(Network basic knowledge of the third) single arm routing

Turn from: http://hi.baidu.com/jx52199/blog/item/d4c27cc790ff29d8d10060b0.html

The internal network structure of many small and medium-sized enterprises is very simple, only use a switch to connect all the employee machines and servers together, and then access the Internet through fiber. Of course, in order to ensure the security of some hosts and split the internal broadcast packet to improve the speed of network transmission, such as the division of VLAN, the allocation of different subnets to achieve. By dividing the VLAN, clients with different ports on the same switch are not able to access each other, effectively isolating the network.

Dividing a network through VLANs can be a solution to the frequent occurrence of security and broadcast storms, but for companies that want to isolate and want to interoperate with some clients, it is also necessary to divide the VLAN and establish access for different VLANs.

It is well known that three-tier switches are available, but most of the time the Enterprise network was built to purchase only two-tier manageable switches, and if a three-tier switch was to be purchased to enable VLAN interoperability, the previous two-tier device would be discarded. This has resulted in a great deal of waste. So is there any way to achieve the function of three-layer switch on the basis of still using two-layer equipment?

The principle of the one or three-layer switch:

Before we tell you how to solve the problem, we need to first understand how the three-tier switch works. In theory, a three-layer switch can be regarded as a two-layer switch + a routing module, in the actual use of the various vendors in the routing module in the switch to achieve three-tier functionality. When the packet is transmitted, it is sent to the routing module, which provides the routing path and then the corresponding packet is forwarded by the switch.

Two, the single arm routing principle:

Now that you still want to use the previous two-tier device, we can add a router to solve the enterprise network escalation problem mentioned above. This router is equivalent to the routing module of the three-tier switch, but we put it outside the switch. The specific principle is shown in the topology diagram.

Router Router

Connecting lines (responsible for communication between multiple VLANs)

Switch switch

You can see in the router router and switch is connected through the external line, the external line is only one, but he is logically separate, the need to route packets will reach the router through this line, after routing through this line back to the switch for forwarding. So everyone gave this topological way a name--one-arm routing. To put it bluntly, a single arm route is a packet from which mouth to enter, and from which mouth, rather than the traditional network topology in the packet from an interface into the router and from another interface to leave the router.

So when do you want to use a single arm route? In the Enterprise Internal Network Division VLAN, when there are some hosts need to communicate between the VLAN, but the switch does not support three-tier exchange, this time can be used to support a 802.1Q router to achieve VLAN interoperability. We only need to establish the sub-interface on the Ethernet port and assign the IP address as the gateway of the VLAN, and start the 802.1Q protocol.

Small tip:

When a physical interface is used as multiple logical interfaces, it is often necessary to enable sub-interfaces on that interface. Through a logical sub-interface to achieve a physical port with more than one function.

Four, the disadvantage of single arm routing:

The disadvantages of one-arm routing are also obvious, on the one hand, he is very consuming routers CPU and memory resources, to a certain extent, affect the efficiency of network packet transmission, on the other hand will be able to be completed by the three-tier switch to the internal completion of the additional equipment completed, the connection line requirements are very high. In addition, through the single arm routing will be divided into a good VLAN completely broken, the original increase in security and reduce broadcast packets and other measures to play a significant reduction in the effect. Of course, anyway. Single arm routing is still an enterprise network upgrade, a good choice when funding is tight.

Summarize:

Single-arm routing is only a strategy to upgrade the existing network, in the enterprise's internal network to divide the VLAN, when there are some hosts need to communicate between the VLAN, but the switch does not support three-tier exchange, then we use this method to solve practical problems. Since there are many such or such shortcomings in single arm routing, it is not recommended that you use this approach to build topologies in the early stages of a network setup.