450 likes | 640 Views
Section 1 Technology. Module 1 Ethernet-Vlan Technology 3FL15001BBADWBZZ Edition 01. Objectives. An understanding of the basics of the Ethernet Frame Format and VLANs. Objectives [cont.]. 1 Ethernet Framing. LAN. 1 Ethernet Framing 1.1 Ethernet: Ethernet and Ethernet.
E N D
Section 1Technology Module 1Ethernet-Vlan Technology3FL15001BBADWBZZ Edition 01
Objectives • An understanding of the basics of the Ethernet Frame Format and VLANs
LAN 1 Ethernet Framing1.1 Ethernet: Ethernet and Ethernet • IEEE-802.3 protocol: based on Xerox Network Standard (XNS)=Eth V1 • IEEE-802.3 protocol: commonly called Ethernet. 3 different versions exist: • IEEE 802.3 frame with Type field and any protocol in payload • IEEE 802.3 frame with Length field and LLC header • IEEE 802.3 frame with Length field and LLC/SNAP header • Ethernet v2 is a valid IEEE 802.3 frame • Used in Local Area Networks • Uses CSMA/CD
1 Ethernet Framing1.2 Common fields in the Ethernet 7B 1B 6B 6B 4B pre- amble SFD DA SA XXX FCS Frame Check Sequence, CRC Source MAC address Destination MAC address Fixed sequence to alert the receiver
1 Ethernet Framing1.3 IEEE 802.3 Ethernet frame interpretation • Based on type or length field Frame size : Min 64 bytes , Max 1518 bytes 6B 6B 2B 4B DA SA Length orType XXX FCS Data Link Header Frame length (<=1500) or type information (>1500)
0800 IP Datagram (46–1500 Bytes) 8035 RARP Req RARP Reply (28 Bytes) PAD(18 Bytes) 1 Ethernet Framing1.4 IEEE 802.3 frame with type field • Commonly called Ethernet v2 Frame Frame size : Min 64 bytes , Max 1518 bytes 6B 6B 2B 4B DA SA Type P A Y L O A D (46–1500 Bytes) FCS Data Link Header TYPE> 1500 0x0800=IP 0x0806 = ARP 0x8035 = RARP 0x888E = 802.1X 0x8863=PPPoE Control frames 0x8864 = PPPoE Data frames 0806 ARP Req ARP Reply (28 Bytes) PAD(18 Bytes)
Frame length (<=1500) 1 Ethernet Framing1.5 IEEE 802.3 frame with 802.2 LLC header • Defining Service Access Points (SAPs) • SAPs ensure that the same Network Layer protocol is used at the source and at the destination. • TCP/IP talks to TCP/IP, IPX/SPX talks to IPX/SPX,… • Destination SAP/Source SAP Frame size : Min 64 bytes , Max 1518 bytes DA SA length DSAP 1B SSAP 1B CONTR 1B P A Y L O A D (43–1497 Bytes) FCS Data Link Header 02 = Individual LLC Sublayer Management Function03 = Group LLC Sublayer Management Function04 = IBM SNA Path Control (individual)05 = IBM SNA Path Control (group)06 = ARPANET Internet Protocol (IP)AA = SubNetwork Access Protocl (SNAP)E0 = Novell NetWareF0 = IBM NetBIOS 802.2 LLC
LLC 1 Ethernet Framing1.6 IEEE 802.3 SNAP header • Due to growing number of applications using the IEEE LLC 802.2 header, an extension was made. • Introduction of the IEEE 802.3 Sub Network Access Protocol (SNAP) header • SSAP=H’AA, DSAP=H’AA indicates that a SNAP-header is used 00-00-00 3B AA1B AA 1B 031B TYPE 2B SNAP
AA 1B 03 1B 802.2 SNAP 802.2 LLC 1 Ethernet Framing1.7 IEEE 802.3 frame with 802.2 LLC/ 802.3 SNAP header • Type field provides backwards compatibility with Ethernet v2 frame Frame size : Min 64 bytes , Max 1518 bytes DA SA length AA 1B 00.00.00 3B Type 2B P A Y L O A D (38–1492 Bytes) FCS Data Link Header TYPE 0x0800=IP 0x0806 = ARP 0x8035 = RARP 0x888E = 802.1X 0x8863=PPPoE Control frames 0x8864 = PPPoE Data frames
1 Ethernet Framing1.8 IP over Ethernet/IEEE 802 – example 0800 Source Address (6 bytes) Destination Address (6 bytes) FCS (4) IP datagram Preamble (8 bytes) ETHERNET II Length (2 bytes) Source Address (6 bytes) Destination Address (6 bytes) FCS (4) IP datagram 06 06 Preamble (8 bytes) LLC IEEE 802.3/ IEEE 802.2 LLC Length (2 bytes) Source Address (6 bytes) Destination Address (6 bytes) IP datagram FCS (4) Preamble (8 bytes) 0800 AA AA 03 00 LLC SNAP IEEE 802.3/ IEEE 802.2 LLC/SNAP
Summary • Ethernet version 2 (Xerox) MAC frame • has Ethertype field • indicates which protocol is inside the data section • Value always > 05-DC hex. • 802.3 has a Length or/and Type field • if < 05-DC IEEE802.3 Length field • if >=05-DC IEEE802.3 Type field • Type field gives a protocol identification (same as Ethertype) • 802.3 incorporates aspects of Ethernet version 2 and will replace it for high-speed Ethernet networks • Ethernet v2 is a valid 802.3 frame
2 VLAN: Virtual Local Area Network2.1 What is a LAN? • Local Area Network (LAN) • Single Broadcast domain • Same Subnet • No routing between members of a LAN • Routing required between LANs Everyone can communicate witheach other on the LAN Corporate LAN
Marketing LANEngineering LANAdministration LAN 2 VLAN: Virtual Local Area Network2.2 What is VLAN? • Virtual Local Area Network VLAN • Used to separate the physical LAN into logical LANs • Logical broadcast / multicast domain • Virtual • Inter-VLAN communication: only via higher-layer devices (e.g. IP routers) • LAN membership defined by the network manager • Virtual Corporate LAN
2 VLAN: Virtual Local Area Network2.3 How VLANs Work • VLAN can be distinguished by the methodused to indicate membership when apacket travels between switches. • Implicit • Explicit • VLAN membership can be classified by • Port • Protocol type • MAC address • IP address • IEEE 802.1Q • Explicit • 802.1Q tag • Implicit • Port based • Port and Protocol based
1 2 3 7 8 9 4 5 6 2 VLAN: Virtual Local Area Network2.4 Layer 1 VLAN: Membership by port • Membership in a VLAN is defined based on the ports that belong to the VLAN. • Also refered to as Port switching • Does not allow user mobility • Does not allow multiple VLANs to include the same physical segment (or switch port)
1 2 3 7 8 9 4 5 6 2 VLAN: Virtual Local Area Network2.5 Layer 2 VLAN : Membership by MAC address • Membership in a VLAN is based on the MAC address of the workstation. • The switch tracks the MAC addresses which belong to each VLAN • Provides full user movement • Clients and server always on the same LAN regardlessof location • Disadvantages • Too many addresses need to be entered andmanaged • Notebook PCs change docking stations MAC@D MAC@C MAC@A MAC@B
pre- amble SFD DA SA Lengthor Type P A Y L O A D (46–1500 Bytes) FCS 2 VLAN: Virtual Local Area Network2.6 Layer 3 VLAN: Membership by Protocol type • Membership implied by MAC protocol type field • Thisis the most flexible method and providesthe most logical grouping of users
2 VLAN: Virtual Local Area Network2.6 Layer 3 VLAN: Membership by IP Subnet Address [cont.] 1 2 3 7 8 9 4 5 6 • The network IP subnet address (layer 3 header) can be used to classify VLAN membership IP@: 138.22.24.10 IP@: 138.21.35.47 IP@: 138.21.35.58 IP@: 138.22.24.5
2 VLAN: Virtual Local Area Network2.7 VLAN types - Glossary/Terminology • Port based VLAN classification • VID based on port of arrival • Frame receives Port VLAN identifier – PVID • Default VID • Not standardized within 802.1Q • Interpretation according to context • Often equals PVID • Port-and-protocol-based VLAN classification • VID based on port of arrival and the protocol identifier of the frame • Multiple VLAN-Ids associated with port of the bridge – VID set
VLAN aware Bridge VLAN unaware workstation 2 VLAN: Virtual Local Area Network2.8 VLAN Link types: Access Link • Access link • Link that is a member of only one VLAN • Contain VLAN unaware devices • All frames on access link are untagged • Normal ports to which we connect our network devices such as PCs. Access Link
VLAN aware Bridge VLAN aware Bridge VLAN aware workstation Trunk Link Trunk Link 2.8 VLAN Link Types2.8.2 Trunk Link • Trunk Link • Capable of carrying multiple VLANs • Used at links between switches • Allowing VLANS to span over all network switches
VLAN aware Bridge VLAN aware Bridge 2.8 VLAN Link Types2.8.3 Hybrid Link • Hybrid Link • Contain both VLAN aware and VLAN unaware devices • All frames for specific VLAN are tagged or untagged VLAN aware workstation Hybrid Link VLAN unaware workstation
802.1Q tag-type (value 81 00) Tag Control Information 2 VLAN: Virtual Local Area Network2.9 Q-VLAN tag (IEEE 802.1Q) • Also referred to as C-VLAN tag • Customer VLAN tag • VLAN Bridge • Q-VLAN aware bridge • comprising a single Q-VLAN component Frame size : Min 68 bytes , Max 1522 bytes pre- amble SFD DA SA TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS 2 bytes 2 bytes Tag protocol Identifier 12 bits 3 bits CFI Vlan_ID”Q-TAG” (802.1Q) # 4096 Priority ”p-bits” (802.1p) # 8
2 VLAN: Virtual Local Area Network2.10 802.1Q Tag-based- Glossary/Terminology • Untagged frame • A frame doesn’t contain a tag header • Priority-tagged frame • A frame with tag header carries priority but no VID (VID=0) • VLAN-tagged frame • A frame with Q-tag header carries both priority and VID. • 802.1Q Tag VLAN • Each VLAN group has unique VID • Each member of VLAN group can talk to each other • VLAN-aware • The device can recognize and support VLAN-tagged frame • VLAN-unaware • The device can't recognize VLAN-tagged frame
Ingress Towards the forwarding Engine Egress Out of the forwarding engine Upstream From user to network Downstream From network to user 2 VLAN: Virtual Local Area Network2.11 Forwarding engine - Glossary/Terminology Forwarding engine End-user Ethernet port End-user Ingress Egress Downstream Upstream
FilteringDatabase ForwardingProcess Ingress Rule Egress Rule PacketReceive PacketTransmit 2 VLAN: Virtual Local Area Network2.12 802.1Q Process • Ingress Rule • Classify the received frames belonging to a VLAN • Forwarding Process • Decide to filter or forward the frame • Egress Rule • Decide if the frames must be sent tagged or untagged
2 VLAN: Virtual Local Area Network2.13 Ingress Rule • VLAN-aware switch can accept tagged and untagged frames • Tagged frame: • is directly sent to the forwarding engine • Untagged frame: • A tag is added onto this untagged frame (with the PVID) • Then the tagged frame is sent to the forwarding engine • PVID • Default Port VLAN ID for incoming untagged frames Tagged frame Tagged frame VID VID Towards ForwardingProcess Ingress Rule Tagged frame Untagged frame PVID
2 VLAN: Virtual Local Area Network2.14 Forwarding Process • Forwarding decision is based on the filtering database • Filtering database contains two tables. • - MAC table and VLAN table • First, check destination MAC address based on the MAC table • Second, check the VLAN ID based on the VLAN table • Egress port is the allowed outgoing member port of VLAN Filtering Database • MAC Table • VLAN Table Port MAC Address Aging VID Egress Port Register Egress frame type 2 00:A0:C5:11:11:11 0 2 00:A0:C5:22:22:22 20 1 2 Static Untag 3 00:A0:C5:33:33:33 30 1 3 Static Tag 10 00:A0:C5:44:44:44 100 100 3 Static Untag
2 VLAN: Virtual Local Area Network2.15 Egress Rule Tagged frame Tagged frame VID VID Tagged frame Untagged frame Egress Rule VID
2 VLAN: Virtual Local Area Network2.16 Principles of operation in a VLAN Bridge • C-VID of incoming frames is determined: • If C-TAG is present, C-VID is taken from tag (no translation!) • If C-TAG is not present, • If supported : port and protocol are used for C-VID classification. else, the default C-VID for that port is used (PVID); The standard leaves room for proprietary assignment of C-VID based on other parameters • Incoming frame is forwarded according to forwarding information base associated with the C-VLAN. • Outgoing frame may carry C-TAG or not, depending on egress rule. = Q/C-VLAN tag Security check that VLAN id is allowed on that access line VLAN tag added by CPE e.g. outgoing port supports only tagged VLAN tag added by access node
2 VLAN: Virtual Local Area Network2.17 Objective of VLAN stacking • The existing Ethernet technology is not enough to satisfy carrier-grade requirements • Q/C-VLAN tag • only 4094 VIDs • Scalability issue • Business customers typically have one-to-one mapping • Problem if different customers are using the same VID! • no customer traffic segregation • Enhancement: new Service Provider VLAN tag (S-VLAN) to become a carrier solution • IEEE 802.1 ad • Does not only describe S-VLAN for use in VLAN-stacking
2 VLAN: Virtual Local Area Network2.18 IEEE 802.1ad - Systems • VLAN Bridge = Customer Bridge = .1Q Bridge • Treats C-TAG only • Provider Bridge (new) • Treats S-TAG only • Provider Edge Bridge (new) • Contains a Provider Bridge component and a Customer Bridge component • Treats C-TAG and S-TAG
802.1Q tag-type (value 81 00) Tag Control Information 2 VLAN: Virtual Local Area Network2.19 IEEE 802.1ad - Tags • Customer TAG (C-TAG) • C-TAG is used to identify a Customer VLAN (C-VLAN) by means of a Customer VLAN ID (C-VID). • Service TAG (S-TAG) (new) • S-TAG is used to identify a Service VLAN (S-VLAN) by means of a Service VLAN ID (S-VID). • Pre-standard synonyms: VMAN-tag, P-VLAN tag. • IEEE802.1ad: • Draft 3 in Oct 25/2004, approved Dec 8/2005 and published May 26/20063 bit priority 1 bit CFI 12 bit VID Tag-Type: as C_Vlan Frame size : Min 68 bytes , Max 1526 pre- amble SFD DA SA TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS 2 bytes 2 bytes
to provider equipment to provider equipment S-VLAN aware Bridge component Provider Network Port Provider Network Port Customer Network Port Customer Network Port Customer Network Port C-VLAN aware Bridge component Internal EISS Internal EISS ProviderBridge Provider Edge Port Provider Edge Port to customer equipment to customer equipment to customer equipment Yellow ports can read C-TAGs, or assign a C-VID to untagged frames. Green ports can read S-TAGs, or assign an S-VID to untagged frames. 2 VLAN: Virtual Local Area Network2.20 IEEE 802.1ad - Ports
2 VLAN: Virtual Local Area Network2.21 Operation in a provider edge bridge: single tag • S-VID of incoming frames is defined: • If S-TAG is present, S-VID is taken from tag • If S-TAG is not present, • Same rules as for C-TAG in VLAN bridge. • Incoming frame is forwarded according to forwarding information base associated with the S-VLAN. • Outgoing frame may carry S-TAG or not (egress rule). Customer NW Port S-VLAN aware Bridge component C-VLAN aware Bridge comp Provider Edge Port Provider NW Port Internal EISS Customer NW Port = S-VLAN tag
= Q/C-VLAN tag = S-VLAN tag 2 VLAN: Virtual Local Area Network2.22 Operation in a Provider Edge Bridge: single tag • An incoming frame on a provider edge port is forwarded internally depending on the C-TAG. This two-step approach enables a translation of C-VID to S-VID. • Incoming frame is forwarded according to forwarding information base associated with respectively the C-VLAN / S-VLAN to which the frame belongs. • Outgoing frame may carry S-TAG or not (egress rule) Customer NW Port S-VLAN aware bridge component e.g. Outgoing port supports only tagged C-VLAN aware bridge comp Provider Edge Port Provider NW Port Internal EISS Customer NW Port
802.1Q tag-type (value 81 00) Tag Control Information 2 VLAN: Virtual Local Area Network2.23 Dual VLAN – VLAN Stacking • IEEE 802.1ad • Most vendors apply today 1Q-in-Q VLAN Tag • Cisco, Alcatel-Lucent,… Frame size : Min 68 bytes , Max 1522 bytes Single VLAN tag pre- amble SFD DA SA TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS Dual VLAN tag”(“Vlan stacking”) Frame size : Min 72 bytes , Max 1526 S-Vlan C-Vlan pre- amble SFD DA SA TPID TCI TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS 2 bytes 2 bytes
tag-type (value 81 00) Tag Control Information 2 VLAN: Virtual Local Area Network2.24 Dual VLAN – VLAN Stacking • Q-in-Q VLAN • The second VLAN tag protocol identifier is 802.1Q tag type just like in Single VLAN tagged frames Dual VLAN tag”(“Vlan stacking”) Frame size : Min 72 bytes , Max 1526 bytes S-Vlan C-Vlan pre- amble SFD DA SA TPID TCI TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS 2 bytes 2 bytes Tag protocol Identifier 3 bits 12 bits CFI Vlan_ID”Q-TAG” (802.1Q) # 4096 Priority ”p-bits” (802.1p) # 8
2 VLAN: Virtual Local Area Network2.25 Operation in a Provider Bridge: VLAN stacking • We now have two tags • The S-TAG may be added and removed independently of the C-tag. • A Provider Bridge ignores C-tags, except on Provider Edge Ports • VLAN-stacking can occur even if the incoming frame is untagged (at provider edge port). = Q/C-VLAN tag = S-VLAN tag Customer NW Port S-VLAN aware bridge component C-VLAN aware bridge comp Provider Edge Port Provider NW Port Internal EISS Customer NW Port
End of Module Ethernet-Vlan Technology