L3 Ethernet switch: introduces L2 VLAN forwarding

Layer-3 Ethernet switch: introduces L2 VLAN forwarding, configurations in layer-3 Ethernet switches, MAC addresses, and L2 VLAN forwarding, I hope you will have a clear understanding after reading the following articles. The forwarding mechanism of a layer-3 Ethernet switch is divided into two parts: layer-2 forwarding and layer-3 switching. First, let's talk about the second-layer forwarding process.

MAC address Introduction
◆The MAC address is a 48-bit binary address, for example, 00-e0-fc-00-00-06.
◆ It can be divided into Unicast address, multicast address, and broadcast address.
◆ Unicast address: the first byte percentile is 0, for example, 00-e0-fc-00-00-06
◆ Multicast address: the first byte's percentile is 1, for example, 01-e0-fc-00-00-06
◆ Broadcast address: 48-bit full 1, for example, ff-ff

Note:
◆ The MAC address of the NIC or router interface of a common device must be a unicast MAC address to ensure its intercommunication with other devices.
◆ The MAC address is the basis for an Ethernet device to run on the network and is also the basis for implementing link layer functions.

L2 forwarding: the L2 forwarding feature of a l3 Ethernet switch conforms to the 802.1D bridge protocol standard. Layer-3 Ethernet switch layer-2 forwarding involves two key threads: address learning thread and message forwarding thread.

The Learning thread is as follows:
◆ The layer-3 Ethernet switch receives all data frames in the network segment and uses the source MAC address in the received data frame to create a MAC address table;
◆ Port Movement Mechanism: If the switch finds that the inbound port of a packet is different from the port of the source MAC address in the packet, the port is moved and the MAC address is re-learned to the new port;
◆ Address Aging Mechanism: If the switch does not receive a message from a host for a long time, the MAC address corresponding to the host will be deleted, when the next message comes, you will learn it again.
◆ Note: Aging is also performed based on the source MAC address.

Message forwarding thread:
◆ The switch searches for the target MAC address in the data frame in the MAC address table. If it finds the target MAC address, it sends the data frame to the corresponding port. If it cannot find the target MAC address, it sends the data frame to all ports;
◆ If the source MAC address in the packet received by the layer-3 Ethernet switch is the same as the port of the destination MAC address, the packet is discarded;
◆ A layer-3 Ethernet switch forwards broadcast packets to all ports other than the inbound port.

Introduction to L2 VLAN forwarding

◆ Packet forwarding thread: After VLAN is introduced, the packet forwarding thread of the L2 Switch has the following impact:

◆ The switch searches for the destination MAC address in the data frame in the MAC address table. If the destination MAC address is found and the incoming and outgoing VLANs of the packets are consistent, the data frame is sent to the corresponding port, if no port is found, it is sent to all ports in the VLAN;

◆ If the source MAC address and destination MAC address of the packet received by the switch are the same, the packet is discarded;

◆ The switch forwards broadcast packets to all ports other than the inbound ports.

The introduction of VLAN on a layer-3 Ethernet switch brings the following benefits:
◆ Limits local network traffic, which can improve the processing capability of the entire network to a certain extent.
◆ Virtual working groups, through flexible VLAN settings, divide different users into working groups;
◆ Security: users in one VLAN and users in other VLANs cannot access each other, improving security.

In addition, there are two common concepts of VLAN termination and passthrough, which can be understood literally. The so-called VLAN passthrough means that a VLAN is not only valid on a layer-3 Ethernet switch, but also extended to another layer-3 Ethernet switch in some way, which is still valid on other devices; the meaning and relative of termination. The valid domain of a VLAN cannot be extended to another device, or it cannot be extended to another device through a link.

802.1Q technology can be used for VLAN passthrough, and PVLAN technology can be used for VLAN termination. The 802.1Q protocol is the technical standard of VLAN. It mainly modifies the standard frame header and adds a tag field, which contains VLAN information such as vlan id, if you are interested, you can refer to the relevant standards and materials.

Note: When forwarding packets through the Trunk port, if the VLAN Tag of the packet is equal to the default vlan id configured on the port, the Tag of the packet should be removed, after receiving the packet without Tag information, the peer obtains the VLAN information of the packet from the PVID of the port, therefore, you must ensure that the PVID settings at both ends of a Trunk link are the same between two layer-3 Ethernet switches.

Why Tag? This is done to ensure normal communication after a common user is inserted into the Trunk, because the common user cannot identify packets with 802.1Q Vlan information. The 802.1Q technology can be used to implement VLAN passthrough, but sometimes the VLAN needs to be terminated.

That is to say, where the VLAN boundary is terminated, the PVLAN technology can achieve this function well and achieve the goal of saving VLAN. The PVLAN of cisco means private vlan, while the PVLAN means primary vlan.

There are two types of VLANs: Primary VLAN and secondary vlan sub-vlan ). Layer-2 packets are isolated and packets sent by layer-3 Ethernet switches on the upper layer can be received by each user. This simplifies the configuration and saves VLAN resources. The specific implementation will not be discussed here. If you are interested, you can provide relevant information.