An analysis of the two-layer VLAN forwarding of Huawei Ethernet switches and its advantages. To solve the problem of VLAN introduced by Huawei Ethernet switches, we must first understand the benefits brought by VLAN introduction. Remember the corresponding instance. Therefore, it is very advantageous to study the following carefully.
Packet forwarding thread: After VLAN is introduced, the packet forwarding thread of the L2 Switch has the following impact:
◆ The switch searches for the destination MAC address in the data frame in the MAC address table. If the destination MAC address is found and the incoming and outgoing VLANs of the packets are consistent, the data frame is sent to the corresponding port, if no port is found, it is sent to all ports in the VLAN;
◆ If the source MAC address and destination MAC address of the packet received by the switch are the same, the packet is discarded;
◆ The switch forwards broadcast packets to all ports other than the inbound ports.
Introducing VLANs on Huawei Ethernet switches brings the following benefits:
◆ Limits local network traffic, which can improve the processing capability of the entire network to a certain extent.
◆ Virtual working groups, through flexible VLAN settings, divide different users into work
◆ Security: users in one VLAN and users in other VLANs cannot access each other, improving security.
In addition, there are two common concepts of VLAN termination and passthrough, which can be understood literally. The so-called VLAN passthrough means that a VLAN is not only valid on a switch, but also extended to another Huawei Ethernet switch in some way, which is still valid on other devices; the meaning and relative of termination. The valid domain of a VLAN cannot be extended to another device, or it cannot be extended to another device through a link.
802.1Q technology can be used for VLAN passthrough, and PVLAN technology can be used for VLAN termination. The 802.1Q protocol is the technical standard of VLAN. It mainly modifies the standard frame header and adds a tag field, which contains VLAN information such as vlan id, if you are interested, you can refer to the relevant standards and materials.
Note: When forwarding packets through the Trunk port, if the VLAN Tag of the packet is equal to the default vlan id configured on the port, the Tag of the packet should be removed, after receiving the packet without Tag information, the peer obtains the VLAN information of the packet from the PVID of the port, therefore, you must ensure that the PVID settings at both ends of a Trunk link between the two switches are the same.
Why Tag? This is done to ensure normal communication after a common user is inserted into the Trunk, because the common user cannot identify packets with 802.1Q Vlan information. The 802.1Q technology can be used to implement VLAN passthrough, but sometimes the VLAN needs to be terminated.
That is to say, where the VLAN boundary is terminated, the PVLAN technology can achieve this function well, while at the same time achieving the goal of saving VLAN. The PVLAN of cisco means private vlan, while the PVLAN means primary vlan.
There are two types of VLANs: Primary VLAN and secondary vlan sub-vlan ). The layer-2 packets are isolated and the packets sent by the upper-layer switch can be received by each user. This simplifies the configuration and saves VLAN resources. The specific implementation will not be discussed here. If you are interested, you can provide relevant information.
VLAN segmentation is used to isolate communication between VLANs, and layer-3 router devices supporting VLANs can be used to establish inter-VLAN communication. However, the use of routers to connect different VLANs in the enterprise campus network is obviously not the trend of the times. Because we can use layer-3 switching.
Difference 1 Performance): Traditional routers distribute packets based on the microprocessor, which is processed by software. However, layer-3 switches use ASIC hardware for packet forwarding, which has a great difference in performance. Difference 2 interface type ): the interfaces of layer-3 switches are basically Ethernet interfaces, and there are no rich types of router interfaces. Difference 3: layer-3 switches can also work in layer-2 mode and directly exchange packets without routing, vrouters do not have layer-2 functions.
First, let's take a look at the process of device intercommunication: The switch is divided into two VLANs, and the routing interface is configured on VLAN1 and VLAN 2 to achieve intercommunication between vlan1 and VLAN 2. For example, A initiates A ping request to B ):
◆ A checks the destination IP address of the packet and finds that it is in the same network segment as itself;
◆ A ----> B ARP request message, which is broadcast in VLAN1;
◆ B ----> A ARP response packet;
◆ A ----> B icmp request;
◆ B ----> A icmp reply;
The interconnection between A and C takes ping requests from A to C as an example ):
◆ A checks the destination IP address of the packet and finds that it is not in the same network segment as itself;
◆ A ----> switchint vlan 1) ARP request packet, which is broadcast in VLAN1;
◆ Gateway ----> a arp response packet;
◆ A ----> switch icmp request the destination MAC is the MAC of int vlan 1, the source MAC is the MAC of A, the destination IP is C, and the source IP is );
◆ After receiving the packet, the switch determines that the packet is a layer-3 packet. Check the destination IP address of the packet and find that the packet is in its direct connection network segment;
◆ Switchint vlan 2) ----> c arp request message, which is broadcast in VLAN2;
◆ C ---> switchint vlan 2) ARP response packet;
Switchint vlan 2) ----> the target MAC of the C icmp request is the MAC of C, the source MAC is the MAC of the int vlan 2, the destination IP is C, and the source IP is A) in step 4) compared with the MAC header of the packet, the fields above the IP layer are basically unchanged. C ----> A icmp reply, the subsequent processing is basically the same as the previous icmp request process. In the above steps, if the ARP table already has corresponding table items, no arp request packets will be sent to the other party.
How can we differentiate data streams on the second and third layers? The 3526 product is a layer-3 Huawei Ethernet switch, which includes both layer-2 Processing and layer-3 processing. The basic model of Layer 2 and Layer 3 Forwarding is different:
Vlan 1 vlan 2
A C
1.1.1.1
255.255.0.0
1.1.1.2
255.255.0.0
2.2.2.2
255.255.0.0
2.2.2.1
255.255.0.0
1.1.1.3
255.255.0.0
A layer-3 switch is divided into two VLANs. The communication between A and B is completed in one VLAN, and the communication between A and C needs to span VLANs, it is a layer-3 data stream. The above mentioned is a macro method. From a micro perspective, after a packet enters from the port, how does the Swtich device distinguish two-layer packets or three-layer packets?
Because the packets from A to B are in the same VLAN, the destination MAC address of the packet will be the MAC address of host B, and the packets from A to C must span the VLAN, the destination MAC address of the packet is the MAC address on vlan1. Therefore, the switch's standard for distinguishing two or three layers of packets is to check whether the destination MAC address of the packet is equal to the MAC address on the vswitch Virtual Interface. Taking the Huawei S3526 switch as an example, the entire layer-3 Switch process is divided into three major parts:
In the software stack part of the platform, the key functions include running the routing protocol, maintaining the routing information table, and IP protocol stack. In the process of the entire system, this part carries important functions. When the hardware cannot complete packet forwarding, this part can replace the hardware to complete three-layer packet forwarding. In addition, the data streams for telnet, ping, FTP, and snmp on the vswitch are all processed in this section.