2. Tech
  3. Classic VLAN study notes

Classic VLAN study notes

xiaoxiao2021-03-06  40

Classic VLAN study notes

Why do you need VLAN what is VLAN? VLAN (Virtual LAN), translated into Chinese is a "virtual local area network". The LAN can be a network composed of a few household computers, or a business network composed of hundreds of computers. The LAN referred to in VLAN refers to the network that uses router-divided networks - that is, the broadcast domain. Let us first review the concept of broadcast fields. The broadcast field refers to the range that the broadcast frame (all of the target MAC address is 1) can also be directly communicated. Strictly speaking, not only the broadcast frame, multicast frame, and unknown unicast frame, can also be unimpeded in the same broadcast domain. Originally, the Layer 2 switch can only construct a single broadcast field, but after using the VLAN function, it can split the network into multiple broadcast domains. Did not split the broadcast domain ... So why do you need to split the broadcaster? That is because if there is only one broadcast domain, it is possible to affect the overall transmission performance of the network. For specific reasons, please refer to the drawings to deepen understanding. In the figure, a network connected by 5 two-layer switches (switches 1 ~ 5) is connected to a large number of clients. Assume that the computer A needs to communicate with the computer B. In the Ethernet-based communication, the target MAC address must be specified in the data frame to communicate normally, so computer A must first broadcast "ARP Request Information" to attempt to obtain the MAC address of the computer B. After the switch 1 receives the broadcast frame (ARP request), it will forward it to all portions except the receiving port, which is flooding. Next, the switch 2 will also flooding after receiving the broadcast frame. Switches 3, 4, 5 will also flooding. The final ARP request will be forwarded to all clients in the same network. Please note that this ARP request is originally sent to obtain the MAC address of computer B. That is to say: As long as the computer B can receive all the best. But in fact, the data frame is spread throughout the network, causing all the computers to receive it. As a result, one side broadcast information consumes the bandwidth of the network, on the other hand, the computer that receives broadcast information also consumes a part of the CPU time to process it. There created a large number of unusual consumption of network bandwidth and CPU calculation. Is broadcasting information often issued? Read here, you may ask: Is the broadcast information really appeared so frequent? The answer is: Yes! In fact, the broadcast frame will appear very frequently. When using TCP / IP protocol stack communication, in addition to the ARP appearing in front, there may be many other types of broadcast information such as DHCP, RIP. ARP broadcasts are issued when they need to communicate with other hosts. When the client requests the DHCP server to assign IP addresses, DHCP broadcasts must be issued. When using RIP as a routing protocol, routers are broadcast once every 30 seconds, and routing information is broadcast for neighboring routers. Other routing protocols other than RIP use multicast transmission routing information, which will also be forwarded (FLOoding). In addition to TCP / IP, NetBeui, IPX, and Apple Talk are often available to broadcast. For example, you will send a broadcast (multicast) information when you double-click to open Network Computers under WINDOWS. (Except for Windows XP ...) In short, broadcast is by our side. Here are some common broadcast communication: l ARP request: Establish a mapping relationship for IP addresses and MAC addresses. l RIP: a routing protocol.

l DHCP: A protocol used to automatically set an IP address. l NetBeui: Network protocol used under Windows. l IPX: Novell NetWare uses the network protocol used by Novell. l Apple Talk: Apple's Macintosh computer uses a network protocol used by Apple. If the entire network has only one broadcast domain, once broadcast information, it will spread throughout the network and bring additional burden on the host in the network. Therefore, when designing the LAN, you need to pay attention to how to effectively split the broadcast domain. The router must generally be used when the split field of the broadcast domain is divided into the VLAN. After using the router, you can split the broadcast domain in the network interface (LAN interface) on the router. However, usually there is no too much network interface on the router, and the number is more than about 4. As broadband connections, broadband routers (or IP shared envelopes) become more common, but it should be noted that although they have multiple (generally 4 or so) network interfaces on the LAN side, That is actually a built-in switch, and cannot split the broadcast domain. Moreover, if the router is divided into the broadcast domain, the number of can split depends entirely on the number of network interfaces of the router, so that the user cannot split the broadcast domain according to actual needs. The Layer 2 switch typically has multiple network interfaces than the router. So if you can use it to split the broadcast domain, then there is no doubt that the flexibility to use will be greatly improved. The technology used to split the broad demand domain on the Layer 2 switch is VLAN. By using VLAN, we can freely design the composition of the broadcast field, improve the freedom of network design. Implementing the Mechanism of VLANs Realizing the Mechanism of VLANs After understanding "why you need VLAN", let's take a look at how the switch uses VLAN to split the broadcast domain. First, any broadcast frame is forwarded to all other ports except the receiving ports on a Layer 2 switch that is not set to any VLAN. For example, after the computer A transmits broadcast information, it will be forwarded to ports 2, 3, 4. At this time, if red, blue is generated on the switch; the port 1, 2 is set to the red VLAN, and the ports 3, 4 belong to the blue VLAN. If you send a broadcast frame from A, the switch will only forward it to other ports belonging to a VLAN - the port 2 that belongs to the red VLAN, which will not be forwarded to the port belonging to the blue VLAN. Similarly, when c sends broadcast information, it will only be forwarded to other ports belonging to the blue VLAN, which will not be forwarded to ports belonging to the red VLAN. In this way, the VLAN divides the broadcast domain by limiting the range of broadcast frames. In the above figure, in order to facilitate explanation, the two-color identified VLANs in red, blue, in actual use, is distinguished by "VLAN ID". Intuitively describe the VLAN if we want to describe the VLAN more intuitively, we can understand it in order to slide a switch into several switches. Generate red, blue, two VLANs on a switch, can also be seen as a switched blue two virtual switches. When generating new VLANs outside the red and blue vlan, you can imagine a new switch. However, logical switches generated by VLAN are not involved in each other. Therefore, after setting the VLAN on the switch, if other processing is not done, the VLAN is unable to communicate. It is clear that it is connected to the same switch, but it is not possible to communicate - this fact may be difficult to accept. But it is a characteristic of VLAN convenient and easy to use, but it is a reason why VLAN is incomprehensible.

What should I do when communicating between VLANs, how do we need to communicate between different VLANs? Please recall again: VLAN is a broad demo domain. And usually between the two broadcast domains is connected by a router, and the data packets between the broadcast domain are all in the router. Therefore, communication between VLANs also requires a router to provide relay services, which is referred to as "VLAN liner". VLAN routing, you can use a normal router, you can also use a three-layer switch. Among them, there is a chance to say anything. Here I hope that everyone needs to use routing functionality when communicating between different VLANs. VLAN access to the port switch of the Link Switch can be divided into the following: l Access Link LINK Next Let us learn the characteristics of these two different ports. This says, first learn "access links". Accessing the link access link refers to ports that "only one VLAN, and only to the VLAN forwarding data frame". In most cases, the access link is the client. Usually the order of setting VLAN is: l Generate VLANL Setting Access Links (determined which VLAN of each port belongs to which VLAN) Sets the access link, which can be fixed in advance, or dynamically changed according to the connected computer. The former is called "static VLAN", the latter is naturally "dynamic VLAN". Static VLAN static VLANs are also called port-based VLAN (Port Based VLAN). As the name suggests, it is clear that the setting method of which VLAN belongs to each port belongs to. Since a port is required to be specified, the setting operation will become annoying when the number of computers in the network exceeds a certain number (such as hundreds). Moreover, each of the clients must change the settings of the VLAN belonging at the same time, it is obviously not suitable for the network that needs to change the development of the topology. On the other hand of dynamic VLAN, the dynamic VLAN is based on the computer connected to each port, change the VLAN to which the port belongs at any time. This can avoid the operations such as the above change setting. Dynamic VLAN can be generally divided into three categories: LAC-based VLAN (Mac Based VLAN) L-based VLAN (Subnet based VLAN) L based on the difference between users' VLAN (USER BASED VLAN), mainly based on OSI reference The information of the model is determined by the VLAN to which the port belongs. The VLAN based on the MAC address is to determine the object of the port by querying and logging the NIC's MAC address connected to the computer on the port. It is assumed that there is a MAC address "a" to be set to the VLAN "10", then regardless of the MAC address "a" which port which port is connected to the VLAN 10, the port is divided into the VLAN 10. When the computer is connected to port 1, port 1 belongs to VLAN 10; when the computer is connected to port 2, the port 2 belongs to VLAN 10. Since it is determined based on the MAC address, it is understood that this is a way to set an access link at the second layer of OSI. However, based on the VLAN of the MAC address, you must investigate the MAC addresses of all the connected computers when set. And if the computer exchanges the NIC, it is still necessary to change the setting. The subnet-based VLAN is to determine the VLAN of the port through the IP address of the connected computer. Unlike the MAC address-based VLAN, even if the computer changes the NIC or other reasons, the MAC address is changed, as long as its IP address does not change, it can still be added to the original set VLAN.

Therefore, the network structure can be changed easier than the VLAN based on the MAC address. The IP address is the information of the third layer in the OSI reference model, so we can understand that the subnet-based VLAN is a method of setting access links in the third layer of OSI. Based on the user's VLAN, it is determined which VLAN is dependent on the user who is currently logged in according to the computer connected by the switch. The user identification information here is generally a user logged in computer operating system, such as a username used in a Windows domain. These username information belong to the information of the fourth layer of OSI. In general, the more information used by the VLAN to which the port belongs is in the OSI, the more suitable for building flexible and changing networks. In summary of access links, setting access links There are two types of static VLANs and dynamic VLANs, where dynamic VLANs can continue to be subsequently divided into several small classes. Among them, the subnet-based VLAN and user-based VLANs may be implemented by network device vendors, and the interconnection between different manufacturers' devices may have compatibility issues; so when selecting the switch, be sure to pay attention to prior confirmation . The following table summarizes information about static VLAN and dynamic VLAN. Types Explanation Static VLAN-based VLAN-based VLAN fixes the port of the switch to the VLAN dynamic VLAN-based VLAN based on the MAC address of the MAC address, set the subnet-based VLAN according to the IP address of each port, depending on the IP address of each port. A user-based VLAN logs in user settings VLANs based on the port connected to the user to set the VLAN of the VLAN. When you are using the VLAN of multiple switches ..., we learned to use a single switch to set the VLAN. So, what if you need to set the VLAN across multiple switches? When planning an enterprise network, it is very likely that users who are partially dispersed in the same buildings in the same building. At this time, consider how to span multiple switches to set up VLANs. It is assumed that the network as shown below is, and the A, C and B, D of the different floors are required to be set to the same VLAN. At this time, the most critical is "How do you connect it to the switch 1 and switch 2?" The easiest way is naturally an interface for each red and blue VLAN on the switch 1 and switch 2 and interconnected. However, this approach is not good from scaling and management efficiency. For example, when the VLAN is newly created on the existing network, in order to make this VLAN can be interoperable, it is necessary to connect a new network cable between the switches. Longitudinal wiring between buildings is more troublesome, generally cannot be carried out randomly by grassroots management. Moreover, the more VLANs, the ports required for the floor (strictly said) interconnections are increasing, and the utilization efficiency of switch ports is a waste of resources, and the network expansion is also limited. In order to avoid this inefficient connection method, people think that the interconnected network cable between the switches is set to one, and the use is a gathering link (Trunk Link). What is a convergence link? A trunk link refers to a port that is capable of forwarding a plurality of different VLANs. The data frames circulating on the aggregation link are attached to special information for identifying which VLAN belonging to. Now let us go back to consider how will the network just now use a convergence link? The user only needs to simply set the inter-switched port interconnected port to the aggregation link. The net line used at this time is still a normal UTP cable, not what other special wirings. The legend is interconnected between the switches, so you need to connect with the cross wire.

Next, let us specifically look at how aggregated links are VLANs across the switches. A transmitted data frame When the switch 1 is aggregated, the data frame is attached to the data frame to indicate a mark that belongs to the red VLAN. After receiving the data frame, the switch 2 is checked to find that the data frame belongs to the red VLAN, thus removing the recovered data frame only to other ports belonging to the red VLAN after removing the marker. At this time, it means that only the port confirmed by the target MAC address and only forwards to the target MAC address after comparing the MAC address list. Only when the data frame is a broadcast frame, multicast frame, or a target unknown frame, it will only be forwarded to all ports belonging to the red VLAN. The situation when the blue VLAN sends a data frame is also the same. By aggregating the VLAN identification information, it is possible to support standard "IEEE 802.1Q" protocols, or the unique "Inter Sitch Link" of Cisco products. If the switch supports these specifications, users can construct a VLAN across multiple switches efficiently. In addition, the data of multiple VLANs is circulated on the aggregation link, and the natural load is heavier. Therefore, when setting the aggregation link, there is a premise that the transmission speed of 100 Mbps or more must be supported. In addition, under the default conditions, the aggregation link will forward the data of all VLANs present on the switch. For an angle, you can think that aggregation links (ports) are all in all VLANs on the switch. Due to practical applications, it is likely to be forwarded to data of all VLANs, so in order to reduce the load of the switch, in order to reduce the waste of bandwidth, we can set limits via the user setting restrictions via the aggregation link. Regarding the specific content of IEEE802.1Q and ISL, it will be mentioned in the next lecture. IEEE802.1Q and ISL aggregation mode On the convergence link of the switch, the VLAN across multiple switches can be constructed by additional VLAN information on the data frame. Additional VLAN information methods, most representative: l IEEE802.1QL ISL now let us see how these two protocols add VLAN information for data frames. IEEE802.1qieee802.1q, commonly known as "DOT One Q", is an agreement to attach VLAN identification information for data frames that have been certified by IEEE. Here, please recall the standard format of the Ethernet data frame. IEEE802.1Q attached VLAN identification information, "Send Source MAC Address" and "Type Field" in the data frame. The specific content is 2 bytes of TPID and 2 bytes of TCI, a total of 4 bytes. Add 4 bytes of content in the data frame, then the CRC value will naturally change. At this time, the CRC on the data frame is inserted into the TPID, TCI, and the value obtained after recalculating the entire data frame including them. When the data frame leaves the aggregation link, the TPID and TCI will be removed, and the recalculation of the CRC will be performed. The value of the TPID is fixed to 0x8100. The switch passes the TPID to determine the IEEE802.1Q VLAN information within the data frame. The substantially VLAN ID is 12 yuan in TCI. Due to a total of 12 digits, up to 4096 VLANs can be identified. Based on IEEE 802.1q attached VLAN information, it is like a label that is attached to the item. Therefore, it is also referred to as "tagging VLAN". ISL (Inter Sitch Link) ISL is a protocol that Cisco product supports is similar to IEEE802.1q for attaching VLAN information on the aggregation link.

After using ISL, each data frame header is attached 26-byte "ISL header", and 4 words obtained after calculating the entire data frame including the ISL header by the frame belt The CRC value. In other words, there is a total of 30 bytes of information. In an ISL environment, when the data frame leaves the aggregation link, it is possible to simply remove the ISL header and the new CRC. Since the original data frame and its CRC are completely reserved, there is no need to recalculate the CRC. ISL has the entire package of the original data frame throughout the package with the ISL Baotou and the new CRC, so it is also known as "encapsulated VLAN". It should be noted that whether it is the "tagging VLAN" of IEEE802.1q, or isl's "Encapsulated VLAN", it is not a very strict title. Different books and reference materials, the above words may be mixed, so you need to pay more attention to you when you study. And since ISL is a unique protocol of the Cisco, only the interconnection between the Cisco network device. VLAN Room The Necessity of 1VLAN Room The need to learn from the current knowledge, we already know that two computers can communicate directly even if they are connected to the same switches. Next, we will learn how to route routes between different VLANs, enabling hosts that are different VLANs to communicate with each other. First, first review why the different VLANs do not pass the routes. Communication within the LAN must specify the MAC address of the communication target in the data frame header. In order to obtain the MAC address, the ARP is used in the TCP / IP protocol. The method of arp parsing the MAC address is broadcast. That is, if the broadcast message cannot arrive, it will not be able to communicate directly from the parsing of the MAC address. A different VLAN is also a different broadcast field, which is naturally not received by different broadcast domains. Therefore, it is not possible to communicate directly between computers belonging to different VLANs. In order to be able to communicate between VLANs, it is necessary to use the OSI reference model to perform routing. About the specific content of the route, have a chance to explain again. Routing features are generally provided by routers. But in today's LAN, we have often implemented using a switch-three-layer switch (Layer 3 Switch) with routing functions. Let's take a look at the case when using the router and the three-layer switch for VLAN time. The VLAN route using the router is similar to the case where the router is used, similar to the VLAN that is constructed across multiple switches, we will also encounter the problem "how to connect the router and switch". The router and switches are wired, and there are roughly below: l Connect each VLAN on the router and the switch. Routers and switches are connected to VLANs in units. Set each of the ports that are used on and router interconnects to access links, and then use the network cable to interconnect the stand-alone port on the router. As shown in the figure below, there are 2 VLANs on the switch, then 2 ports need to be reserved on the switch to interconnect with the router; there is also two ports on the router; between the two networks are connected separately. If this method is used, everyone should not imagine its extensibility. Each additional a new VLAN requires a router's port and access links on the switch, and a network cable is also required. And routers usually do not have too many LAN interfaces.

When you create a new VLAN, in order to correspond to the port required to increase the VLAN, the router must be upgraded to high-end products with multiple LAN interfaces. This part of the cost, and the overhead of re-wiring, making this wiring method Become a unwelcome approach. So, the second way "No matter how much VLAN is, only one network cable is connected to routers and switches"? A converged link is required when using a network cable to connect the router and the switch. The specific implementation process is: First, set the switch port for connecting the router to aggregation link, and the port on the router must also support the aggregation link. The agreement between the two sides for aggregation links must also be the same. The sub-interface (Sub Interface) "corresponding to each VLAN is then defined on the router. Although there is only one physical port that is actually connected to the switch, in theory we can split it into multiple virtual ports. VLANs segmented the switch into multiple sets, thus using routers with VLANs, must also have virtual interfaces corresponding to each VLAN. With this method, even if you have new VLANs on the switch, you still need a network cable to connect the switch and router. The user only needs to have a new VLAN on the router. Compared with the previous method, the scalability is much stronger, nor is it to worry about the router that needs to be upgraded to the number of LANs or re-wiring. Using the VLAN Design LANs Using the VLAN Design LAN By using the VLAN builds a local area network, the user can freely divide the broadcast domain without being limited by the physical link. In addition, the multi-change network configuration can be adapted to the VLAN between the previously mentioned router and the three-layer switch. However, since VLANs can easily result in complication of networks, it is difficult to grasp the composition of the entire network. It can be said that when using the VLAN, in addition to: l Network constitutes flexible and change, it is also matched with: l network constitution complication this disadvantage. Let's take a look at the specific example. The change in the network composed of networks in a local area network in VLANs is equipped with a network of "not using VLAN build" composed of one router, and 2 switches as shown. The router in the figure has two LAN interfaces. The network on the left is 192.168.1.0/24, and the right side is 192.168.2.0/24. Now if you want to transfer the computer A on this network to 192.168.2.0/24, you need to change the physical connection, and then connect A to the right switch. Also, when a network is required to add an address of 192.168.3.0/24, it is necessary to take up a LAN interface on the router and add a switch. Since this router is only with 2 LAN interfaces, the router must be upgraded to products with more than 3 LAN interfaces for new networks. The change in the network composed of networks in the local area network of VLANs will then have a local area network that is "using VLAN" consisting of one router and 2 switches. Both switches and switches, the switch and the router are aggregated linkages; and assume that 192.168.1.0/24 corresponds to the red VLAN, 192.168.2.0 / 24 corresponds to the blue VLAN needs to connect to the switch 1 192.168.1.0/24 This network segment When the computer A is 192.168.2.0/24, there is no need to change the physical wiring. As long as the blue VLAN is generated on the switch, the port 1 connected to the computer A is then added to the blue VLAN, making it an access link. Then, the information such as the IP address of the computer A, the default gateway, etc. are set as needed. If the IP address related setting is obtained by DHCP, you can move between different network segments without any setting modifications. After using the VLAN, we can freely perform the logic design of the network without any physical wiring of the change. If the working environment is just like to change the network layout, the advantages of using VLAN are very obvious.

转载请注明原文地址:https://www.9cbs.com/read-74191.html

9cbs

New Post(0)