the packet needs to be sent to Port 2. Therefore, the packet is sent out. Note that the label header must be removed from the sent data packets.

We have discussed the process of packets sent and received by VLAN. The specific implementation of this function has been implemented by the switch chip of the Ethernet switch. If you are interested, refer to the technical information of the switch chip.

Ii. 802.1P Protocol

The 802.1p Protocol defines the concept of priority. For packets with high real-time requirements, when the host sends a packet, it indicates that the packet has a high priority in the Three-bit priority values added to the MAC accept header mentioned earlier, in this way, when the Ethernet switch has a large amount of data traffic, it will consider forwarding these packets with higher priority.

Currently, some Ethernet switches only support two priority levels, and some support four priority levels.

The 802.1p Protocol also defines the GARP -- Generic Attribute regicol Protocol. Attribute here refers to attributes such as the multicast MAC address, port filtering mode, and VLAN. The GARP protocol can actually define the characteristics that many switches should have. Currently, it defines two Protocols: GMRP--GARP Multicast regicol Protocol and GVRP--GARP VLAN regicol Protocol. In the future, other features will be defined according to the needs of network development. GARP defines how Ethernet switches exchange such characteristic information, how data packets are sent, how packets are received, and so on.

GMRP is a dynamic layer-2 multicast registration protocol, which is similar to the IGMP layer-3 multicast protocol in many aspects. For IP addresses, Class-d ip addresses are multicast addresses. In fact, each IP multicast address corresponds to a multicast MAC address. The 802.1p protocol registers and obtains the identity of multicast members on an Ethernet switch based on the multicast MAC address, IGMP is managed based on multicast IP addresses. Of course, if the Ethernet switch does not implement the GMRP protocol, you can only achieve multicast through static configuration.

Why do I need a layer-2 multicast protocol? We will discuss it in detail. Like the IGMP protocol, if we set up a multicast group in our own LAN, our lan may contain many switches. If these switches do not implement the layer-2 multicast protocol, when a group member sends a packet to another group member, the switch broadcasts the packet to all ports because the switch does not know which port is added to the multicast group, the only solution is that the administrator configures the switch so that the packet sending method of the broadcast forwarding can be restricted, and the multicast itself is dynamic, it is unrealistic to implement multicast through administrator configuration. Therefore, a layer-2 multicast protocol is required to dynamically manage team members. This is why layer-2 multicast protocol is required. At present, many high-end switches use 802.1p and 802.1Q protocols as a major performance indicator.

GVRP is a VLAN protocol, because it and GMRP are based on GARP, so they are closely related, they all need to operate on the database of the switch, the Protocol is defined in 802.1Q.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.