Introduction to VLAN Technology Vlanvlan overview
Ethernet is a data network communication technology based on CSMA/CD (Carrier sense multiple access/collision Detect, carrier listening multi-access/collision detection), which can cause serious conflict and broadcast flooding when the host number is high. , a significant decrease in performance, or even the unavailability of a network. LAN interconnection via switches while resolving the serious problem of conflict (collision), it is still not possible to isolate broadcast messages. In this case, VLAN (virtual local Area network) technology, this technology can divide a LAN into multiple logical Lan--vlan, each VLAN is a broadcast domain, The inter-host communication within a VLAN is the same as in a LAN, and the VLAN is not directly interoperable, so that broadcast messages are limited to one VLAN, as shown in 1.
Figure 1 VLAN
VLAN partitioning is not constrained by physical locations: Hosts that are not in the same physical location range can belong to the same VLAN, and a VLAN contains users that can be connected to the same switch or across switches, or even across routers.
The advantages of VLANs are as follows:
L Limit broadcast domains. Broadcast domains are limited to one VLAN, saving bandwidth and improving network processing power.
l enhance the security of LAN. The two beginning between VLANs is isolated from one another, that is, a user within a VLAN cannot communicate directly with users in other VLANs, and if different VLANs are to be communicated, they need to go through three-tier devices such as routers or layer three switches.
• Flexible building of virtual workgroups. With VLANs, you can divide different users into different workgroups, and users of the same workgroup do not have to be confined to a fixed physical range, and network construction and maintenance are more convenient and flexible.
VLAN principle
To enable a network device to distinguish messages from different VLANs, a field that identifies the VLAN needs to be added to the message. Since the normal switch works on the data link layer of the OSI model, the Data Link layer encapsulation of the message can only be identified. Therefore, if you add a recognition field, you need to add it to the Data Link layer package as well.
IEEE introduced the IEEE 802.1Q protocol standard for standardizing VLAN implementations in 1999, with a unified set of message structures with VLAN identification.
Traditional Ethernet data frames are encapsulated by the destination MAC address and the source MAC address as a Type field of the upper layer protocol, as shown in 2.
Figure 2 Traditional Ethernet Frame Encapsulation format
Where da represents the destination MAC address, SA represents the source MAC address, and type indicates the protocol type to which the message belongs.
The IEEE 802.1Q protocol specifies a VLAN Tag that encapsulates 4 bytes after the destination MAC address and the source MAC address to identify information about the VLAN.
Figure 3 The constituent fields of the VLAN tag
As shown in 3, the VLAN Tag contains four fields, namely Tpid (tag Protocol Identifier, Tag protocol identifier), priority, CFI (Canonical format Indicator, standard format indication bit), and VLAN ID.
L Tpid is used to determine if this data frame has VLAN Tag, the length is 16bit, the default value is 0x8100.
L priority indicates the 802.1P precedence of the message with a length of 3bit, see "QoS Configuration" in "QoS fascicle" for details.
The CFI field identifies whether the MAC address is encapsulated in a standard format on different transport media, length 1bit, and a value of 0 indicates that the MAC address is encapsulated in a standard format, 1 is encapsulated in a nonstandard format, and the default value is 0.
The VLAN ID identifies the number of the VLAN to which the message belongs, with a length of 12bit and a value range of 0~4095. Since 0 and 4095 hold values for the protocol, the VLAN ID range is 1~4094.
The network device uses the VLAN ID to identify the VLAN to which the message belongs, and the packet is processed according to whether the packet carries VLAN tag and the VLAN tag value carried.