VLAN learning notes

Source: Internet
Author: User

 

VLAN learning notes

VLAN learning notes (1): Why VLAN

What is a VLAN?

 

VLAN (Virtual LAN), translated into Chinese as "Virtual LAN ". A lan can be a network composed of a few home computers or an enterprise network composed of hundreds of computers. A VLAN refers to a LAN that uses a router-separated network, that is, a broadcast domain.

 

Here, let's first review the concept of broadcast domains. The broadcast domain refers to the range in which a broadcast frame (the target MAC address is all 1) can be transmitted, that is, the range in which direct communication can be performed. Strictly speaking, it is not just a broadcast Frame. The Multicast Frame and the Unknown Unicast Frame can also be freely transmitted in the same broadcast domain.

 

Originally, a L2 Switch can only build a single broadcast domain. However, after using the VLAN function, it can divide the network into multiple broadcast domains.

 

When the broadcast domain is not split ......

 

So why do we need to split the broadcast domain? That's because if there is only one broadcast domain, it may affect the overall transmission performance of the network. For more information, see the attached figure.

 

 

In the figure, there is a layer-2 switch (switch 1 ~ 5) connect to a network composed of a large number of clients. Assume that computer A needs to communicate with computer B. In Ethernet-based communication, the target MAC address must be specified in the data frame to communicate normally. Therefore, computer A Must broadcast the "ARP Request information" first ", to obtain the MAC address of computer B.

After receiving the broadcast frame (ARP request), switch 1 will forward it to all ports except the receiver port, that is, Flooding. Then, vswitch 2 will also Flooding after receiving the broadcast frame. Vswitches 3, 4, and 5 will also be Flooding. Eventually, ARP requests are forwarded to all clients in the same network.

 

 

 

 

Please note that this ARP request was originally sent to obtain the MAC address of computer B. That is to say, as long as computer B can receive it, everything will be fine. But in fact, data frames spread throughout the network, so that all computers receive them. In this way, on the one hand, broadcast information consumes the overall bandwidth of the network, and on the other hand, computers that receive broadcast information consume part of the CPU time to process it. This results in significant unnecessary consumption of network bandwidth and CPU computing power.

 

Is broadcast information frequently sent?

 

When I read this article, I may ask: is broadcast information so frequently?

 

The answer is: yes! In fact, broadcast frames appear very frequently. When using the TCP/IP protocol stack for communication, in addition to the preceding ARP, many other types of broadcast information such as DHCP and RIP may need to be sent.

 

ARP broadcast is sent when it needs to communicate with other hosts. When the client requests an IP address from the DHCP server, it must broadcast DHCP. When RIP is used as the routing protocol, the router broadcasts route information to other neighboring routers every 30 seconds. Other routing protocols other than RIP use multicast to transmit route information, which is also forwarded by the switch (Flooding ). In addition to TCP/IP, protocols such as NetBEUI, IPX, and Apple Talk often require broadcast. For example, in Windows, When you double-click to open "Network Computer", the broadcast (Multicast) information is sent. (Except Windows XP ......)

 

In short, broadcast is around us. Below are some common broadcast communication:

 

L ARP request: Establishes the ing between IP addresses and MAC addresses.

 

L RIP: A routing protocol.

 

L DHCP: the protocol used to automatically set IP addresses.

 

L NetBEUI: The network protocol used in Windows.

 

L IPX: The network protocol used by Novell Netware.

 

L Apple Talk: The network protocol used by Apple's Macintosh computers.

 

If the entire network has only one broadcast domain, once the broadcast information is sent, it will spread throughout the network and bring additional burden to the hosts on the network. Therefore, when designing a LAN, you must be aware of how to effectively split the broadcast domain.

 

Necessity of dividing broadcast domains and VLAN

 

Generally, vrouters must be used to separate broadcast domains. After using a vro, you can divide the broadcast domain by the network Interface on the vro.

 

However, generally, there are not too many network interfaces on the vro, and the number of interfaces is larger than 1 ~ About 4. With the popularization of broadband connections, broadband routers (or IP sharing devices) become more common, but it should be noted that although they carry multiple (generally about 4) the network interface connecting the LAN side, but it is actually a vswitch built in the router, and cannot be divided into broadcast domains.

 

In addition, if you use a vro to separate the broadcast domains, the number of the segments depends entirely on the number of vro network interfaces, making it impossible for you to split the broadcast domains as needed.

 

Compared with vrouters, L2 switches generally have multiple network interfaces. Therefore, if you can use it to separate broadcast domains, the flexibility of application will undoubtedly be greatly improved.

 

The technology used to divide broadcast domains on L2 switches is VLAN. With VLAN, We can freely design the composition of broadcast domains to improve the freedom of network design.

VLAN learning notes (1): Why VLAN

What is a VLAN?

 

VLAN (Virtual LAN), translated into Chinese as "Virtual LAN ". A lan can be a network composed of a few home computers or an enterprise network composed of hundreds of computers. A VLAN refers to a LAN that uses a router-separated network, that is, a broadcast domain.

 

Here, let's first review the concept of broadcast domains. The broadcast domain refers to the range in which a broadcast frame (the target MAC address is all 1) can be transmitted, that is, the range in which direct communication can be performed. Strictly speaking, it is not just a broadcast Frame. The Multicast Frame and the Unknown Unicast Frame can also be freely transmitted in the same broadcast domain.

 

Originally, a L2 Switch can only build a single broadcast domain. However, after using the VLAN function, it can divide the network into multiple broadcast domains.

 

When the broadcast domain is not split ......

 

So why do we need to split the broadcast domain? That's because if there is only one broadcast domain, it may affect the overall transmission performance of the network. For more information, see the attached figure.

 

 

In the figure, there is a layer-2 switch (switch 1 ~ 5) connect to a network composed of a large number of clients. Assume that computer A needs to communicate with computer B. In Ethernet-based communication, the target MAC address must be specified in the data frame to communicate normally. Therefore, computer A Must broadcast the "ARP Request information" first ", to obtain the MAC address of computer B.

After receiving the broadcast frame (ARP request), switch 1 will forward it to all ports except the receiver port, that is, Flooding. Then, vswitch 2 will also Flooding after receiving the broadcast frame. Vswitches 3, 4, and 5 will also be Flooding. Eventually, ARP requests are forwarded to all clients in the same network.

 

 

 

 

Please note that this ARP request was originally sent to obtain the MAC address of computer B. That is to say, as long as computer B can receive it, everything will be fine. But in fact, data frames spread throughout the network, so that all computers receive them. In this way, on the one hand, broadcast information consumes the overall bandwidth of the network, and on the other hand, computers that receive broadcast information consume part of the CPU time to process it. This results in significant unnecessary consumption of network bandwidth and CPU computing power.

 

Is broadcast information frequently sent?

 

When I read this article, I may ask: is broadcast information so frequently?

 

The answer is: yes! In fact, broadcast frames appear very frequently. When using the TCP/IP protocol stack for communication, in addition to the preceding ARP, many other types of broadcast information such as DHCP and RIP may need to be sent.

 

ARP broadcast is sent when it needs to communicate with other hosts. When the client requests an IP address from the DHCP server, it must broadcast DHCP. When RIP is used as the routing protocol, the router broadcasts route information to other neighboring routers every 30 seconds. Other routing protocols other than RIP use multicast to transmit route information, which is also forwarded by the switch (Flooding ). In addition to TCP/IP, protocols such as NetBEUI, IPX, and Apple Talk often require broadcast. For example, in Windows, When you double-click to open "Network Computer", the broadcast (Multicast) information is sent. (Except Windows XP ......)

 

In short, broadcast is around us. Below are some common broadcast communication:

 

L ARP request: Establishes the ing between IP addresses and MAC addresses.

 

L RIP: A routing protocol.

 

L DHCP: the protocol used to automatically set IP addresses.

 

L NetBEUI: The network protocol used in Windows.

 

L IPX: The network protocol used by Novell Netware.

 

L Apple Talk: The network protocol used by Apple's Macintosh computers.

 

If the entire network has only one broadcast domain, once the broadcast information is sent, it will spread throughout the network and bring additional burden to the hosts on the network. Therefore, when designing a LAN, you must be aware of how to effectively split the broadcast domain.

 

Necessity of dividing broadcast domains and VLAN

 

Generally, vrouters must be used to separate broadcast domains. After using a vro, you can divide the broadcast domain by the network Interface on the vro.

 

However, generally, there are not too many network interfaces on the vro, and the number of interfaces is larger than 1 ~ About 4. With the popularization of broadband connections, broadband routers (or IP sharing devices) become more common, but it should be noted that although they carry multiple (generally about 4) the network interface connecting the LAN side, but it is actually a vswitch built in the router, and cannot be divided into broadcast domains.

 

In addition, if you use a vro to separate the broadcast domains, the number of the segments depends entirely on the number of vro network interfaces, making it impossible for you to split the broadcast domains as needed.

 

Compared with vrouters, L2 switches generally have multiple network interfaces. Therefore, if you can use it to separate broadcast domains, the flexibility of application will undoubtedly be greatly improved.

 

The technology used to divide broadcast domains on L2 switches is VLAN. With VLAN, We can freely design the composition of broadcast domains to improve the freedom of network design.

 

VLAN learning notes (2): VLAN access Links

Vswitch Port

 

Vswitch ports can be divided into the following two types:

 

L Access Link)

 

L Trunk Link)

 

Next, let's learn the characteristics of these two different ports in sequence. First, we will learn "Access Links ".

 

Access Link

 

The access link refers to the port "only belongs to one VLAN and forwards data frames to this VLAN. In most cases, the access link is connected to a client.

 

Generally, the order of VLAN settings is as follows:

 

L generate VLAN

 

L set the access Link (which VLAN each port belongs)

 

The method for setting access links can be fixed in advance or dynamically changed based on the connected computer. The former is called "static VLAN", and the latter is naturally "dynamic VLAN.

 

Static VLAN

 

A static VLAN is also known as a Port-Based VLAN ). As the name suggests, it is to specify the VLAN for each port.

 

 

 

 

 

Because you need to specify ports one by one, when the number of computers in the network exceeds a certain number (such as hundreds), the configuration operations will become very complicated. In addition, each time the client changes the connected port, it must change the VLAN settings of the port at the same time-this is obviously not suitable for networks that need to change the Extension Structure frequently.

 

Dynamic VLAN

 

On the other hand, a dynamic VLAN is used to change the VLAN of a port at any time based on the computer connected to each port. This avoids the above changes and settings. Dynamic VLANs can be roughly divided into three categories:

 

L MAC address-Based VLAN)

 

L Subnet-Based VLAN (Subnet Based VLAN)

 

L User-Based VLAN)

 

The difference lies in determining the VLAN to which the port belongs based on the information of the OSI reference model.

 

A VLAN based on a MAC address is used to query and record the MAC address of the NIC on the computer connected to the port to determine the port. Assume that a mac address "A" is set to VLAN "10" by the switch, no matter which port the computer with the MAC address "A" is connected, all ports are allocated to VLAN10. When the computer is connected to Port 1, Port 1 belongs to VLAN10, while Port 2 belongs to VLAN10.

 

 

 

Because the VLAN is determined based on the MAC address, it can be understood that this is a way to set the access link on the second layer of OSI.

 

However, when configuring a VLAN based on a MAC address, you must investigate the MAC address of all connected computers and log on to it. If the computer switches the NIC, you still need to change the settings.

 

The subnet-based VLAN is determined by the IP address of the connected computer. Unlike the MAC address-based VLAN, even if the computer changes the MAC address due to NIC switching or other reasons, as long as its IP address remains unchanged, it can still add the previously set VLAN.

 

 

 

Therefore, compared with VLAN Based on MAC addresses, it is easier to change the network structure. The IP address is the layer-3 Information in the OSI reference model. Therefore, we can understand that subnet-based VLAN is a method for setting access links on the layer-3 of OSI.

 

Based on the user's VLAN, the user currently logged on to the computer connected to each port of the switch determines which VLAN the port belongs. The user identification information here is generally the user logging on to the computer operating system, for example, the user name used in the Windows domain. These usernames are information above the OSI layer.

 

In general, the higher the OSI layer, the more suitable it is to build a flexible network.

 

Summary of Access Links

 

In summary, there are two methods to set the access link: static VLAN and dynamic VLAN. Dynamic VLAN can be further subdivided into several small categories.

 

Among them, subnet-based VLANs and user-based VLANs may be implemented by network device vendors using unique protocols, and the interconnection between devices of different vendors may lead to compatibility issues; therefore, when selecting a vswitch, be sure to confirm in advance.

VLAN learning notes (3): VLAN Implementation Mechanism

After understanding why VLAN is needed, let's take a look at how a vswitch uses VLAN to separate broadcast domains.

 

First, on a L2 Switch without any VLAN, any broadcast frame will be forwarded to all other ports except the acceptor port (Flooding ). For example, after computer A sends broadcast information, it is forwarded to ports 2, 3, and 4.

Vswitch

 

Broadcast Frame

 

After receiving the broadcast frame, the switch forwards it to all ports except the acceptor port.

 

In this case, if two VLANs are created on the switch, red and blue, and Port 1 and Port 2 belong to the red VLAN, Port 3 and port 4 belong to the blue VLAN. Then, when A sends A broadcast frame, the switch will only forward it to other ports in the same VLAN-that is, Port 2 in the same red VLAN, it will not be forwarded to the port that belongs to the blue VLAN.

 

Similarly, when C sends broadcast information, it will only be forwarded to other ports belonging to the blue VLAN and will not be forwarded to the ports belonging to the red VLAN.

 

 

In this way, VLAN splits the broadcast domain by limiting the range of broadcast Frame Forwarding. To facilitate the description, the red and blue colors are used to identify different VLANs.

 

Intuitively describe VLAN

To describe a VLAN more intuitively, we can regard it as logically dividing a switch into several switches. Generate red and blue VLANs on a vswitch. It can also be seen as replacing one vswitch with one red, one blue, and two virtual switches.

 

 

 

When a new VLAN is generated out of the red and blue VLANs, it can be imagined that a new switch is added.

 

However, the vswitches generated by VLAN are logically different from each other. Therefore, after a VLAN is set on a vswitch, the communication between VLANs fails if no other processing is performed.

 

It is clearly connected to the same vswitch, but cannot communicate-this fact may be unacceptable. However, it is not only a convenient and easy-to-use feature of VLAN, but also a cause that makes it hard to understand VLAN.

 

What should I do when inter-VLAN communication is required?

So what should we do when we need to communicate between different VLANs?

Let us recall that VLAN is a broadcast domain. Generally, two broadcast domains are connected by routers, and packets transmitted between broadcast domains are retransmitted by routers. Therefore, communication between VLANs also requires routers to provide relay services, which are called "Inter-VLAN routing ".

A common router or a layer-3 switch can be used for inter-VLAN routing. The specific content will be detailed later. We hope that you will first remember that the routing function is required for communication between different VLANs.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.