Reti di Accesso e di Trasporto (Reti di Accesso) Stefano Salsano AA2010/11 Blocco 4 v1

Similar documents
Reti di Accesso e di Trasporto (Reti di Accesso) Stefano Salsano AA2008/09 Blocco 8 (v2)

VLAN. Mario Baldi. Pietro Nicoletti. Politecnico di Torino. Studio Reti

VLANs Level 3 Unit 9 Computer Networks

Routing Between VLANs Overview

VLAN - SP6510P8 2013/4. Copyright 2011 Micronet Communications, INC

Table of Contents 1 VLAN Configuration 1-1

Q VLAN User s Guide

Lecture 9: Switched Ethernet Features: STP and VLANs

Routing Between VLANs Overview

LOCAL AREA NETWORKS Q&A Topic 4: VLAN

Switched Ethernet Virtual LANs

Chapter 4 Configuring Switching

FSOS. Ethernet Configuration Guide

UNIT 2 NETWORK ADMINISTATION

Chapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1

Introduction to OSPF

Chapter 3. Virtual Local Area Networks (VLANs) Part II

Transparent Bridging and VLAN

Network Configuration Example

Index. Numerics. Index p priority (QoS) definition Q VLAN standard w as a region 5-54

Introduction to Quality of Service

Configuring BPDU tunneling

Managed Ethernet Switch User s Manual

Management Software AT-S67 AT-S68. User s Guide FOR USE WITH AT-FS7016 AND AT-FS7024 SMART SWITCHES VERSION PN Rev A

SWP-0208G, 8+2SFP. 8-Port Gigabit Web Smart Switch. User s Manual

Sections Describing Standard Software Features

Bridge Functions Consortium

Configuring Access and Trunk Interfaces

AN-135. Introduction. VLAN Overview IEEE 802.1Q VLAN Q Tag Based and Port Based VLAN Function and Setting in KSZ8995M/MA

Cisco Exam Interconnecting Cisco Networking Devices Part 2 Version: 10.0 [ Total Questions: 149 ]

Sections Describing Standard Software Features

VLANs and SAS. Robert Castellano. 10/25/04 rc_sasvlan_01 Page 1

Bridge Functions Consortium

Configuring Private VLANs

802.1D/Q Compliance and Spatial Reuse

Hubs. twisted pair. hub. 5: DataLink Layer 5-1

Catalyst 1900 Series and Catalyst 2820 Series Enterprise Edition Software Configuration Guide

24-Port Fast + 2-Port Giga Intelligent Ethernet Switch SG9224B WEB USER GUIDE. Date: 02, Standard Version. Version: 1.02

Configuring your VLAN. Presented by Gregory Laffoon

Table of Contents 1 Port Mirroring Configuration 1-1

Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling

H3C S12500 VLAN Configuration examples

ARP, IP. Chong-Kwon Kim. Each station (or network interface) should be uniquely identified Use 6 byte long address

Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling

User Manual ES-5808PHG. Gigabit 8-Port 802.3at PoE Web Smart Switch

Gigabit Managed Ethernet Switch

NCT240 IP DSLAM with IAC4500 VLAN Tagging Implementation

Campus Networking Workshop. Layer 2 engineering Spanning Tree and VLANs

Antonio Cianfrani. Virtual LAN (VLAN)

8.3. Advanced Functionality Overview

Configuring Private VLANs

Gigabit Managed Ethernet Switch

Gigabit Managed Ethernet Switch

Configuring Private VLANs

CHAPTER 1: VLANS. Routing & Switching

IT114 NETWORK+ Learning Unit 1 Objectives: 1, 2 Time In-Class Time Out-Of-Class Hours 2-3. Lectures: Course Introduction and Overview

Configure Virtual LANs in Layer 2 VPNs

Configuring VLANs. Understanding VLANs CHAPTER

Traffic priority - IEEE 802.1p

Configuring Firewall Filters (J-Web Procedure)

User's Manual. RASP-MG1500 Series Web-smart Gigabit Ethernet Switch User s Manual. (Please read carefully before you use the switch)

PFC and Untagged Frames

Data Communications. Connecting Devices

The following steps should be used when configuring a VLAN on the EdgeXOS platform:

Trademarks. Statement of Conditions by NETGEAR, Inc. All rights reserved.

DD2490 p Layer 2 networking. Olof Hagsand KTH CSC

Configuration Ethernet Avaya Advanced Gateway 2330 AG NN , 01.01

GS-2610G L2+ Managed GbE Switch

Managing and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:

Configuring Private VLANs

Exam Questions

Configuring QoS CHAPTER

Computer Networks Principles LAN - Ethernet

HPE ArubaOS-Switch Advanced Traffic Management Guide for WC.16.02

Configuring QoS CHAPTER

Configuring QoS CHAPTER

Chapter 6 Connecting Device

VERTICAL HORIZON VH-2402S FAST ETHERNET SWITCH MANAGEMENT GUIDE

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

Computer Networking. December 2004 CEN CN

How to configure the IAC4500 Internet Access Controller for Billing by Volume Application with NCT480 IP DSLAM using port location mapping

Configuring VLANs. Understanding VLANs CHAPTER

Junos Enterprise Switching

Understanding VLANs when Sharing OSA Ports on System z

- Hubs vs. Switches vs. Routers -

VLANs. CCNA Exploration Semester 3 Chapter Sep-13

Chapter 16: Switched Ethernet in Automation. Wenbo Qiao

PSGS-2610F L2+ Managed GbE PoE Switch

Point-to-Multipoint and Multipoint-to-Multipoint Services on PBB-TE System

Data Network Guidelines for Ships

LAN interconnection. Telecommunication Networks Group

IEEE 802.1Q YANG Bridge Port Interface Model in Support of 802.1AX, 802.1X, etc. Marc Holness Version Sept 2016

Configuring SPAN and RSPAN

Chapter. Managed Switch. Quick Start. In This Chapter...

Powered by Accton. ES Port Gigabit Web-Smart Switch. Management Guide.

FGS-2616X L2+ Managed GbE Fiber Switches

LANs do not normally operate in isolation. They are connected to one another or to the Internet. To connect LANs, connecting devices are needed.

Network Protocols - Revision

VLAN Configuration. Understanding VLANs CHAPTER

CSC 401 Data and Computer Communications Networks

Transcription:

Reti di Accesso e di Trasporto (Reti di Accesso) Stefano Salsano e-mail: stefano.salsano@uniroma2.it AA2010/11 Blocco 4 v1 Virtual LANs

Broadcast issues Switches: - did partition collision domains - bud DID not partition broadcast domain The obvious solution: : IP subnets Partition network into several subnets Critical approach (especially in the past): routers were slow Need to replace switches with routers No more a problem of efficiency, today layer 3 switches = hardware-based routers, very fast! However

Cons of physical IP subnets Floor 2 LAB 1 (telecom) LAB 2 (nanotech) OFFICES One switch per lab! Even if all switches in a same floor box, manual connection necessary Different LAB rooms = different subnets! Broadcast domain cannot extend through routers more complex management needed Floor 1 LAB 2 (telecom) Physical Network Design vs Logical Network Design Standard design for physical network Well before network partitioning needs emerge from customers of the building! Armadio di piano Armadio di piano Cablaggio orizzontale in rame Prese RJ45 Stanza Stanza Stanza Canalina metallica forata Canalina in PVC Prese RJ45 Stanza Stanza Stanza Tubo in PVC Cablaggio verticale in Fibra Ottica Canalina metallica - Cablaggio verticale di backup in rame

Solution: Virtual LAN (VLAN) VLAN = area which limits the broadcast domain Benefits Broadcast confinement solves scalability issues of large flat networks Isolation of failures and network impairments Security (more later) Multiple VLANs may coexist over a same Switched LAN VLAN Membership Per Port THE typical VLAN approach The IEEE 802.1Q approach Per User Via MAC address Via VLAN tag Results: anarchic VLAN but too easy to break into Per Protocol New feature in IEEE 802.1v Combination (cross-layer) Supported as proprietary extensions Via IP subnet address. Classification hierarchy may be defined E.g. per IP subnet; if not IP per protocol; if not in the set of classified protocols per MAC; if not in MAC list per port.

Physical vs logical view (i.e. why VLANS instead of IP network) Layer 3 subnets ought to be physically separated BUT many VLANs may overlap on the same, unique physical network structure! Robust, failureproof, single managed VLANs and IP subnets /1 1 VLAN = 1 IP subnet Routers are needed to move frames from different VLANs Even if STAs are in the same physical network Inter-VLAN connectivity through router: improves security May apply packet filtering mechanisms such as ACL, etc

VLANs and IP subnets /2 160.80.81.0/24 160.80.80.0/24 Routers for VLAN interconnection may have as little as just one physical interface Also called, in jargon, one-armed routers Multiple IP addresses on the single interface 160.80.80.100 160.80.81.100 VLAN tagging

Port types TRUNK port: transmits and receives tagged frames i.e. with explicit VLAN membership indication ACCESS port: transmits and receives untagged frames i.e. with no VLAN membership indication HYBRID ports: may handle both tagged and untagged frames Access links A link connected to an access port Typically the PC-to-switch link or small-hub-to-switch link Access port Connected STAs belong to only 1 VLAN Connected STAs DO NOT NEED TO KNOW they are on a VLAN They just assume to be on a dedicated IP subnet TX/RX frames: standard Ethernet (no QTAG prefix) S1 S2 S3 HUB

Access links (legacy regions) May be switched LANs themselves Made up by VLAN-unaware switches VLAN-aware switch Access port VLAN-unaware switch VLAN-unaware switch S3 S1 S2 Trunk links A link connected to a trunk port Typically switch-to-switch or switch-to-router links frequently server-to-switch link If PC-to-switch link: Anarchic VLANs considered Trunk port Support tagged Ethernet frames Explicit tagging mechanism to differentiate them Does not belong to a VLAN but transport VLAN frames Either from all VLANs Or just from selected VLANs However, may belong to a VLAN Case of hybrid link Untagged frames assumed to belong to a VLAN

Hybrid links Support both tagged and untagged Ethernet frames Untagged frames belong to the same VLAN (in the example, VLAN C) Modern understanding and implementations: all links are of hybrid type Ethernet Frame format for VLAN (802.3ac, 1998) QTag type = 0x8100 QTag prefix = 4 bytes Maximum frame: 1522 (!!) > 1518 = baby giant

User Priority (802.1p) 0 1 2 3 4 5 6 7 BE BK --- EE CL VI VO NC Best Effort (default) Background Unspecified Excellent Effort Controlled Load Video < 100ms latency/jitter Voice < 10 ms latecny/jitter Network Control Managed via separated output queues - typically with priority queueing - but more complex scheduling mechanisms can be used May a station belong to more than 1 VLAN? Access links Access links Trunk link Yes! (typical case: servers)

Switch operation with VLANs VLAN and forwarding Green Blue, Green Trunk ports may forward only selected VLAN tags Manual (static) configuration Red, Green Automatic (dynamic) configuration via specially devised protocols (GVRP: GARP VLAN Registration Protocol) GARP = Generic Attribute Registr. Prot. See clause 10, 802.1D 1998 version No spanning tree considerations at the moment

VLAN switch: relay functions Ingress function Classification of each received frame as belonging to one and only one VLAN Based on tag Based on port (e.g.) for untagged frames Discard frame based on normal bridging rules PLUS VLAN classification E.g. unallowed VLAN tag from port Ingress function = Access control using switches rather than routers! Forward function Only on specific enabled ports for given VLAN Egress function Add tag (or leave previous tag) if trunk link; Remove tag if access link Learning Learning process affected by VLAN MAC address is no more the only information to consider! VLAN Identifier is also necessary Shared VLAN Learning (SVL) 1 single filtering DB if individual MAC Address learned in one VLAN, learned information used in forwarding decisions relative to all other VLANs Independent VLAN Learning (IVL) 1 filtering DB per each VLAN ID if individual MAC Address learned in one VLAN, learned information NOT used in forwarding decisions relative to all other VLANs General case (SVL/IVL) Many filtering DBs (each with a Filtering ID FID) Each FID may include more than 1 VLAN

Filtering DB Shared VLAN Learning (SVL) Dest MAC Address Ports Age vlan ----------------- ----- --- 00-00-08-11-aa-01 1/1 1 12 00-b0-8d-13-1a-f1 1/7 4 43 a8-11-06-00-0b-b4 2/3 0 12 08-01-00-00-a7-64 2/4 1 1 00-ff-08-10-44-01 2/6 5 12 Filtering DB Independent VLAN Learning (IVL) FID=12 Dest MAC Address Ports Age ----------------- ----- --- 00-00-08-11-aa-01 1/1 1 a8-11-06-00-0b-b4 2/3 0 00-ff-08-10-44-01 2/6 5 FID=43 Dest MAC Address Ports Age ----------------- ----- --- 00-b0-8d-13-1a-f1 1/7 4 FID=1 Dest MAC Address Ports Age ----------------- ----- --- 08-01-00-00-a7-64 2/4 1 Distinct Filtering DBs (each assigned a Filtering ID)

Filtering DB Independent VLAN Learning (IVL) In most cases, no matter wthere IVL or SVL is used However, in some particolar cases, IVL or SVL are necessary Notation used in what follows: Member set Set of ports through which members of the VLAN can be reached Untagged set Set of ports through which, if frames are to be transmitted, they shall be transmitted without tag» Untagged set for a port may include multi VLANs (see SVL example next) PVID (Port VLAN ID) VLAN associated to the port See 802.1Q-2003, Annex B (pag. 245-252) for detailed explanation of following examples Nella larga maggioranza dei casi, utilizzare il meccanismo IVL o quello SVL è equivalente. Vi sono casi particolari in cui questo non è vero e bisogna utilizzare uno dei due meccanismi. Nel primo esempio ( Why IVL? ) si considera l utilizzo di dispositivi ibridi detti Connector che operano in modalità intermedia tra livello 2 e 3. In pratica effettuano l inoltro di una trama da una VLAN all altra. Nel secondo esempio ( Why SVL? ) si mostra come è possibile far lavorare un server legacy (cioè che non sia progettato per operare sulle VLAN ma su una LAN tradizionale) in modo da interoperare contemporaneamente con dispositivi su diverse VLAN.

Why IVL? /1 Note: is a bridge device! Were it a router, no problems! SVL would not work!! (A learned from both port 1 and 4) (no STP in the example ) Why IVL? /2 SVL would not work!! (A learned from both port 1 and 3) (STP enabled, VLAN-aware connector)

Why SVL? VLAN unaware server to be shared among VLANs Must use untagged access link Asymmetric VLANs!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback