LAYER 2/3/4 FRAME CLASSIFICATION PRIMER. Whitepaper

Similar documents
White Paper. SmartSwitch Multi-layer Frame Classification

WAN Solutions. WAN Solutions. Cabletron Systems. Smart Network Solutions for Enterprise WANs. WAN Enterprise Solutions Page 1 of 15

Q VLAN User s Guide

Routing Between VLANs Overview

Routing Between VLANs Overview

Multicast and Quality of Service. Internet Technologies and Applications

Sections Describing Standard Software Features

CN1047 INTRODUCTION TO COMPUTER NETWORKING CHAPTER 5 OSI MODEL NETWORK LAYER

Sections Describing Standard Software Features

ACL Rule Configuration on the WAP371

Quality of Service (QoS): Managing Bandwidth More Effectively

Figure Untagged and 802.1Q-Tagged Ethernet frames

Tag Switching. Background. Tag-Switching Architecture. Forwarding Component CHAPTER

VLANs. LAN Switching and Wireless Chapter 3. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

Enterasys 2B Enterasys Certified Internetworking Engineer(ECIE)

J-series Advanced Switching Configuration

Network Protocols - Revision

IP TELEPHONY A REVOLUTION FOR STRUCTURED CABLING SYSTEMS

Index. Numerics. Index p priority (QoS) definition Q VLAN standard w as a region 5-54

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Traditional network management methods have typically

Chapter 4 Configuring Switching

VLANs Level 3 Unit 9 Computer Networks

Configuring QoS. Understanding QoS CHAPTER

Flexible network segmentation for high-speed LANs. Intel Networking Information Series. For today s networking professionals who need fast,

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Network Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals

ASIT-33018PFM. 18-Port Full Gigabit Managed PoE Switch (ASIT-33018PFM) 18-Port Full Gigabit Managed PoE Switch.

Peer to Peer Infrastructure : QoS enabled traffic prioritization. Mary Barnes Bill McCormick

Configuring Quality of Service

Basics (cont.) Characteristics of data communication technologies OSI-Model

Network Configuration Example

Configuring Firewall Filters (J-Web Procedure)

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeBPR (Shaping) How To Guide

HPE ArubaOS-Switch Advanced Traffic Management Guide for WC.16.02

Configuring your VLAN. Presented by Gregory Laffoon

Configuring QoS CHAPTER

Configuring QoS. Finding Feature Information. Prerequisites for QoS

Hands-On Network Security: Practical Tools & Methods

Figure 7-1 Unicast Static FDB window

Appendix B Policies and Filters

Configuring QoS CHAPTER

48-Port Gigabit Ethernet Smart Managed Plus Switch User Manual

Switched Ethernet Virtual LANs

OPTera Metro 8000 Services Switch

Managed Ethernet Switch User s Manual

Configuring QoS CHAPTER

Cisco SRW208 8-Port 10/100 Ethernet Switch: WebView Cisco Small Business Managed Switches

Lecture 13. Quality of Service II CM0256

WiNG 5.x How-To Guide

HPE ArubaOS-Switch Advanced Traffic Management Guide for WB.16.03

LOCAL AREA NETWORKS Q&A Topic 4: VLAN

SD-WAN Deployment Guide (CVD)

Dell EMC Networking vsan vsphere Networking Quick Guide using Dell OS 9

Table of Contents 1 QoS Overview QoS Policy Configuration Priority Mapping Configuration 3-1

Cisco Application Policy Infrastructure Controller Data Center Policy Model

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

MARQUE : REFERENCE : CODIC : NETGEAR GSS108E-100EUS NOTICE

Grandstream Networks, Inc. GWN7000 QoS - VoIP Traffic Management

Quality of Service Setup Guide (NB14 Series)

Communication Redundancy User s Manual

H3C S9500 QoS Technology White Paper

Before configuring standard QoS, you must have a thorough understanding of these items: Standard QoS concepts.

Multicast overview. Introduction to multicast. Information transmission techniques. Unicast

14-port Gigabit Managed Industrial POE Switch

Differentiated services code point (DSCP) Source or destination address

Information about Network Security with ACLs

Cisco Exploration 3 Module 3 LAN Switching and Wireless Jim Johnston Class Notes September 9, 2008

SWITCH Implementing Cisco IP Switched Networks

ProSAFE Easy-Mount 8-Port Gigabit Ethernet PoE+ Web Managed Switch

Configuring MPLS and EoMPLS

IP Multicast Routing Technology Overview

Designing a Reliable Industrial Ethernet Network

CHAPTER 18 INTERNET PROTOCOLS ANSWERS TO QUESTIONS

24-Port: 20 x (100/1000M) SFP + 4 x Combo (10/100/1000T or 100/1000M SFP)

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks

ProSAFE 8-Port 10-Gigabit Web Managed Switch Model XS708Ev2 User Manual

Table of Contents 1 VLAN Configuration 1-1

Gigabit Managed Ethernet Switch

Gigabit Managed Ethernet Switch

IxLoad. Determine Performance of Content-Aware Devices and Networks

Configuring VLANs CHAPTER

Before configuring standard QoS, you must have a thorough understanding of these items:

ESM Security Response Policies Release Notes. Nimda response policy for Windows NT and Windows 2000

Request for Comments: S. Gabe Nortel (Northern Telecom) Ltd. May Nortel s Virtual Network Switching (VNS) Overview

Integrating Network QoS and Web QoS to Provide End-to-End QoS

Network Working Group Request for Comments: 2643 Category: Informational Cabletron Systems Incorporated August 1999

26-Port Full Gigabit Managed PoE Switch

The Industrial Intranet: a Cause For Change

Exam : Cisco Certified Network Associate(CCNA) Title : Version : DEMO

CompSci 356: Computer Network Architectures. Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch & 3.2. Xiaowei Yang

How Did LANs Evolve to Multilayer Switching?

CCNA Exploration Network Fundamentals

Top-Down Network Design

Kentrox DataSMART DSU/CSU Management Module Guide

ALLNET ALL-SG8310PM Smart managed 8 Port Giga PoE Switch PoE Current Sharing Switch IEEE802.3at/af

Data Center Interconnect Solution Overview

GS-1626G Web Smart+ GbE Switch

Gigabit Managed Ethernet Switch

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Transcription:

LAYER 2/3/4 FRAME CLASSIFICATION PRIMER Whitepaper

Table of Contents Introduction The Evolving Enterprise Network...2 Frame Classification...2 Classification Methods...3 Port-Based...3 MAC Address...4 Protocol...4 Layer 3 Protocol Type and Type of Service...4 Layer 3 Address...5 Layer 4 Socket/Port...5 Conclusion...5 I Enterasys Networks I enterasys.com I Copyright 2001 Enterasys Networks, Inc. All rights reserved. pg 1 of 6

Introduction The Evolving Enterprise Network Businesses consider their networks to be a critical component of their success. Network administrators must ensure that business-critical data can be delivered reliably throughout the network an increasingly difficult task in the face of today s ever-changing networks and applications. The information that traverses today s networks includes: Web-based traffic from the Internet, where phenomenal growth has made e- commerce and other web-enabled applications into business necessities; and from intranets, which have become the preferred medium for exchanging corporate information. Multicast traffic, from bandwidth-intensive applications such as video conferencing, that are now being widely deployed on enterprise networks. E-mail, which corporations use for vital inter-employee communication as well as for rapid communication with customers. Time-sensitive voice traffic, as data and voice networks converge within the enterprise. Administrators must be able to fine- tune their network to meet their company s demands.they must distinguish between traffic that is critical to the business, typical of day-to-day operations, or extraneous to business operations. They must also address the company's security issues like payroll and personnel information, or research and development all of which may be vulnerable to attack from within or from outside of the company walls. For administrators to take complete control of network operations, the devices upon their network, such as switches and routers, must be capable of expediting mission-critical data, denying certain traffic from the network, and protecting the network s limited resources. Moreover, there must be a network management platform that can configure and verify these policies across the network infrastructure. Frame Classification New switches being introduced today support two relativelynew industry standards: 802.1Q, which allows administrators to configure VLANs (virtual LANs); and 802.1p, which allows them to set priority rules for network traffic. As these switches classify incoming frames into a certain VLAN or priority level, they insert a tag into the original frame to convey this specific VLAN/priority information to other switches on the network. When the frame reaches the switch nearest its destination, the frame tag is removed and the frame is forwarded on to its destination. The ability to perform this Layer 3/4 classification to share VLAN and priority information throughout the network is fairly straightforward and easily understood. But it is just the first step in accommodating the new enterprise network requirements discussed above, since the limited classification capabilities of some devices may result in limited control for the network administrator. The network edge, or entry point, is the ideal place to assign or classify frames into a VLAN and/or priority, as it is the first (and sometimes only) place where the frame can be so dealt with. Once the frame tag has been inserted in the frame, upstream switches will make frame forwarding decisions based upon the tag s indicated VLAN and/or priority. Although most network designers agree that the network edge is the most efficient place for intelligent packet classification, most switches at the edge of today s networks have limited capabilities in this area. Typically, these switches use the ingress (or receive) port as their only criteria for classifying frames, meaning that all frames received on a given port will be classified to the same VLAN, or be assigned the same priority. This is less than ideal, since it does not match the operational reality of a network, or provide the precise control and security needed by network administrators. As shown in Figure 1, individual workstations can generate source traffic from multiple applications running over numerous protocols (e.g., IP, IPX and AppleTalk). For all protocols and application traffic from a single workstation to be assigned to the same VLAN, or given the same priority, is simply not a desired model of network operation. It is much more efficient for the first ingress switch to have enough intelligence to classify frames to potentially different VLANs and priority levels, based upon the network administrator s needs. The drawback to this, I Enterasys Networks I enterasys.com I Copyright 2001 Enterasys Networks, Inc. All rights reserved. pg 2 of 6

however, is the potential cost increase of deploying such switches on the network. Traditionally, edge switches outnumber core switches or routers by many times, so these more intelligent edge switches must remain costcompetitive with devices that offer simpler classification capabilities. All frames on links between switches include 8021.Q frame tags (802.1Q trunk ports) to indicate VLAN membership and priority. All frames sent from user A are classified as belonging to the same VLAN (Red) and all frames are assigned the same priority (2). Frames have been classified to VLAN Red and priority 2 based upon the receive port. This is due to the switch being a port-based classifying only device. The desired functionality would be to further classify each frame from user A for priority or VLAN assignment. User A is sourcing IP as well as IPX frames.within the IP protocol, there are frames sent to a SAP-R3 server via http, a simple FTP session, and a voice over IP (VOIP) session via a PC phone. Benefits of Classification Classifying frames serves four basic functions, as shown in Figure 2. Containment Scoping or containing of frames within a specific boundary normally referred to as a VLAN Filter Preventing protocols, applications, and/or specific users from accessing the network Security Securing certain resources within the network, such as specific addresses Class of Service/Quality of Service Associating a priority to each frame based on the classification Classification Methods As previously described, the default behavior of a standard 802.1Q switch is to simply classify all frames based upon their receive port. This has limitations, however, when an end system is sending frames from various protocols and/or applications. There are several other higher-layer classification capabilities that provide greater flexibility and control, although they may add to the overall complexity of the switch and the network design. These include frame-by-frame connectionless classification, and frame-by-frame connection (or flow-based) classification. The following examples illustrate these generic classification methods by describing how data sourced from user A in Figure 1 is interpreted or classified. The examples are given in order of increasing complexity, from the simplest to the most complex frame classification. Port-Based This basic method is the default classification method for 802.1Q switches. All frames received on a port are classified as belonging to the same VLAN and receive the priority assigned to that specific port. I Enterasys Networks I enterasys.com I Copyright 2001 Enterasys Networks, Inc. All rights reserved. pg 3 of 6

MAC Address This method relies on an administrator programming VLAN or priority classification rules based on an end user s source (or possibly destination) MAC address. This is far more flexible than simple port classification, but is very tedious to implement in a network. Since VLAN membership is tied to a user s end system (by MAC address), this method works well for networks with roving users. Protocol This method allows an administrator to classify frames based on protocols such as IP, IPX and AppleTalk within the network. It also works well for containing or filtering unknown and broadcast-intensive protocols. Layer 3 Protocol Type and Type of Service This method allows an administrator to classify frames based on information such as their IP Protocol Type, IP Service Type (TOS), and IPX Packet Type. This is commonly used to classify a received frame s 802.1p priority value based on the precedence indicator within its IP TOS field. An IP TOS value that indicates high priority is mapped to user-defined 802.1p value. Classifying frames via this method will become more prevalent as features such as the IETF s Differential Services become more widely deployed. Switches that can classify frames to this level can also support dynamic IP multicast group establishment/pruning, otherwise known as IGMP Snooping. I Enterasys Networks I enterasys.com I Copyright 2001 Enterasys Networks, Inc. All rights reserved. pg 4 of 6

Layer 3 Address This method allows an administrator to classify frames into VLANs or priority levels based on their Layer 3 network address (e.g., their individual IP address, IP subnet, or Novell Network Number). For networks with vital server traffic, for example, this could be used to classify all source or destination frames using that server s IP address as high priority, so that traffic to or from that server would be given preferential treatment. This method also works well for securing networks. An administrator can specify that a certain IP address (such as the router) is only allowed access to the network at a specific entry point (port). This would preclude any user from inadvertently or intentionally duplicating the router s IP address. Layer 4 Socket/Port This method allows an administrator to classify frames based on their Layer 4 application information. This can be used for containment in a scenario where all Novell server SAP advertisements could be restricted within a VLAN boundary in which only Novell servers reside. With this classification method, different priority levels can be assigned to different applications, based upon user need. Conclusion The edge of the network is the best place to assign policy rules. It is also the most challenging because of the number of edge switches typically found on a large network. Once hardware platforms are capable of further classification methods and network management applications are available to easily configure these features, the way networks operate will change dramatically. I Enterasys Networks I enterasys.com I Copyright 2001 Enterasys Networks, Inc. All rights reserved. pg 5 of 6

An Enterasys Networks White Paper I Layer 2/3/4 Frame Classification Primer An Enterasys Networks Whitepaper I Layer 2/3/4 Frame Classification Primer North America Europe/Middle East/Africa Asia Pacific Latin America 35 Industrial Way Newbury Business Park 85 Science Park Drive Periferico Sur No. 3642 Rochester, NH 03867 London Road, Newbury #03-01/04 Piso 6 U.S.A. Berkshire, England RG13 2PZ The Cavendish Colonia Jardines del Pedregal (603) 337-1600 44-1635-580000 Singapore 118259 Deleg. Alvaro Obregon 50 Minuteman Road Andover, MA 01810 U.S.A. 65-775-5355 Unit 10, 14A Rodborough Road Beacon Business Park Mexico City DF 01900 Mexico 525-490-3400 (978) 684-1000 Frenchs Forest NSW 2086 Av. Nacoes Unidas Sydney, Australia 12.551-18º floor 61-29950-5900 Brooklin São Paulo-SP 04578-903 Brazil 55-11-5508-460 Matrix, X-Pedition, Vertical Horizon, Secure Harbour, NetSight and SmartSwitch are trademarks or registered trademarks of Enterasys Networks, a Cabletron Systems Company. All other products or services mentioned are identified by the trademarks or service marks of their respective companies or organizations. NOTE: Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. 2001 Enterasys Networks, Inc. All rights reserved. Lit. #9012588 5/01

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback