1 / 53

Section 1 Technology

Section 1 Technology. Module 1 Ethernet-Vlan Technology 3FL15001BBADWBZZ Edition 01. Objectives. An understanding of the basics of the Ethernet Frame Format and VLANs. Objectives [cont.]. 1 Ethernet Framing. LAN. 1 Ethernet Framing 1.1 Ethernet: Ethernet and Ethernet.

huy
Download Presentation

Section 1 Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Section 1Technology Module 1Ethernet-Vlan Technology3FL15001BBADWBZZ Edition 01

  2. Objectives • An understanding of the basics of the Ethernet Frame Format and VLANs

  3. Objectives [cont.]

  4. 1 Ethernet Framing

  5. LAN 1 Ethernet Framing1.1 Ethernet: Ethernet and Ethernet • IEEE-802.3 protocol: based on Xerox Network Standard (XNS)=Eth V1 • IEEE-802.3 protocol: commonly called Ethernet. 3 different versions exist: • IEEE 802.3 frame with Type field and any protocol in payload • IEEE 802.3 frame with Length field and LLC header • IEEE 802.3 frame with Length field and LLC/SNAP header • Ethernet v2 is a valid IEEE 802.3 frame • Used in Local Area Networks • Uses CSMA/CD

  6. 1 Ethernet Framing1.2 Common fields in the Ethernet 7B 1B 6B 6B 4B pre- amble SFD DA SA XXX FCS Frame Check Sequence, CRC Source MAC address Destination MAC address Fixed sequence to alert the receiver

  7. 1 Ethernet Framing1.3 IEEE 802.3 Ethernet frame interpretation • Based on type or length field Frame size : Min 64 bytes , Max 1518 bytes 6B 6B 2B 4B DA SA Length orType XXX FCS Data Link Header Frame length (<=1500) or type information (>1500)

  8. 0800 IP Datagram (46–1500 Bytes) 8035 RARP Req RARP Reply (28 Bytes) PAD(18 Bytes) 1 Ethernet Framing1.4 IEEE 802.3 frame with type field • Commonly called Ethernet v2 Frame Frame size : Min 64 bytes , Max 1518 bytes 6B 6B 2B 4B DA SA Type P A Y L O A D (46–1500 Bytes) FCS Data Link Header TYPE> 1500 0x0800=IP 0x0806 = ARP 0x8035 = RARP 0x888E = 802.1X 0x8863=PPPoE Control frames 0x8864 = PPPoE Data frames 0806 ARP Req ARP Reply (28 Bytes) PAD(18 Bytes)

  9. Frame length (<=1500) 1 Ethernet Framing1.5 IEEE 802.3 frame with 802.2 LLC header • Defining Service Access Points (SAPs) • SAPs ensure that the same Network Layer protocol is used at the source and at the destination. • TCP/IP talks to TCP/IP, IPX/SPX talks to IPX/SPX,… • Destination SAP/Source SAP Frame size : Min 64 bytes , Max 1518 bytes DA SA length DSAP 1B SSAP 1B CONTR 1B P A Y L O A D (43–1497 Bytes) FCS Data Link Header 02 = Individual LLC Sublayer Management Function03 = Group LLC Sublayer Management Function04 = IBM SNA Path Control (individual)05 = IBM SNA Path Control (group)06 = ARPANET Internet Protocol (IP)AA = SubNetwork Access Protocl (SNAP)E0 = Novell NetWareF0 = IBM NetBIOS 802.2 LLC

  10. LLC 1 Ethernet Framing1.6 IEEE 802.3 SNAP header • Due to growing number of applications using the IEEE LLC 802.2 header, an extension was made. • Introduction of the IEEE 802.3 Sub Network Access Protocol (SNAP) header • SSAP=H’AA, DSAP=H’AA indicates that a SNAP-header is used 00-00-00 3B AA1B AA 1B 031B TYPE 2B SNAP

  11. AA 1B 03 1B 802.2 SNAP 802.2 LLC 1 Ethernet Framing1.7 IEEE 802.3 frame with 802.2 LLC/ 802.3 SNAP header • Type field provides backwards compatibility with Ethernet v2 frame Frame size : Min 64 bytes , Max 1518 bytes DA SA length AA 1B 00.00.00 3B Type 2B P A Y L O A D (38–1492 Bytes) FCS Data Link Header TYPE 0x0800=IP 0x0806 = ARP 0x8035 = RARP 0x888E = 802.1X 0x8863=PPPoE Control frames 0x8864 = PPPoE Data frames

  12. 1 Ethernet Framing1.8 IP over Ethernet/IEEE 802 – example 0800 Source Address (6 bytes) Destination Address (6 bytes) FCS (4) IP datagram Preamble (8 bytes) ETHERNET II Length (2 bytes) Source Address (6 bytes) Destination Address (6 bytes) FCS (4) IP datagram 06 06 Preamble (8 bytes) LLC IEEE 802.3/ IEEE 802.2 LLC Length (2 bytes) Source Address (6 bytes) Destination Address (6 bytes) IP datagram FCS (4) Preamble (8 bytes) 0800 AA AA 03 00 LLC SNAP IEEE 802.3/ IEEE 802.2 LLC/SNAP

  13. Summary • Ethernet version 2 (Xerox) MAC frame • has Ethertype field • indicates which protocol is inside the data section • Value always > 05-DC hex. • 802.3 has a Length or/and Type field • if < 05-DC IEEE802.3 Length field • if >=05-DC IEEE802.3 Type field • Type field gives a protocol identification (same as Ethertype) • 802.3 incorporates aspects of Ethernet version 2 and will replace it for high-speed Ethernet networks • Ethernet v2 is a valid 802.3 frame

  14. 2 VLAN: Virtual Local Area Network

  15. 2 VLAN: Virtual Local Area Network2.1 What is a LAN? • Local Area Network (LAN) • Single Broadcast domain • Same Subnet • No routing between members of a LAN • Routing required between LANs Everyone can communicate witheach other on the LAN Corporate LAN

  16. Marketing LANEngineering LANAdministration LAN 2 VLAN: Virtual Local Area Network2.2 What is VLAN? • Virtual Local Area Network VLAN • Used to separate the physical LAN into logical LANs • Logical broadcast / multicast domain • Virtual • Inter-VLAN communication: only via higher-layer devices (e.g. IP routers) • LAN membership defined by the network manager • Virtual Corporate LAN

  17. VLAN allows a network manager to logically segment a LAN into different broadcast domains. Since this is a logical segmentation but not a physical one, workstations do not have to be physically located together. Users on different floors of the same building, or even in different buildings can now belong to the same LAN. • VLAN also allows broadcast domains to be defined without using routers. Bridging software is used instead to define which workstations are included in the broadcast domain. Routers would only have to be used to communicate between two VLANs. • Communication between nodes that are attached to a single physical LAN infrastructure is only possible if they are member of the same VLAN. Inter-VLAN communication requires a higher layer packet forwarder like a router to forward packets packets between the VLANs it belongs to. • A router that only routes packets and does not bridge frames is said to terminate the VLAN. This means that a router uses VLANs to partition a single Ethernet interface in a number of logical sub-interfaces, one for each VLAN. Such a logical interface is called a VLAN terminated (sub-)interface.

  18. 2 VLAN: Virtual Local Area Network2.3 How VLANs Work • VLAN can be distinguished by the methodused to indicate membership when apacket travels between switches. • Implicit • Explicit • VLAN membership can be classified by • Port • Protocol type • MAC address • IP address • IEEE 802.1Q • Explicit • 802.1Q tag • Implicit • Port based • Port and Protocol based

  19. In order to understand how VLANs work, we need to look at the types of VLANs, the types of connections between devices on VLANs, the filtering database which is used to send traffic to the correct VLAN, and tagging, a process used to identify the VLAN originating the data. • A first and important distinction betweenVLAN implementations is the methodused to indicate membership when apacket travels between switches. Twomethods exist – implicit and explicit. • When a LAN bridge receives data from a workstation, it tags the data with a VLAN identifier indicating the VLAN from which the data came. This is called explicit tagging. A tag is added to the packetto indicate VLAN membership. The IEEE 802.1Q VLANspecifications use this method. Tagging can be based on the port from which it came, the source Media Access Control (MAC) field, the source network address, or some other field or combination of fields. VLANs are classified based on \ used. • It is also possible to determine to which VLAN the data received belongs using implicit tagging. In implicit tagging the data is not tagged, but the VLAN from which the data came is determined based on information like the port on which the data arrived or VLAN membership isindicated by the MAC address. In thiscase, all switches that support a particularVLAN must share a table of memberMAC addresses. • VLAN classification according to IEEE 802.1Q is done based on the tag (explicit), the port (implicit), or port-and-protocol (implicit). Other criteria ( such as MAC address, IP address) are non-standard

  20. 1 2 3 7 8 9 4 5 6 2 VLAN: Virtual Local Area Network2.4 Layer 1 VLAN: Membership by port • Membership in a VLAN is defined based on the ports that belong to the VLAN. • Also refered to as Port switching • Does not allow user mobility • Does not allow multiple VLANs to include the same physical segment (or switch port)

  21. In this implementation, the administrator assigns each port of a switch to a VLAN. • The switch determines the VLAN membership of each packet by noting the port on which it arrives. • The primary limitation of defining VLANs by port is that the network manager must reconfigure VLAN membership when a user moves from one port to another. He needs to reassign the new port to the user’s old VLAN. The network change is then completely transparent to the user, and the administrator saves a trip to the wiring closet. • Another significant drawback is in case of a repeater attached to a port on the switch. In that case, all of the users connected to that repeater must be members of the same VLAN

  22. 1 2 3 7 8 9 4 5 6 2 VLAN: Virtual Local Area Network2.5 Layer 2 VLAN : Membership by MAC address • Membership in a VLAN is based on the MAC address of the workstation. • The switch tracks the MAC addresses which belong to each VLAN • Provides full user movement • Clients and server always on the same LAN regardlessof location • Disadvantages • Too many addresses need to be entered andmanaged • Notebook PCs change docking stations MAC@D MAC@C MAC@A MAC@B

  23. The VLAN membership of a packet inthis case is determined byits source or destinationMAC address. Eachswitch maintains a tableof MAC addresses andtheir correspondingVLAN memberships. • A key advantage ofthis method is that theswitch doesn’t needto be reconfiguredwhen a user moves toa different port.However, assigning VLAN membershipto each MAC address can be a time consumingtask. Also, a single MAC addresscannot easily be a member of multipleVLANs. This can be a significant limitation,making it difficult to share server resourcesbetweenmore than one VLAN. • The main problem with this method is that VLAN membership must be assigned initially. In networks with thousands of users, this is no easy task. Also, in environments where notebook PCs are used, the MAC address is associated with the docking station and not with the notebook PC. Consequently, when a notebook PC is moved to a different docking station, its VLAN membership must be reconfigured.

  24. pre- amble SFD DA SA Lengthor Type P A Y L O A D (46–1500 Bytes) FCS 2 VLAN: Virtual Local Area Network2.6 Layer 3 VLAN: Membership by Protocol type • Membership implied by MAC protocol type field • Thisis the most flexible method and providesthe most logical grouping of users

  25. 2 VLAN: Virtual Local Area Network2.6 Layer 3 VLAN: Membership by IP Subnet Address [cont.] 1 2 3 7 8 9 4 5 6 • The network IP subnet address (layer 3 header) can be used to classify VLAN membership IP@: 138.22.24.10 IP@: 138.21.35.47 IP@: 138.21.35.58 IP@: 138.22.24.5

  26. In this method, IP addresses are used only as a mapping to determine membership in VLAN's. No other processing of IP addresses is done. No route calculation is undertaken, RIP or OSPF protocols are not employed, and frames traversing the switch are usually bridged according to implementation of the Spanning Tree Algorithm. Therefore, from the point of view of a switch employing layer 3–based VLANs, connectivity within any given VLAN is still seen as a flat, bridged topology.. • Having made the distinction between VLANs based on layer 3 information and routing, it should be noted that some vendors are incorporating varying amounts of layer 3 intelligence into their switches, enabling functions normally associated with routing. • Nevertheless, a key point remains: no matter where it is located in a VLAN solution, routing is necessary to provide connectivity between distinct VLANs. There are several advantages to defining VLANs at layer 3. First, it enables partitioning by protocol type. This may be an attractive option for network managers who are dedicated to a service- or application-based VLAN strategy. Secondly, users can physically move their workstations without having to reconfigure each workstation’s network address—a benefit primarily for TCP/IP users. • One of the disadvantages of defining VLANs at layer 3 (vs. MAC- or port-based VLANs) can be performance. Inspecting layer 3 addresses in packets is more time consuming than looking at MAC addresses in frames.

  27. 2 VLAN: Virtual Local Area Network2.7 VLAN types - Glossary/Terminology • Port based VLAN classification • VID based on port of arrival • Frame receives Port VLAN identifier – PVID • Default VID • Not standardized within 802.1Q • Interpretation according to context • Often equals PVID • Port-and-protocol-based VLAN classification • VID based on port of arrival and the protocol identifier of the frame • Multiple VLAN-Ids associated with port of the bridge – VID set • Phân loại VLAN dựa vào port • VID dựa vào port đến • gói nhận PVID • Mặc định VID • Không được chuẩn hoá trong 802.1Q • Biên dịch tuỳ theo nội dung • Thường bằng giá trị PVID • Phân loại VLAN dựa vàp port và giao thức • VID dựa vào port đến và nhận dạng giao thức của gói • Nhiều VLAN ID được kết hợp với port của bridge (VID set)

  28. A VLAN bridge supports port-based VLAN classification, andmay, in addition, support port-and-protocol-based VLANclassification • In port-based VLAN classification within a bridge, the VLAN-ID associatedwith an untagged or priority tagged frame is determinedbased on the port of arrival of the frame into the bridge. This classificationmechanism requires the association of a specific Port VLAN Identifier, orPVID, with each of the bridge’s ports. In this case, the PVID for a given portprovides the VLAN-ID for untagged and priority tagged frames receivedthrough that port. • For bridges that implement port-and-protocol-based VLAN classification,the VLAN-ID associated with an untagged or priority-tagged frame isdetermined based on the port of arrival of the frame into the bridge and onthe protocol identifier of the frame. For port-and-protocol based tagging, the VLAN bridge will have to look at the Ethertype, the SSAP, or the SNAP-type of the incoming frames. When the protocol is identified, the VID associated with the protocol group to which the protocol belongs will be assigned to the frame.This classification mechanism requiresthe association of multiple VLAN-IDs with each of the ports of the bridge;this is known as the “VID Set” for that port.

  29. VLAN aware Bridge VLAN unaware workstation 2 VLAN: Virtual Local Area Network2.8 VLAN Link types: Access Link • Access link • Link that is a member of only one VLAN • Contain VLAN unaware devices • All frames on access link are untagged • Normal ports to which we connect our network devices such as PCs. Đường truy nhập Kết nối này là 1 thành viên của chỉ 1 VLAN Gồm VLAN không nhận dạng thiết bị Tất cả các gói trên đường truy nhập là untag Các cổng kết nối với các thiết bị mạng như PC Access Link

  30. Inside the world of VLANs there are three types of interfaces / links. These links allow us to connect multiple switches together or just simple network devices e.g PC, that will access the VLAN network. Depending on their configuration, they are called Access Links, Trunk Links or Hybrid Links. • The division is based on whether the connected devices are VLAN-aware or VLAN-unaware. Recall that a VLAN-aware device is one which understands VLAN memberships (i.e. which users belong to a VLAN) and VLAN formats. • The type of link, where only traffic for a single VLAN is passed, is referred to as an "Access Link". • When configuring ports on a switch to act as Access Links, we configure only one VLAN per port, that is, the VLAN our device will be allowed to access. An access link is a link that belongs to one, and only one VLAN. The port is not capable of receiving information from another VLAN unless the information has been routed. The port is not capable of sending information to another VLAN unless the port has access to a router. • The access link connects a VLAN-unaware device to the port of a VLAN-aware bridge. Any device connected to an Access Link (port) is totally unaware of the VLAN assigned to the port. The device simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them • All frames on access links must be implicitly tagged (untagged). The VLAN-unaware device can be a LAN segment with VLAN-unaware workstations or it can be a number of LAN segments containing VLAN-unaware devices (legacy LAN).

  31. VLAN aware Bridge VLAN aware Bridge VLAN aware workstation Trunk Link Trunk Link 2.8 VLAN Link Types2.8.2 Trunk Link • Trunk Link • Capable of carrying multiple VLANs • Used at links between switches • Allowing VLANS to span over all network switches one VLAN, that is, an Access Link port. Another type of port configuration is the Trunk port. While an access link does the job for a single VLAN environment, multiple access links would be required if you wanted traffic from multiple VLANs to be passed between switches. Having multiple access links between the

  32. VLAN aware Bridge VLAN aware Bridge 2.8 VLAN Link Types2.8.3 Hybrid Link • Hybrid Link • Contain both VLAN aware and VLAN unaware devices • All frames for specific VLAN are tagged or untagged VLAN aware workstation Hybrid Link VLAN unaware workstation

  33. 802.1Q tag-type (value 81 00) Tag Control Information 2 VLAN: Virtual Local Area Network2.9 Q-VLAN tag (IEEE 802.1Q) • Also referred to as C-VLAN tag • Customer VLAN tag • VLAN Bridge • Q-VLAN aware bridge • comprising a single Q-VLAN component Frame size : Min 68 bytes , Max 1522 bytes pre- amble SFD DA SA TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS 2 bytes 2 bytes Tag protocol Identifier 12 bits 3 bits CFI Vlan_ID”Q-TAG” (802.1Q) # 4096 Priority ”p-bits” (802.1p) # 8

  34. We saw that when frames are sent across the network, there needs to be a way of indicating to which VLAN the frame belongs, so that the bridge will forward the frames only to those ports that belong to that VLAN, instead of to all output ports as would normally have been done. This information is added to the frame in the form of a tag header and there are different ways to determine VLAN membership • Tagging of an Ethernet frame consists in adding a 4-byte tag that allows to specify the VLAN-ID and the priority. Since a VLAN tag is 4 bytes for a frame that is tagged, the frame size ranges between 68 and 1522 bytes. When padding has to be used to reach minimum frame size, tagged frames can be of 64 bytes. • TPID is the tag protocol identifier which indicates that a tag header is following. TPID has a defined value of 8100 in hex. When a frame has the Ethertype equal to 8100, this frame carries the tag IEEE 802.1Q / 802.1P. • The TCI (Tag Control Information) contains three parts. the user priority, canonical format indicator (CFI), and the VLAN ID. • User priority is a 3 bit field which allows priority information to be encoded in the frame. Eight levels of priority are allowed, where zero is the lowest priority and seven is the highest priority. How this field is used is described in the supplement 802.1p. • The CFI bit is used to indicate that all MAC addresses present in the MAC data field are in canonical format. This field is interpreted differently depending on whether it is an Ethernet-encoded tag header or a SNAP-encoded tag header.. • The VID field is used to uniquely identify the VLAN to which the frame belongs. There can be a maximum of 2^12-2 = 4094 VLANs! Zero is used to indicate no VLAN ID, and FFF is reserved. Zero is used to indicate no VLAN ID, but that user priority information is present. This allows priority to be encoded in non-priority LANs.

  35. 2 VLAN: Virtual Local Area Network2.10 802.1Q Tag-based- Glossary/Terminology • Untagged frame • A frame doesn’t contain a tag header • Priority-tagged frame • A frame with tag header carries priority but no VID (VID=0) • VLAN-tagged frame • A frame with Q-tag header carries both priority and VID. • 802.1Q Tag VLAN • Each VLAN group has unique VID • Each member of VLAN group can talk to each other • VLAN-aware • The device can recognize and support VLAN-tagged frame • VLAN-unaware • The device can't recognize VLAN-tagged frame

  36. Ingress Towards the forwarding Engine Egress Out of the forwarding engine Upstream From user to network Downstream From network to user 2 VLAN: Virtual Local Area Network2.11 Forwarding engine - Glossary/Terminology Forwarding engine End-user Ethernet port End-user Ingress Egress Downstream Upstream

  37. FilteringDatabase ForwardingProcess Ingress Rule Egress Rule PacketReceive PacketTransmit 2 VLAN: Virtual Local Area Network2.12 802.1Q Process • Ingress Rule • Classify the received frames belonging to a VLAN • Forwarding Process • Decide to filter or forward the frame • Egress Rule • Decide if the frames must be sent tagged or untagged • Luật lối vào • Phân loại các gói nhận được theo VLAN • Quyết định lọc và chuyển tiếp các gói • Luật đầu ra • Quyết định xem gói cần phải truyền theo kiểu tag hay untag

  38. When the bridge receives the data/Ethernet frames, it determines to which VLAN the data belongs either by implicit or explicit tagging. In explicit tagging a tag header is added to the data. • According to the VID information the switch forwards and filters the frames among ports . The bridge keeps track of VLAN members in a filtering database which it uses to determine where the data is to be sent. • The ports with the same VID can communicate with each other. • IEEE 802.1Q VLAN function contains the following three tasks, ingress process, forwarding process and egress process. • While a frame goes to the tag VLAN switch, the ingress process classifies the received frame first and then passes the frame to the forwarding process. After the forwarding process, it goes to the egress process where it will be decided how the frame will leave the switch (tagged or not).

  39. 2 VLAN: Virtual Local Area Network2.13 Ingress Rule • VLAN-aware switch can accept tagged and untagged frames • Tagged frame: • is directly sent to the forwarding engine • Untagged frame: • A tag is added onto this untagged frame (with the PVID) • Then the tagged frame is sent to the forwarding engine • PVID • Default Port VLAN ID for incoming untagged frames • VLAN aware có thể nhận dạng các gói tag và untag • Gói tag: được gửi trực tiếp tới tiến trình chuyển tiếp • Gói untag • 1 tag được thêm vào gói untag này (với PVID) • Sau đó gói tag được gửi tới tiến trình chuyển tiếp • PVID • Mặc định cổng VLAN ID cho các gọi untag đến Tagged frame Tagged frame VID VID Towards ForwardingProcess Ingress Rule Tagged frame Untagged frame PVID

  40. Each port is capable of passing tagged or untagged frames. The ingress process identifies if the incoming frames contain a tag, and classifies the incoming frames belonging to a VLAN. Each port has its own ingress rule. If the ingress rule accepts tagged frames only, the switch port will drop all incoming untagged frames. If the ingress rule accepts all frame types, the switch port simultaneously allows incoming tagged and untagged frames : • When a tagged frame is received on a port, it carries a tag header that has a explicit VID. The ingress process directly passes the tagged frame to the forwarding process. • An untagged frame does not carry any VID to which it belongs. When a untagged frame is received, the ingress process inserts a tag containing the PVID into the untagged frame. Each physical port has a default VID called PVID (Port VID). This PVID is assigned to untagged frames or priority tagged frames received on this port. • After the ingress process, all frames have a 4-bytes tag including VID information and the frames will go to the forwarding process.

  41. 2 VLAN: Virtual Local Area Network2.14 Forwarding Process • Forwarding decision is based on the filtering database • Filtering database contains two tables. • - MAC table and VLAN table • First, check destination MAC address based on the MAC table • Second, check the VLAN ID based on the VLAN table • Egress port is the allowed outgoing member port of VLAN Filtering Database • MAC Table • VLAN Table Port MAC Address Aging VID Egress Port Register Egress frame type 2 00:A0:C5:11:11:11 0 2 00:A0:C5:22:22:22 20 1 2 Static Untag 3 00:A0:C5:33:33:33 30 1 3 Static Tag 10 00:A0:C5:44:44:44 100 100 3 Static Untag

  42. 2 VLAN: Virtual Local Area Network2.15 Egress Rule Tagged frame Tagged frame VID VID Tagged frame Untagged frame Egress Rule VID

  43. 2 VLAN: Virtual Local Area Network2.16 Principles of operation in a VLAN Bridge • C-VID of incoming frames is determined: • If C-TAG is present, C-VID is taken from tag (no translation!) • If C-TAG is not present, • If supported : port and protocol are used for C-VID classification. else, the default C-VID for that port is used (PVID); The standard leaves room for proprietary assignment of C-VID based on other parameters • Incoming frame is forwarded according to forwarding information base associated with the C-VLAN. • Outgoing frame may carry C-TAG or not, depending on egress rule. = Q/C-VLAN tag Security check that VLAN id is allowed on that access line VLAN tag added by CPE e.g. outgoing port supports only tagged VLAN tag added by access node

  44. 2 VLAN: Virtual Local Area Network2.17 Objective of VLAN stacking • The existing Ethernet technology is not enough to satisfy carrier-grade requirements • Q/C-VLAN tag • only 4094 VIDs • Scalability issue • Business customers typically have one-to-one mapping • Problem if different customers are using the same VID! • no customer traffic segregation • Enhancement: new Service Provider VLAN tag (S-VLAN) to become a carrier solution • IEEE 802.1 ad • Does not only describe S-VLAN for use in VLAN-stacking

  45. 2 VLAN: Virtual Local Area Network2.18 IEEE 802.1ad - Systems • VLAN Bridge = Customer Bridge = .1Q Bridge • Treats C-TAG only • Provider Bridge (new) • Treats S-TAG only • Provider Edge Bridge (new) • Contains a Provider Bridge component and a Customer Bridge component • Treats C-TAG and S-TAG

  46. 802.1Q tag-type (value 81 00) Tag Control Information 2 VLAN: Virtual Local Area Network2.19 IEEE 802.1ad - Tags • Customer TAG (C-TAG) • C-TAG is used to identify a Customer VLAN (C-VLAN) by means of a Customer VLAN ID (C-VID). • Service TAG (S-TAG) (new) • S-TAG is used to identify a Service VLAN (S-VLAN) by means of a Service VLAN ID (S-VID). • Pre-standard synonyms: VMAN-tag, P-VLAN tag. • IEEE802.1ad: • Draft 3 in Oct 25/2004, approved Dec 8/2005 and published May 26/20063 bit priority 1 bit CFI 12 bit VID Tag-Type: as C_Vlan Frame size : Min 68 bytes , Max 1526 pre- amble SFD DA SA TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS 2 bytes 2 bytes

  47. to provider equipment to provider equipment S-VLAN aware Bridge component Provider Network Port Provider Network Port Customer Network Port Customer Network Port Customer Network Port C-VLAN aware Bridge component Internal EISS Internal EISS ProviderBridge Provider Edge Port Provider Edge Port to customer equipment to customer equipment to customer equipment Yellow ports can read C-TAGs, or assign a C-VID to untagged frames. Green ports can read S-TAGs, or assign an S-VID to untagged frames. 2 VLAN: Virtual Local Area Network2.20 IEEE 802.1ad - Ports

  48. 2 VLAN: Virtual Local Area Network2.21 Operation in a provider edge bridge: single tag • S-VID of incoming frames is defined: • If S-TAG is present, S-VID is taken from tag • If S-TAG is not present, • Same rules as for C-TAG in VLAN bridge. • Incoming frame is forwarded according to forwarding information base associated with the S-VLAN. • Outgoing frame may carry S-TAG or not (egress rule). Customer NW Port S-VLAN aware Bridge component C-VLAN aware Bridge comp Provider Edge Port Provider NW Port Internal EISS Customer NW Port = S-VLAN tag

  49. = Q/C-VLAN tag = S-VLAN tag 2 VLAN: Virtual Local Area Network2.22 Operation in a Provider Edge Bridge: single tag • An incoming frame on a provider edge port is forwarded internally depending on the C-TAG. This two-step approach enables a translation of C-VID to S-VID. • Incoming frame is forwarded according to forwarding information base associated with respectively the C-VLAN / S-VLAN to which the frame belongs. • Outgoing frame may carry S-TAG or not (egress rule) Customer NW Port S-VLAN aware bridge component e.g. Outgoing port supports only tagged C-VLAN aware bridge comp Provider Edge Port Provider NW Port Internal EISS Customer NW Port

  50. 802.1Q tag-type (value 81 00) Tag Control Information 2 VLAN: Virtual Local Area Network2.23 Dual VLAN – VLAN Stacking • IEEE 802.1ad • Most vendors apply today 1Q-in-Q VLAN Tag • Cisco, Alcatel-Lucent,… Frame size : Min 68 bytes , Max 1522 bytes Single VLAN tag pre- amble SFD DA SA TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS Dual VLAN tag”(“Vlan stacking”) Frame size : Min 72 bytes , Max 1526 S-Vlan C-Vlan pre- amble SFD DA SA TPID TCI TPID TCI length type P A Y L O A D (46–1500 Bytes) FCS 2 bytes 2 bytes

More Related