Protocol-based VLAN (IEEE 802. 1 v) by Robert Wu (吳經義) August 30, 2002 IEEE 802. 1 v RWU 2002 1
AGENDA I. Virtual LAN Concept II. Ethernet Frame Format III. IEEE 802. 1 v RWU 2002 How to Implement Protocol-based VLAN 2
Standard & References 1. 2. 3. IEEE Standards for Local & Metropolitan Area Networks : Virtual Bridged Local Area Networks July, 1998 3. 4. 5. IEEE Standard Frame Extensions for Virtual Bridged Local Area Network (VLAN) Tagging on 802. 3 Networks IEEE std 802. 3 ac-1998 4. 5. A Standard for the Transmission of IP Datagrams over IEEE 802 Networks 5. 6. Recommended Practice for MAC Bridging of Ethernet V 2. 0 in IEEE 802 Local Area Networks IEEE 802. 1 H, 1995 6. 7. Draft Standard for Local & Metropolitan Area Networks: Overview and Architecture IEEE P 802/D 29, 2001 8. 9. IEEE 802. 1 v RWU 2002 IEEE Draft P 802. 1 v/D 6 Standard for Supplement to IEEE 802. 1 Q VLAN Classification by Protocol & Port 7. The Switch Book by Rich Seifert Nov. 28, 2000 RFC 1042, Feb. 1988 2000 3
Virtual LAN Concept VLAN technology allows users to separate logical connectivity from physical connectivity. Users are still connected via physical cables to physical wiring devices, but the connectivity view from application is no longer restricted to the bounds of physical topology. ES #1 2 1 3 5 4 6 7 8 9 ES #3 ES #2 18 13 10 IEEE 802. 1 v RWU 2002 11 12 14 15 16 17 19 4
VLAN Membership Port-based VLAN MAC-based VLAN Protocol-based VLAN Layer-3(Network)-based VLAN Application-based VLAN IEEE 802. 1 v RWU 2002 5
Tagged Ethernet Frame Format 7 octets 1 octet Preamble SFD 6 octets Destination Address Source Address 2 octets 802. 1 Q Tag Type 6 octets 2 octets TAG Control Information 2 octets MAC Length/Type 42 -1500 octets MAC client data 4 octets IEEE 802. 1 v RWU 2002 81 -00 TCI FCS 6
Tagged Frame Format(Con’t) User_priority 1 3 C F I 4 VLAN Identifier(VID) 5 8 12 15 CFI is the Canonical Format Indicator Tag header contains Tag Protocol ID & Tag Control Information(TCI) Tag Header is inserted between last octet of source field and first octet of Type/Length field IEEE 802. 1 v RWU 2002 7
Ethernet Frame Format DA SA 6 bytes 802. 1 Q Tagged frame DA 2 bytes Remainder of frame 6 bytes 4 bytes SA Tag Type Untagged frame 6 bytes Type 6 bytes Remainder of frame TPID COS CFI VLAN id 16 bits IEEE 802. 1 v RWU 2002 3 bits 1 bit 12 bits 8
Individual VLAN Learning Generic All VLANs can share Router a single server—less routing R R 1 IP. 1. 0 R 2 IP. 2. 0 Sv 1 IP. 1. A IP. 2. B 25 12 13 VLA ES 1 1 2 Could also use. 1 Q trunk— Trunks must be tagged VLB 4 5 Switch with multiple FDBs ES 2 ES 4 IP. 1. 0 IEEE 802. 1 v RWU 2002 IP. 2. 0 ES 3 9
Shared VLAN Learning All VLANs can share a single server—less routing Generic Router R R 1 IP. 1. 0 Sv 1 IP. 1. A IP. 2. B 25 12 R 2 IP. 2. 0 13 VLAN A ES 1 1 VLAN B 4 2 Switch with SFDB 5 ES 2 IP. 1. 0 IEEE 802. 1 v RWU 2002 IP. 2. 0 ES 4 ES 3 10
Protocol-based VLAN Ether. Switch-12 Ether. Switch-13 VLAN-2 IP user-5 IP user-6 Host-10 VLAN-27 UNIX IP Host-7 Apple. Talk Server IPX user-4 IPX user-1 IPX Server VLAN-4 IP & IPX user-9 Match “port” and “protocols” IEEE 802. 1 v RWU 2002 11
IP Frame Encapsulation IP HDR Destination Address Source Address Type or Length (Type=0 x 0800 ) IP Protocol Data Ethernet Data CRC The IP layer is responsible for transferring data across routers between hosts on the Internet. IEEE 802. 1 v RWU 2002 12
IP Header Format 0 1 2 3 4 5 6 7 VERS LEN Identification Time To live Total Length Type Of Service Flags Protocol Fragment Offset Header Checksum 8 E Destination IP Address Padding Option 4 C Source IP Address Protocol field: 1 - ICMP 2 - IGMP 6 - TCP 8 - EGP 17 - UDP 89 - OSPF 0 10 14 DATA Total: 20 bytes IEEE 802. 1 v RWU 2002 13
I. Virtual LAN Concept II. Ethernet Frame Format III. IEEE 802. 1 v RWU 2002 How to Implement Protocol-based VLAN 14
Ethernet Frame Format Ethernet II Frame Preamble 8 bytes Destination Source MAC Address 6 6 Type IP Datagram CRC 2 0 -1500 4 IEEE 802. 3 with SNAP Frame Preamble Destination Source MAC Address 8 bytes 6 DSAP AA 6 SSAP AA Control 03 Length DATA CRC 2 0 -1500 4 OUI/Protocol ID 00 00 00 08 00 IP Packet Note : OUI – 0000 F 8 for Bridge Tunnel Encapsulation Protocol IEEE 802. 1 v RWU 2002 15
Tagged Ethernet Frame Format SNAP Encoded 10 bytes FC IEEE 802. 1 v RWU 2002 DA SA AA-AA-03 00 -00 -00 8100 0002 AA-AA-03 00 -00 -00 Len Packet. . . 16
Multiple protocols above LLC sublayer Standard network layer protocols have been assigned reserved LLC addresses in ISO/IEC TR 11802. 1. Other protocols are : 1) local assignment of LSAPs; 2) Sub-Network Access Protocol (SNAP) 6 bytes DA SA 2 bytes Type 6 bytes Constant Remainder of frame Copy DSAP 42 Control 03 OUI/Protocol ID 00 00 00 BPDU Data DSAP AA IEEE 802. 1 v RWU 2002 SSAP 42 SSAP AA Control 03 OUI/Protocol ID 00 00 00 08 00 IP or Packet 17
Ethernet MAC Frame Ethernet MAC frame format includes 16 -bit type/length value: Length Field Interpretation hex decimal Undefined 0000 05 DC 0600 FFFF 0 1500 1536 65535 <----- Length Field (IEEE 802. 3 format) Preamble Type Field -------> (DIX format) Length/ Destination Source MAC Address Type 8 bytes 6 6 LLC DSAP LLC SSAP LLC Control 1 IEEE 802. 1 v RWU 2002 Type Field Interpretation 1 1 CRC 0 -1500 2 DATA 4 OUI/Protocol ID 00 00 00 08 00 Packet Data 5 18
Header Format in RFC 1042 MAC Header DSAP SSAP Control OUI/Protocol ID IEEE 802. 1 v RWU 2002 802. 3/4/5 MAC 802. 2 LLC 802. 3 SNAP 19
Frame Types Length-encapsulated 802. 3 frame Ethernet-2 DA/SA Type LLC_other DA/SA Length RFC_1042 DA/SA Length AA-AA-03 00 -00 -00 SNAP_other DA/SA Length AA-AA-03 SNAP_8021 H DA/SA Length AA-AA-03 00 -00 -F 8 Tagged DA/SA 81 -00 IEEE 802. 1 v RWU 2002 Type-encapsulated IPX Raw frame FF-FF TCI Type Protocol ID Type Length-encapsulated 802. 3 frame(RFC 1042) Length-encapsulated 802. 3/SNAP frame Length-encapsulated 802. 3 frame(802. 1 H) 802. 3 tagging frame 20
I. Virtual LAN Concept II. Ethernet Frame Format III. How to Implement Protocol-based VLAN IV. V. VII. IEEE 802. 1 v RWU 2002 Protocol-based VLAN per port-based, not for whole system Detect the value of the Length/Type field in a MAC frame 21
Frame Classification Tagged Frame? Yes Frame associated to matching VLAN(tag = VLAN ID) No MAC belongs to MAC VLAN? Yes Frame associated to matching VLAN(MAC-based VLAN) No IP SA belongs To IP VLAN? Yes Frame associated to matching VLAN(IP subnet-based VLAN) No Ether Type belongs to one of Protocol-based VLAN? Yes No Frame associated to matching VLAN corresponding to the port IEEE 802. 1 v RWU 2002 Frame associated to matching VLAN(Protocol-based VLAN) Order of precedence in VLAN membership: VLAN ID, MAC-based VLAN, IP subnet-based VLAN, Protocol-based VLAN, then port-based VLAN. 22
Protocol-based. VLANs For Layer 3 module, protocol-based VLANs enable you to use protocol type and switching ports as the distinguishing characteristic for your VLANs. Important Consideration When you create this type of VLAN interface, review these guidelines : . If you plan to use the VLAN for bridging purposes, select one or more protocols per VLAN. Select them one protocol at a time. . If you plan to use the VLAN for routing, you can select one or more protocols per VLAN, one protocol at a time, and subsequently define a routing interface for each routable protocol that is associated with the VLAN. You can perform routing as follows : ~ You can route between VLANs defined on Layer-3 modules ~ You can use a Layer 3 module to route between VLANs that are defined on Layer 3 modules. The Layer 3 modules support routing for two protocol suites : IP & IPX. . To define a protocol-based VLAN interface, specify this information : IEEE 802. 1 v RWU 2002 23
~ The VID, or accept the next-available VID ~ The switching ports that are part of the VLAN interface. (If you have trunk ports, specify the anchor port for the trunk) ~ The protocol for the specified ports in the VLAN ~ IEEE 802. 1 Q tagging must be selected for ports that overlap on both port and protocol (for example, if two IPX VLANs overlap on port 3). ~ The name of this VLAN interface. . If you use IP as the protocol and also specify a Layer 3 address, the protocol-based VLAN becomes a network-based VLAN. You should consider removing an network-based VLANs and defining multiple IP interface per VLAN. The protocol suite describes which protocol entities can comprise a protocolbased VLAN. For example, VLANs on the Layer 3 module support the IP protocol suite, which has three protocol entities (IP, ARP, and RARP). IEEE 802. 1 v RWU 2002 24
Support Protocol Suites for VLAN Configuration Protocol Suite IP Novell IPX Protocol Entries IP, ARP, RARP(Ethernet-2, SNAP PID IPX(supports all of below 4 IPX types) IPX-type II(Ethernet-II) IPX-802. 2 LLC(DSAP/SSAP : 0 x. E 0) IPX-802. 3 Raw(DSAP/SSAP : 0 x. F 0) Appe. Talk DDP, AARP(Ethernet-II, SNAP PID) Xerox XNS IDP, XNS address translation, XNS compatibility(Ethernet-II, SNAP PID) DEXnet DEC MOP, DEC Phase IV, DEC LAT, DEC LAVC(Ethernet-II, SNAP PID) SNA service over Ethernet(Ethernet-II DSAP/SSAP : 0 x 04 & 0 x 05) Banyan(Ethernet-II, DSAP/SSAP : 0 x. BC , SNAP PID) X. 25 Layer-3(Ethernet-II) Net. BIOS(DSAP/SSAP : 0 x. F 0) Default (all protocol types) (unspecific) IEEE 802. 1 v RWU 2002 No. of protocol Suites in a Suite 1 4 1 1 1 3 2 1 0 0 2 3 1 5 2 1 1 1 1 0 1 25
Your Layer 3 modules impose two important limits regarding the number of VLANs and the number of protocols : . Number of VLANs supported - To determine the minimum number of VLANs that the Layer 3 module can support, use the equation described in “Number of VLANs” here. A Layer 3 module supports a maximum of 64 VLANs. . Maximum number of protocols - Use the value 15 as the limit of protocols that can be implemented on the Layer 3 module. A protocol suite that is used in more than one VLAN is counted only once towards the maximum number of protocols. Establishing routing between VLANs Your Layer 3 modules support routing IP, IPX VLANs. If VLANs are configured for other routable network layer protocols, they can communicate between them only via an external router or a Layer 3 module configured for routing. The Layer 3 module’s routing over bridging model lets you configure routing protocol interfaces based on a static VLAN defined for one or more protocols. IEEE 802. 1 v RWU 2002 26
You must first define a VLAN to support one or more protocols and then assign A routing interface for each protocol associated with the VLAN. Important Considerations To create an IP interface that can route through a static VLAN, you must : 1. Create a protocol-based IP VLAN for a group of switching ports. (If the VLAN overlaps with another VLAN on any ports, be sure that you define in in accordance with the requirements of your VLAN mode). (This IP VLAN does not need to contain Layer 3 information unless you want a network-based IP VLAN). 2. Configure an IP routing interface with a network address and subnet mask and specify the interface type vlan. 3. Select the IP VLAN interface index that you want to bind to that IP interface. If Layer 3 information is provided in the IP VLAN interface for which you are configuring an IP routing interface, the subnet portion of both addresses must be compatible. IEEE 802. 1 v RWU 2002 27
For example : . IP VLAN subnet 157. 103. 54. 0 with subnet mask of 255. 0. IP host interface address 157. 103. 54. 254 with subnet mask of 255. 0 Layer 2 (bridging) communication is still possible within an IP VLAN (or router interface) for the group of ports within that IP VLAN. For IVL, IP data destined for a different IP subnetwork uses the IP routing interface to reach that different subnetwork even if the destination subnetwork is on a shared port. For SVL, using the destination MAC address in the frame causes the frame to be bridged; otherwise, it is routed in the same manner as for IVL. 4. 5. Enable IP routing. You perform similar steps to create IPX routing interfaces. 6. 7. 8. IEEE 802. 1 v RWU 2002 Example 1: Routing between Layer 3 modules The configuration in Figure shows routing between Layer 3 modules. in this configuration : 28
IPX Raw Frame Format Dest Src Length D A T A IPX FFFF Header IEEE 802. 1 v RWU 2002 FCS Net. Ware Core Protocol 29
IPX-802. 2 Frame Format Dest Src Length 802. 2 DATA FCS DSAP SSAP Cntl 03 E 0 IP protocol 8137 IPX header IEEE 802. 1 v RWU 2002 30
IPX-802. 3/802. 2/SNAP Frame Format Dst Src Length 802. 2 SNAP DATA FCS DSAP SSAP Cntl AA AA 03 Prot ID Type 000000 8137 IPX Header IEEE 802. 1 v RWU 2002 31
SAP Values for Frame SNA IP SNAP 04 06 AA Banyan IPX-802. 2 Net. BIOS Lan Mgr. IPX-802. 3 BC E 0 F 4 FF For example : IP can be encapsulated in an “Ethernet” frame 3 ways : Ethernet-II frame Type = x 0800 802. 3 with 802. 2 frame SAP code = x 06 802. 3 with SNAP frame SAP code = x. AA (indicates SNAP header) Control = x 03 SNAP OUI = x 000000 (indicates SNAP Ether type same as Ethernet-II type) SNAP Ether type = x 0800 IEEE 802. 1 v RWU 2002 32
Protocol Suites Configuration Protocol Suites Protocol Entries IP 0800 (IP) 0806 (ARP) 0835 (RARP) 8137 IPX-II IPX 802. 2 LLC IPX Raw IPX 802. 3 SNAP XNS Apple. Talk DECnet SNA X 25 Net. BIOS Banyan VINES IEEE 802. 1 v RWU 2002 DSAP/SSAP E 0 E 0 FFFF AAAA 0600 (NS IDP) 0601 0807 (XNS) 809 B 80 F 3(AARP) 6001 (MOP) 6002 (MOP) 6003 (Phase IV) 6004 (LAT) 6007 (DIAG) 80 D 5 0404 0505 0504 0805 0 BAD F 0 F 0 BCBC 33
Net. Ware’s Ethernet Frame Type IEEE 802. 3 “raw” This follows IEEE standard frame specification without the 802. 2 header. After the length field, Novell decided to use first 2 -byte in the data portion of the packet, the IPX checksum field, to identify an 802. 3 raw frame using the IPX/SPX protocol. It’s Hex value is 0 x. FFFF. Ethernet II This follows the DIX Specification. The frame type field is always greater than 1500 octets. Novell was assigned Hex 0 x 8137 value for IPX/SPX. IEEE 802. 3 with 802. 2 This follows IEEE standard frame specification with 802. 2 header. Net. Ware IPX/SPX packets contain the Hex value 0 x. E 0 E 0 in the DSAP & SSAP fields. IEEE 802. 3 with SNAP This follows IEEE standard frame specification with SNAP protocol. The value of DSAP & SSAP fields in 802. 2 header are both set to 0 x. AA. Novell was assigned Hex 0 x 8137 value in protocol type field for IPX/SPX. IEEE 802. 1 v RWU 2002 34
To perform the calculation, determine the total number of protocol suites on your system. Remember to include the unspecified type for the default VLAN, even if you have removed the default VLAN and do not have other VLAN defined with the unspecified protocol type. Use the following guideline to count the protocol suites that are used on the Layer-3 module : . IP counts as one protocol suite for IP VLANs. Apple. Talk counts as one protocol suite for Apple. Talk VLANs. Generic IPX, which uses all four IPX types, counts as four protocol suites. (Each IPX type alone counts as one). To conserve VLAN resources, it is better to specify a specific IPX frame type than to use generic IPX. . DECnet counts as one protocol suite for DECnet VLANs. . The unspecified type of protocol suite counts as one, whether or not the default VLAN or port-based VLANs are defined. Even if you have only the unspecified protocol suite on the system, the limits is still 64 VLANs. . X. 25, SNA, Banyan VINES, and Net. BIOS each count as one protocol suite for their respective VLANs. IEEE 802. 1 v RWU 2002 35
Protocol Group Database Frame Type Value Ethernet-2 RFC_1042 LLC_other SNAP_other SNAP_8021 H 0800 0806 FEFE FFFF 00 B 00001 80 F 3 Group. ID B B C A Port No Group. ID VLAN No B C 234 567 1 2 IEEE 802. 1 v RWU 2002 1 B C A 123 456 567 36
Protocol Filtering Scheme There are two mechanism : Forwarding rule is based on mapping either the packet’s Ethernet type or DSAP/SSAP to a port-specific VLAN ID Filtering technique with mask string IEEE 802. 1 v RWU 2002 37
Protocol Classification Algorithm 0 x 5 DC<it< 0 x 600 Invalid Type/Length >=0 x 0600 Examine Type/ Length field? Decode LSAP <=0 x 05 DC Examine DSSP/SSAP/ Control =0 x. FFFF/E 0 E 0 for raw IPX/IPX-II =0 x. F 0 F 0 for Net. BIOS =0 x. AAAA 03 Examine SNAP OUI =0 x 000000 for RFC 1042 =0 x 0000 F 8 for IEEE 802. 1 H =others for unknown protocol =0 x 080007 SNAP protocol ID=0 x 809 B? N Y Apple. Talk encapsulation IEEE 802. 1 v RWU 2002 Invalid protocol 38
Скачать презентацию Protocol-based VLAN IEEE 802 1 v by Robert
1ad8f3ad18a0ee72b0ec55f65c16338f.ppt