In the IP data network architecture, when using a vswitch as the access device and using a LAN as the access method An important issue is the isolation between users, because users connected to the LAN are often in the same broadcast domain, and their communication information can be monitored by other users in the same broadcast domain, affects Network Security Completeness. In addition, bandwidth consumption and network latency caused by a large amount of broadcast information in the broadcast domain also affect the network. VLAN technology achieves the isolation of LAN access users, which not only improves security, but also reduces the number of broadcast domains in segments. The broadcast information in the network is missing. VLAN Technology logically divides a LAN into logically isolated virtual networks. Each member of a VLAN is in a unified broadcast domain and communicates with each other. Must pass the layer-3 route. There are many VLAN division methods, including port-based VLAN, Mac-based VLAN, and network-layer VLAN. The most technical implementation of VLAN Generally, frame tags are used. 802.1Q provides the frame tag standard, which includes VLAN tags. ID is a 12-bit domain that supports 4096 VLAN instances, while the user Priority is a three-bit frame priority with eight priorities. The Ethernet data frame in the network can distinguish different network traffic through vlan id and user priority. Due to the limitation of the switch chip, many switch VLAN ranges are tag-based VLAN IDs can only be in the range of N ~ N + 512. Active VLAN refers to the tag-based Generally, the number of VLANs is less than 256. The full range of switches in the s2000m and s3000 networks of beacon network can be 1 ~ 4094. The number of VLANs is 4094, It has reached the standard maximum value. At present, many operators require end-to-end security identification. Each user is expected to have a VLAN, but the problems are standard. The number of VLAN resources is only 4096, which limits the network size of the broadband access network. For example, in the future, a home user will be connected to multiple services. In addition to common broadband data services, there will also be voice services such VOIP and video services, such as IPTV. In operation, you need to use VLANs to differentiate different services. A single user occupies multiple VLANs. In this case, the standard VLAN resource can be used for service. The number of accounts will be less than 4096. It is very likely that users in one or two buildings will The ID resources are exhausted, which is not conducive to deploying VLAN across the network. With support for Q-in-Q Technology, aggregation layer switches can effectively expand the number of VLANs in the man so that the number of VLANs can reach 4096*4096 VLAN IDs can be planned in the entire Community network, which makes management very convenient. For example, an outer VLAN can be assigned to each user. ID number. If you use the vlan id in the inner layer to identify different business types, you can only view the ID number to learn the business type. F-engine The Q-in-Q feature of s3500 meets this requirement. By using the innovative Q-in-Q technology, the network capability of Metro Ethernet has exceeded the limit of 4096 VLANs, extends L2 Networks can be built using VLANs, and L2 VPNs in man can be implemented in this way, which is particularly suitable for Ethernet Wide Area Network Services in metro networks. Q-in-Q working principle is: Data in the private network transmission with a private network tag, defined as C-VLAN Tag, data into the service provider's backbone network, in a layer of public network VLAN tag, defined as P-VLAN tag. To the destination private network and then P-VLAN Tag stripping provides users with a simple layer-2 VPN tunnel. P-VLAN tag labels are embedded in Ethernet source MAC And the target MAC address. It also contains a 12-bit P-VLAN ID that supports 4096 VLANs. P-VLAN The CoS domain contains three bits and supports eight levels of priority. In a Q-in-Q-based network, the carrier assigns a P-VLAN ID for each VLAN, and then puts the user's C-VLAN The ID instance maps to these P-VLAN IDs. Therefore, the user's C-VLAN ID is protected. For example, assume that a user wants to use a C-VLAN ID Data of and 6 must pass through the public network to reach the user network in another physical location. The Public Network carries this penetration service and assigned P-VLAN ID 78 to aggregate these C-VLAN IDs. That is, the user's C-VLAN ID and 6 are mapped to the P-VLAN ID 78, so that when data is transmitted over the Internet, the P-VLAN The ID is transparent, while the C-VLAN ID is hidden. And the user can freely allocate the number of C-VLAN in their network and set these C-VLAN according to business requirements Cos domain priority. The Q-in-Q technology provided by F-engine s3500 of beacon network has the following advantages when solving small-scale man or enterprise network solutions: 1) 4096*4096 vlanids are provided to address the increasingly shortage of Internet vlan id resources; 2) you can plan your own private vlan id, which does not cause conflict with the Public vlan id; 3) provides a simple L2 VPN solution; 4) makes the user's network highly independent. When the service provider upgrades the network, the user's network does not have to change the original configuration. |