Comparison between openflow and traditional vswitches in layer-2 Forwarding (1)

Comparison between openflow and traditional vswitches in layer-2 Forwarding (1)

L2 forwarding and Vlan traps

Generally, after a string of bits in the physical layer are connected to the data link layer, frames are formed and verified. Only frames that pass the verification are forwarded. The concept of forwarding is MAC address-based forwarding for vswitches. The first layer-2 forwarding device is only based on MAC addresses and is used in LAN ), later, due to broadcast flood and communication security concerns, vlan was used to isolate different communication domains. I don't know whether Vlan (Virtual Local Area Network) is the first Network virtualization technology on the Network, but it is the first Network virtualization technology I have come into contact.

The MAC address is the physical address on each network device,

Vlan Technology identifies and marks VLANs by adding 4 bytes of data to the original packets after the MAC address header. The details are as follows:

Among them, the type id (TPID) in the example is 0x8100, in fact this is not necessary, a little advanced exchange chip support configuration, this function is called Q-IN-Q; because a L2 tunnel or vlan id is not enough for use, you can add two vlan tags to a packet, and the TPID of the two vlan tags can be different or the same. The flexible Q-IN-Q function is used to flexibly Delete, add, or modify vlan tags for packets.

The 3bit user priority is generally called the COS value for L2 QOS. The 1bit is the CFI (Canonical Format Indicator) mentioned in the previous article ), 0 indicates that the frame format is used for 802.3 or EthII encapsulation. It is often used between an Ethernet network and a ring-based network. If the frame received on the Ethernet port has CFI, it is set to 1, indicates that the frame is not forwarded.

Since the advent of vlan technology, L2 Forwarding is no longer just based on MAC address learning and forwarding, but based on mac vlan learning and forwarding, the following describes the general process of BCM, MVL, and other chip manufacturers:

In fact, the forwarding process is relatively simple, and the following points need to be noted:

1. For SMAC = DMAC attack packets, advanced switching chips can be configured to be directly discarded;

2. The process of Vlan tag identification and acquisition is complex and will be detailed later;

3. SMAC Vid search is usually possible, but some chips do not have a tag packet. How can this problem be solved? The processing methods of different chips are different. Even for the same manufacturer, some are discarded, some are broadcast, and some are configurable;

4. DMAC packets starting with 0x0180c2 are mainly used for L2 protocol packets, including traffic control, LLDP, and LACP;

5. vswitch chips generally perform message unicast and broadcast. By default, the multicast function is not enabled. However, from a mathematical perspective, unicast and broadcast can both be regarded as two boundary values of multicast; this is similar to many theorems in physics. It is difficult to extend the theory to a common formula, but in fact it often happens in several special cases that are extremely simple in theory. In addition, if the dmac vid cannot find the corresponding table items, the default action is to broadcast all ports except the source port, usually the switch chip can also be configured as discard, CPU and other actions.

6. the layer-2 multicast protocol mainly includes IGMP and so on. The principle can be referenced in many places. Currently, there are three major versions. The relationship between the MAC and IP addresses of layer-2 multicast and layer-3 multicast is as follows:

7. packets in Layer 2 do not prevent loops. As a result, once links have loops, an extremely catastrophic accident will occur, and STP protocol will be proposed to solve this problem, however, with the expansion of the network scale, when the number of network devices reaches 100, once the network topology changes, the STP protocol's ability to respond to network changes will be completely invisible; although improvements such as RSTP and MSTP were proposed later, they still failed to take off the defects such as waste of link bandwidth until complicated trill protocols were proposed; therefore, the anti-ring field TTL is taken into account when designing the layer-3 packet IP header;

8. each port has its own MTU. When the CPU sends packets through the port, packets can be split in the protocol stack, at this time, the Shard is based on the minimum MTU value of all ports in the vlan;

9. to enable communication between ports of different VLANs, the trunk attribute of a port is introduced to implement communication between multiple VLANs; this concept divides ports into three categories: Access, trunk, and hybrid. All ports of the vswitch are access ports by default. Only packets with the same vlan id and the same port native vlan are forwarded; the trunk port can forward packets of all vlan IDs. All the packets here refer to the vlan already created on the switch, however, if the vlan id is the same as the native id, the TAG is deleted to transfer the packet. Otherwise, the tag is forwarded; hybrid is the vlan ID packets that can be entered by any separately configured port, and whether the transferred packets contain tags. This function is similar to multicast in mathematics, you can regard access and trunk as two boundary values of hybrid;

10. the default vlan to which all ports belong is vlan1. The switch can change the vlan to which the ports belong. Similarly, for L2 QoS fields, the COS value assigned to messages without tags can also be configured through the command line;

11. in order to isolate users within a VLAN, the advanced switch chip proposes the concept of private vlan, namely pva1, and sets the port to different attributes. There are three types of switch ports: Isolated port, community port and Promiscuous port; they correspond to different VLAN types: Isolated port belongs to Isolated PVLAN, and Community port belongs to Community PVLAN, which represents the Primary VLAN as a Private VLAN, the first two VLANs must be bound with them, and they also include Promiscuous ports. In Isolated PVLAN, Isolated ports can only communicate with Promiscuous ports, but cannot exchange traffic with each other. In Community PVLAN, Community ports can not only communicate with Promiscuous ports, but also exchange traffic with each other.

12. like Q-IN-Q, MAC address also has MAC-IN-MAC usage, also known as PBB-TE, technical standard is 802.1qay, mainly used for carrier backbone network, after the multicast is disabled, it is used to resolve the problem that the operator's Backbone link maintenance MAC table is too large, user traffic is encapsulated and isolated twice, and the ring and load are not balanced;

13. when MAC learns from hardware, it needs to notify the CPU by means of interruption, so that the software can have copies of the hardware MAC table for easy display and query, in addition, the concept of ARP is used to associate MAC and IP addresses to determine whether routes are delivered to hardware;

14. MAC has an aging process, that is, for a period of time, that is, there is no message that SMAC is the MAC or that DMAC is the MAC, the address will be deleted from the hardware table item (+ focus on the online world) and the upper-layer software will be notified. The aging time is 300 seconds by default. This value can be configured, generally, the supported range is 60 to 60, depending on the degree of chip support ~ 1800 seconds;