Wednesday, July 24, 2013

Q-in-Q - IEEE802.1 ad

under construction
Posted by at No comments:

VLAN - IEEE802.1Q

Introduction


Local Area Network (LAN) was originally defined as a network of computers located within the same area. Today, Local Area Networks are defined as a single broadcast domain. This means that if a user broadcasts information on his/her LAN, the broadcast will be received by every other user on the LAN. Broadcasts are prevented from leaving a LAN by using a router. The disadvantage of this method is routers usually take more time to process incoming data compared to a bridge or a switch. More importantly, the formation of broadcast domains depends on the physical connection of the devices in the network. Virtual Local Area Networks (VLAN's) were developed as an alternative solution to using routers to contain broadcast traffic

What are VLANS

VLAN is simply an administratively defined subset of switch ports that are in the same broadcast domain. Ports can be grouped into different VLANs on a single switch, and on multiple interconnected switches as well
  • Creating multiple VLANs, the switches create multiple broadcast domains
  • A broadcast sent by a device in one VLAN is forwarded to the other devices in that same VLAN; however, the broadcast is not forwarded to devices in the other VLANs
Layer 2 switches forward frames between devices in the same VLAN, but they do not forward frames between two devices in different VLANs. To forward data between two VLANs, a multilayer switch (MLS) or router is needed.

Why use VLAN's


Performance:

In networks where traffic consists of a high percentage of broadcasts and multicasts, VLAN's can reduce the need to send such traffic to unnecessary destinations. Compared to switches, routers require more processing of incoming traffic. As the volume of traffic passing through the routers increases, so does the latency in the routers, which results in reduced performance. The use of VLAN's reduces the number of routers needed, since VLAN's create broadcast domains using switches instead of routers.


Formation of Virtual Workgroups:

To contain broadcasts and multicasts within the workgroup, a VLAN can be set up for them. With VLAN's it is easier to place members of a workgroup together

Simplified Administration:

Seventy percent of network costs are a result of adds, moves, and changes of users in the network. Some of these tasks can be simplified with the use of VLAN's. If a user is moved within a VLAN, reconfiguration of routers is unnecessary.

Reduced Cost:

VLAN's can be used to create broadcast domains which eliminate the need for expensive routers.

Security:

Periodically, sensitive data may be broadcast on a network. In such cases, placing only those users who can have access to that data on a VLAN can reduce the chances of an outsider gaining access to the data

Types of VLAN

There are 5 types of data traffic available. 
  1. Layer1 VLAN – Membership by Port
Membership in a VLAN can be defined based on the ports that belong to the VLAN. For example, in a bridge with four ports, ports 1, 2, and 4 belong to VLAN 1 and port 3 belongs to VLAN 2
 
  1. Layer2 VLAN – Membership by Mac address
·        Membership in a VLAN is based on the MAC address of the workstation. Since MAC addresses form a part of the workstation's network interface card, when a workstation is moved, no reconfiguration is needed to allow the workstation to remain in the same VLAN
·        The main problem with this method is that VLAN membership must be assigned initially. In networks with thousands of users, this is no easy task
 
  1. Layer2 VLAN – Membership by Protocol
·        VLAN membership for Layer 2 VLAN's can also be based on the protocol type field found in the Layer 2 header
  1. Layer3 VLAN – Membership by IP subnet Address
·        Membership is based on the Layer 3 header. The network IP subnet address can be used to classify VLAN membership
  1. Higher Layer VLAN's
·        Possible to define VLAN membership based on applications or service, or any combination thereof. For example, file transfer protocol (FTP) applications can be executed on one VLAN and telnet applications on another VLAN

Types of Connection

VLAN can be connected in three ways based on whether the connected devices are VLAN-aware or VLAN-unaware.

·         Trunk Link

Devices connected to a trunk link, including workstations, must be VLAN-aware; all frames on a trunk link must have a special header attached. These special frames are called tagged frames (Explicitly)
·         Access Link
Access link connects a VLAN-unaware device to the port of a VLAN-aware bridge. All frames on access links must be implicitly tagged (untagged)
·         Hybrid Link
Combination of the previous two links. This is a link where both VLAN-aware and VLAN-unaware devices are attached. A hybrid link can have both tagged and untagged frames, but all the frames for a specific VLAN must be either tagged or untagged.

 Tagging

Two types of tagging available.
  • Implicit tagging
    • In this case the hosts are not VLAN-aware and now the switch has to build a tagged frame based on its knowledge of the sender's VLAN membership. Typically the VLAN membership is configured by ports or by MAC addresses.
  • Explicit tagging
    • VLAN-aware hosts generate tagged packets directly and the switches forward these tagged packets
As part of tagging a 4 bytes added addition with Ethernet frame format. Before going into the tagging part  will understand the Ethernet frame and it's usage.

Ethernet Frame format


Start frame delimiter: 

The Start frame delimiter is a single byte, 10101011, which is a frame flag, indicating the start of a frame.

Designation MAC:

This is the MAC address of the machine receiving data.

Source MAC:

This is the MAC address of the machine transmitting data.

TYPE/length:

This is the length of the entire Ethernet frame in bytes if it is type it will provide the higher layer protocol details. Ex: if the upper layer protocol is IP it will show Type as 0x0800 and it is an ARP – 0x0806

Data:

The data is inserted here.

FCS:

This field contains the Frame Check Sequence (FCS) which is calculated using a Cyclic Redundancy Check (CRC).

VLAN Tag Frame format 

 

 

 
Tag Protocol Identifier (TPID):

A 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame

Tag Control Information (TCI)

Priority Code Point (PCP): A 3-bit field which refers to the IEEE 802.1p priority. It indicates the frame priority level. Values are from 0 (best effort) to 7 (highest); 1 represents the lowest priority.

CFI- Canonical Format Indicator is always set to zero for Ethernet switches.

VID- VLAN ID is the identification of the VLAN, which is basically used by the standard 802.1Q. It has 12 bits and allow the identification of 4096 (2^12) VLANs.

 Sample scenarios

The below scenarios will provide you more insight to understand VLAN and it's packet forwarding.. start working on with Cisco packet tracer.. 
In the below scenarios blue links are access and green links are trunks

Scenario 1:


Scenario 2:


Scenario 3


Scenario 4


Scenario 5


 Scenario 6



Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)