In-depth analysis of VLAN-Based Configuration Policy Routing

Many people may not have a special understanding of setting policy routes. So I have studied VLAN-Based Configuration Policy routes. Here I will share with you, hoping to help you. With the popularization of networks, how can small-sized enterprise local networks spend less money to implement more complex network functions in the case of a shortage of funds to meet people's needs for higher network functions, it is a concern of network technicians.

In Linux, network technicians can implement a wide range of routing functions based on user needs. Many of these functions can be comparable to those of router products. Based on the powerful functions of the Linux system, it is proposed to solve this problem by setting up a Linux server, which is economical and secure. A local factory initially set up a local area network. Due to limited economic conditions, it only buys simple network connection equipment and accesses the local ISP through optical fiber. With the development of network applications, it is necessary to divide several network segments, requiring that IDC users are not allowed to access finance departments and offices, and computers in finance departments are not allowed to access the Internet. Most of the solutions to these problems are through the use of vswitches in combination with vrouters. Although this method is relatively simple and easy to maintain, it is costly. Therefore, this article develops a technical solution based on actual conditions and specific requirements: Install a Linux server and resolve the problem by dividing the virtual LAN (VLAN) and setting the routing policy.

VLAN Concept

VLAN (Virtual Local Area Network) is also known as a Virtual LAN. This technology implements the division of logical working groups unrelated to physical locations. VLAN technology can be used to restrict broadcast datagram within the same VLAN, improving the overall effective bandwidth of the network. At the same time, different levels of security policies can be defined for each VLAN based on actual conditions, effectively avoiding illegal intrusion and enhancing network security. The following describes how to define the three main VLANs.

(1) A port-based VLAN defines a virtual subnet through the port division of a switch. This method is similar to that of a physical network segment, the main disadvantage is that it cannot implement virtual network configurations unrelated to physical locations. If the workstation moves between ports, it is necessary to reconfigure the VLAN, this method is widely used and most mature in practice.

(2) VLAN definitions based on MAC addresses use the MAC address of the node Nic to determine the virtual subnet to which it belongs. This method implements virtual network configurations unrelated to physical locations. The disadvantage is that during initialization, the network administrator must manually configure the MAC address of the node. When the node increases, the management burden increases, this configuration method is obviously not suitable for networks with a large number of nodes.

(3) VLAN definitions based on IP policies determine virtual networks through network layer protocols or IP addresses. This VLAN definition method is more flexible than the previous two methods. A vswitch can be automatically divided into different VLANs based on the network address or packet protocol of each node.

VLAN implementation in Linux

In most cases, Port-based VLAN 802.10 is used in Linux. Each network device that supports the 802. IQ Protocol adds a 4-byte Tag in the Ethernet frame header when sending a packet to indicate which VLAN the packet belongs. When a packet enters another network device that supports the 802.1Q protocol, it is switched to the corresponding VLAN Based on the Tag in the 802.1Q frame. In applications, Layer 2 switches that support the 802.1Q protocol are generally connected to Layer 3 switches, so that Layer 2 switches can use the routing function of Layer 3 switches to forward data between different VLANs.

How to Set Policy Routing in Linux

In Linux, Policy Routing is also based on the above principles. Through RPDB, RPDB mainly consists of multiple route tables and rules, and consists of the Rule selection table. The route table, its operations, and its external interfaces are the core components of the entire RPDB. The route table consists of tables, zones, and nodes. Operations on the route table mainly include physical operations and semantic operations.