802.1Q VLAN protocol and 802.1p protocol implementation 2004-03-05 Print self: blue technology channel network technology portal address: http://www.17la.com/Article.php/506
802.1Q VLAN protocol and 802.1p protocol
This article mainly introduces the implementation of 802.1Q VLAN protocols in the Ethernet switch, and some basic contents of the 802.1p protocol, the specific details of these two protocols, reference 802.1q and 802.1p protocols.
First, 802.1Q protocol
802.1Q protocol, the Virtual Bridged Local Area Networks protocol, mainly specifies the implementation of VLAN, let's take a look at the basic concepts of VLAN.
Virtual Lans is currently developing very quickly. The main major network vendors in the world realize VLAN protocols in their switch devices, and VLANs are virtual local area networks. For example, for QuidwayS2403 switches, it can put it 24 10M Ethernet ports. It is divided into several groups, such as protocol groups, ATM groups, test groups, etc., so that each user in the group is like in the same LAN (possibly on a lot of switches in the same LAN, rather than a switch). At the same time, not the user of this group cannot access the members of this group.
In fact, the definition of VLAN members can be divided into 4 types:
1. Divide VLAN according to port
This method of dividing the VLAN is divided according to the port of the Ethernet switch, such as the 1-4 port of S2403 is VLAN A, 5 ~ 17 is VLAN B, 18 ~ 24 is VLAN C, of course, these ports belong to the same VLAN can Not continuous, how to configure, by administrator, if there are multiple switches, for example, can specify the 1 to 6 ports of the switch 1 to the same VLAN, that is, the same VLAN can span several Ethernet Switch, based on the port division is the most common method of defining the VLAN, and the IEEE 802.1Q protocol specifies how the VLAN is divided according to the port of the switch. The advantage of this method of dividing is that it is very simple when defining the VLAN member, as long as all ports are defined, it is possible. Its disadvantage is that if the user of VLAN A leaves the original port, it is necessary to redefine it to a new switch.
2, divide VLAN according to MAC address
This method of dividing the VLAN is based on the MAC address of each host, that is, all the hosts of each MAC address are configured which groups. The maximum advantage of this method of dividing the VLAN is that when the user is moved, that is, when the switch is moved from one switch, the VLAN does not need to be reconfigured, so this can be considered that the division method according to the MAC address is based on the user's VLAN. The disadvantage of this method is to initialize, all users must configure, if there are hundreds of or even thousands of users, the configuration is very tired. Moreover, this method also results in a reduction in the efficiency of the switch, because there may be a number of members of the VLAN group in the port of each switch, so that the broadcast package cannot be restricted. In addition, for users who use laptops, their network cards may be replaced frequently, so that VLANs must be configured.
3, divide VLAN according to the network layer
This method of dividing the VLAN is based on the network layer address or protocol type of each host (if supporting multi-protocol), although this division method may be based on the network address, such as the IP address, but it is not a route, don't work with the network. The routing of the layer is confused. Although it looks at each packet's IP address, but because it is not routing, there is no RIP, OSPF and other routing protocols, but according to the spanning tree algorithm, the advantage of this method is that the physical location of the user changes, not You need to reconfigure the VLAN he belong, and you can divide the VLAN according to the type of protocol, which is important for network managers, and this method does not require additional tags to identify VLANs, which can reduce network traffic .
The disadvantage of this method is efficiency because the network layer address of each packet is taken (relative to the front two methods), and the general switch chip automatically checks the Ethernet head of the network on the network, but To allow the chip to check the IP head, a higher technology is needed, and it is more time. Of course, this is also related to the implementation methods of each manufacturer.
4, IP multicast as VLAN
The IP multicast is actually a definition of a VLAN, that is, a multicast group is a VLAN, which expands the VLAN to a wide area network, so this method has greater flexibility, and it is also easy to pass the router. During expansion, of course, this method is not suitable for the LAN, mainly with high efficiency, for the multicast of the local area network, has a two-layer multicast protocol GMRP.
As can be seen above, a variety of different VLAN definition methods have their own advantages and disadvantages, so many manufacturers have achieved not only one way, so that network managers can choose according to their actual needs, in addition, many When the VLAN is implemented, considering the complexity of the VLAN configuration, it also provides a certain degree of automatic configuration and convenient network management tools.
In the past, all vendors claimed that their switches realized VLAN, but the methods implemented by various manufacturers were different, so they were unable to interconnect each other, so that once the user bought a manufacturer's switch, it could not buy other manufacturers. . Now, the standard of VLAN is the 802.1Q protocol proposed by IEEE, and only supports the same open standard to ensure network interconnection, and protect network equipment investment.
Let's tell the advantage of the VLAN:
1. Reduce the cost of moving and changing, that is, the dynamic management network, that is, when a user moves from one position to another, his network attribute does not need reconfiguration, but a dynamic completion, this dynamic Management networks bring great benefits to network managers and users, one user, no matter where he is, he can do any modified access to the network, this prospect is very beautiful. Of course, not all VLAN definition methods can do this.
2. The most ambitious goal of VLANs, VLAN is to establish a virtual working group model. For example, in the campus network, the same line is like the same LAN, it is easy to access, exchange information, At the same time, all broadcasters are limited to the virtual LAN, without affecting other VLANs, alone, if they are replaced from a office location, and he is still the department, then his configuration does not have to change At the same time, if a person has not changed, he changed a system, then it is only necessary to configure the network manager. The goal of this feature is to build a dynamic organizational environment. Of course, this is just a great goal. To implement it, some other supports include management. 3, limit the broadcast package, according to the 802.1D transparent bridge algorithm, if a packet cannot be found, the switch will send the packet to all other ports, which is the forwarding of the bridge broadcast, this As a result, there is no doubt that the bandwidth is very wasted. If VLAN is configured, then the switch will only send this packet to all ports belonging to the VLAN without routine, not all switches The port is limited to a VLAN in this way. Save bandwidth to a certain extent.
4, safety, since the VLAN is configured, a VLAN packet does not send to another VLAN, so that other VLAN's users are not received any data packets of any VLAN, thereby ensuring that the VLAN is ensured The information will not be eaveganized by other VLANs, thereby achieving confidentiality of information.
In theory, the VLAN can be extended to the WAN, but this is an unwise practice because the VLAN allows the broadcast package to send out, and it does not have a good routing algorithm, often forwarding the packet in the form of broadcasting, so that there is no Doubt, greatly wasting the valuable bandwidth of WAN, so that port, MAC address, and network address of VLAN to WAN is unreasonable, and multicast-based VLAN concepts can be expanded flexibly WAN. The general Ethernet switches are all portable VLANs, individuals that implement VLANs based on MAC addresses and network layer addresses, while the Router can implement a so-called multicast protocol through the IGMP multicast protocol.
The 802.1Q protocol defines a port-based VLAN model that is used up to one way. Let's focus on how the switch chip implements VLAN. If you want to know more details, you can refer to the 802.1Q protocol, because the protocol text is very abstract, so we will talk about TI's exchange chip as an example, more Easy to understand. The TNETX4090 in the example provides 8 100M Ethernet ports and 1 1G Ethernet port.
As shown in Figure 1, each host supports the 802.1Q protocol, when sending a packet, the source address in the original Ethernet is added after the source address of the Ethernet, and then the original Ethernet will be connected. The length or type of network is domain, about the package format of the Ethernet, see the training materials for Ethernet.
These 4-bytes of 802.1Q tag headers contain two bytes of label protocol identifiers (TPID - Tag Protocol Identifier, which is 8100), and two bytes of label control information (TCI - Tag Control Information, TPID is a new type of IEEE definition, indicating this paper with an 802.1Q tag, VLAN Identified (VLAN ID): This is a 12-bit domain, indicating the ID of the VLAN, a total of 4096, each The packets sent by hosts that support 802.1q protocols will contain this domain to indicate which VLAN they belong to, and current TNETX 3270 only supports 32 VLANs.
Canonical Format Indicator (CFI): This bit is mainly used for bus type Ethernet with FDDI, and the TNETX 3270 ignores this bit.
Priority: These three points of the priority. There are 8 priorities, mainly used to give priority which packet is given when the switch is blocked. TNETX 3270 and TNETX 4090 only support a priority, so this bit is useless.
It is not difficult to see that the 4 bytes of the 802.1Q tag head are new, and the computer we use does not support 802.1Q, that is, the Ethernet of the packet sent by our computer does not contain these 4 bytes. At the same time, these 4 bytes cannot be identified, and there will be software and hardware support 802.1Q protocol in the future. For switches, if all hosts of the Ethernet segment it connects can identify and send this data packet with 802.1Q tag head, then we call this port as the Tag Aware port; the opposite, if the switch port Said that the connected Ethernet segment is as long as one host does not support this Ethernet head, then this port we call this port, which can be seen from the current situation, all of the switches belong to the latter one.
Then, in the current situation, how does the switch support VLAN? This, such as the 1 ~ 4 port of the switch belongs to the same VLAN, then when the 1 port comes in, the switch sees that the packet does not have an 802.1Q tag head, then it will be based on the VLAN group to which the 1st port is located. , Automatically add a tag head of the VLAN to the data packet, then add the data package to the database query module, the database query module will route according to the destination address of the packet and the VLAN, then hand it to the forwarding module, forwarding module See this is a packet containing the label head, and the computer that actually sends the Ethernet segment of the Ethernet segment does not recognize this packet, so it will add the packet in turn to the switch to add the tag head. Remove. If your computer supports this label head, you do not need a switch to add or delete the tag head. As for the end, it is to add or delete the host to see whether the host is used to identify this packet, ie the port of the switch is Which type of port is available. Of course, the ports that are interconnected to the two switches are generally TAG AWARE ports, so that there is no need to remove the label head when switched between the switches and switches.
The processing flow includes 3 steps:
1. Receive process: This process is responsible for receiving a packet, the packet can be a tag head, or without a label head, if the switch will know the corresponding label head in accordance with the VLAN to which the port belongs.
2. Find / routing process: This process determines which port sent to the data package to the information that has been registered in the database according to the destination MAC address of the packet.
3. Send the process: Send the packet to the Ethernet segment, if the host of the network segment does not recognize the 802.1Q tag head, then the tag head is removed, and if it is a port interconnected with other switches, it is generally not removed. Specific reception, query, and transmitting processes can refer to the information of TNETX 3270, the following is a process of receiving the transmitted data packets for a label head.
The specific routing process refers to TNETX 3270 data.
If Chris sends a packet to jackie, then the process of processing is as follows:
1. Chris sends a packet to jackie.
2. The packet reaches the port 9 of the switch 1, which is a package that is not a label head, so the switch 1 adds a VLAN ID to the packet.
3, according to the destination MAC address and VLAN ID, query the database, know that the packet needs to be sent to 24 (or 25, 26), these 3 ports are bundled together, for the upper layer, these three ports are like One port, the actual switch is determined from which port is sent from which port is sent from the flow rate of 3 ports). If you don't know, the packet will also be sent to port 6, of course, when sending to the port 6, the tag head will be removed, and the data packet will be discarded after the ALTAF is received because the destination address is not it. Since port 24 is a Tag Aware port, the label header of the data packet sent to 24 good ports is not removed.
4, TNETX 4090 Switch After receiving this packet, find the route in its database according to the VLANID and destination MAC address, and finally, it knows that the packet should be sent to port 4 (5 or 6), and the tag head is still not removed.
5. After the switch 2 is received, the route is found in its database according to the VLAN ID and the destination MAC address, know that the packet needs to be sent to port 2. So the packet is sent out. Note that the sending packets need to remove the label head.
We discussed the process of VLAN to send and receiving packets. Its specific implementation has been implemented by the exchange chip of the Ethernet switch, and interesters can refer to the technical information of the exchange chip.
Second, 802.1p protocol
The 802.1p protocol defines the concept of priority. For packets with high real-time requirements, the host is mentioned in front of the 3-bit priority of the increase in MAC, so that the data packet is high. When the Ethernet switch data traffic is more, it considers priority to forward these priority high-level packets.
At present, the exchange chip used by the Ethernet switch only supports two priorities, and some can support 4 priorities.
The 802.1p protocol also defines the GARP - Generic Attribute Registration Protocol. The attribute here refers to the properties such as multicast MAC address, port filtering mode, and VLAN. The GARP protocol can actually define the features that many switches should have. Currently, it defines GMRP - GARP MULTICAST Registration Protocol and GVRP - GARP VLAN Registration Protocol two protocols, which will define other features based on the development of the network. GARP defines how to exchange these characteristic information between Ethernet switches, how to send packets, how to process the received packets, and more.
The GMRP protocol is a dynamic second-layer multicast registration protocol. It is similar to the IGMP (three-layer multicast protocol). For IP addresses, the D IP address is a multicast address, in fact, for each IP group. The address, there is a multicast MAC address corresponding to it, and the 802.1p protocol is based on the multicast MAC address to register and cancel the multicast member identity on the Ethernet switch, and IGMP is managed according to multicast IP. Of course, if the Ethernet switch does not implement the GMRP protocol, you can only achieve multicast by static configuration. About why I need two multicast agreements? We discussed in detail. Like the protocol IGMP, if we set up a multicast group in our local area network, we may contain a lot of switches. If these switches do not implement the second-layer multicast protocol, then a group member sends it to other members. When the data packet, the switch will broadcast the packet to all ports because the switch does not know which port has joined the multicast group, the only solution is Administrator to configure the switch, so that this broadcast forwarding data can be forwarded The transmission method of the package restricts, and the multicast itself is dynamic, so it is unrealistic to achieve multicast through this manager's configuration. Therefore, there is a need for a two-layer multicast protocol to dynamically manage team members. That's why you need a two-layer multicast protocol. At present, many high-end switches use the 802.1p and 802.1q protocols as a major performance indicator.
GVRP is a VLAN protocol. Since it is based on GARP, it is very close to GARP, so they have to operate the database's database, and the specific definition of this protocol is in 802.1Q.
references:
1. 802.1Q protocol
2. 802.1p protocol
3. TNETX 3270 Technical Information
