《以太网帧结构及VLAN技术(2).ppt》由会员分享,可在线阅读,更多相关《以太网帧结构及VLAN技术(2).ppt(42页珍藏版)》请在三一办公上搜索。
1、Ethernet framing&VLAN technology,以太网帧结构及VLAN技术,2,TOC,Table of contents,Ethernet Framing,.,.,.,.,.,p.3,Virtual Local Area Network,.,.,.,p.13,Ethernet framing,TOC,Ethernet-,Ethernet and Ethernet,IEEE-802.3 protocol:based on Xerox Network Standard(XNS)IEEE-802.3 protocol:commonly called Ethernet.3 diff
2、erent versions exist:,IEEE 802.3 frame with Type field and any protocol in payloadIEEE 802.3 frame with Length field and LLC headerIEEE 802.3 frame with Length field and LLC/SNAP header,Ethernet v2 is a valid IEEE 802.3 frame.used in Local Area Networksuses CSMA/CD4,LAN,TOC,Common fields in the diff
3、erent“flavors of Ethernet,SFD DA SA,XXX,FCS,Frame Check Sequence,CRCSource MAC addressDestination MAC addressFixed sequence to alert the receiver5,7B,1B,6B,6B,4B,pre-amble,6,TOC,IEEE 802.3 Ethernet frame interpretation,Frame length(=1536),DA,SA,Length orType,XXX,Data Link Header,FCS,Based on type or
4、 length fieldFrame size:Min 64 bytes,Max 1518 bytes,2B,6B,6B,4B,7,TOC,IEEE 802.3 frame with type field,DA,SA,Type,P A Y L O A D(461500 Bytes),0800,IP Datagram(461500 Bytes),0806,ARP ReqARP Reply(28 Bytes),PAD(18 Bytes),8035,RARP ReqRARP Reply(28 Bytes),PAD(18 Bytes),0 x0806=ARP0 x8035=RARP0 x888E=80
5、2.1X,0 x8863=PPPoE Control frames0 x8864=PPPoE Data frames,TYPE=15360 x0800=IP,Data Link Header,FCS,Commonly called Ethernet v2 FrameFrame size:Min 64 bytes,Max 1518 bytes,2B,6B,6B,4B,8,TOC,IEEE 802.3 frame with 802.2 LLC header,Defining Service Access Points(SAPs)SAPs ensure that the same Network L
6、ayer protocol is used at thesource and at the destination.,DA,SA,length,P A Y L O A D(431497 Bytes),DSAP SSAP1B 1B,CONTR1B,02=Individual LLC Sublayer Management Function03=Group LLC Sublayer Management Function04=IBM SNA Path Control(individual)05=IBM SNA Path Control(group)06=ARPANET Internet Proto
7、col(IP)AA=SubNetwork Access Protocl(SNAP)E0=Novell NetWareF0=IBM NetBIOS,Data Link Header,802.2 LLCFrame length(=1500),FCS,TCP/IP talks to TCP/IP,IPX/SPX talks to IPX/SPX,Destination SAP/Source SAPFrame size:Min 64 bytes,Max 1518 bytes,9,TOC,SNAP,LLC,IIEE 802.3 SNAP header,Due to growing number of a
8、pplications using the IEEE LLC802.2 header,an extension was made.,Introduction of the IEEE 802.3 Sub Network Access Protocol(SNAP)header,SSAP=HAA,DSAP=HAA indicates that a SNAP-header is used,AA,1B,AA,1B,03,1B,3B,00-00-00 TYPE,2B,TOC,IEEE 802.3 frame with 802.2 LLC/802.3 SNAP header,DA,SA,length,AA1
9、B,AA1B,802.2 LLC,03 00.00.00 Type P A Y L O A D1B 3B 2B(381492 Bytes),0 x0800=IP0 x0806=ARP0 x8035=RARP0 x888E=802.1X0 x8863=PPPoE Control frames0 x8864=PPPoE Data frames10,TYPE,802.2 SNAP,Data Link Header,FCS,Type field provides backwards compatibility with Ethernet v2frameFrame size:Min 64 bytes,M
10、ax 1518 bytes,TOC,Ethernet frames-summary,Ethernet version 2(Xerox)MAC frame,has Ethertype fieldindicates which protocol is inside the data sectionValue always 05-DC hex.,802.3 has a Length or Type field,if=05-DC,IEEE802.3 Length fieldIEEE802.3 Type field,Type field gives a protocol identification(s
11、ame as Ethertype),802.3 incorporates aspects of Ethernet version 2 and willreplace it for high-speed Ethernet networks,Ethernet v2 is a valid 802.3 frame11,TOC,IP over Ethernet/IEEE 802 example,0800,IP datagram,Destination SourcePreamble Address Address(8 bytes)(6 bytes)(6 bytes),FCS(4),Length(2 byt
12、es),IP datagram,Destination SourcePreamble Address Address(8 bytes)(6 bytes)(6 bytes),06 06,LSAP,Destination SourcePreamble Address Address(8 bytes)(6 bytes)(6 bytes),LSAP,Length AA AA 03 00(2 bytes),0800,FCS(4),IP FCSdatagram(4),SNAP,ETHERNET II,IEEE 802.3/IEEE 802.2 LLC,IEEE 802.3/IEEE 802.2 LLC/S
13、NAP12,Virtual Local Area Networks-VLAN,TOC,What is a LAN?,Local Area Network(LAN)Single Broadcast domainSame SubnetNo routing betweenmembers of a LANRouting required betweenLANs,Corporate LAN14,Everyone can communicate with,each other on the LAN,TOC,What is VLAN?,Virtual Local Area NetworkVLAN,Used
14、to separate thephysical LAN into logicalLANs,Logical broadcast/multicast domainVirtual,Inter-VLAN communication:only via higher-layerdevices(e.g.IP routers)LAN membership definedby the network manager,Corporate LAN,Marketing LANEngineering LAN,VirtualAdministration LAN15,TOC,VLAN benefits,Performanc
15、e,VLANs free up bandwidth by limiting traffic.,Formation of Virtual Workgroups,Users and resources that communicate frequently with each other can begrouped into a VLAN,regardless of physical location.,Simplified Administration,Adding or moving nodes=can be dealt with quickly and convenientlyfrom th
16、e management console rather than the wiring closet,Reduced Cost,Use of VLANs can eliminate the need for expensive routersWith a VLAN-enabled adapter,a server can be a member of multipleVLANs.,Security,VLANs create virtual boundaries that can only be crossed through a router.16,TOC,How VLANs Work,VLA
17、N can be distinguished by the method used to indicatemembership when a packet travels between switches.,ImplicitExplicit,VLAN membership can be classified by,Port,Protocol typeMAC addressIP address,IEEE 802.1Q,Explicit802.1Q tagImplicitPort basedPort and Protocol based17,18,TOC,Layer 1 VLAN:Membersh
18、ip by port,Membership in a VLAN is defined based on the ports thatbelong to the VLAN.,Also refered to as Port switching,Does not allow user mobilityDoes not allow multiple VLANs to include the same physicalsegment(or switch port),1,2,3,4,5,6,7,8,9,19,TOC,Layer 2 VLAN:Memberschip by MAC address,Membe
19、rship in a VLAN is based on the MAC address of theworkstation.,The switch tracks the MAC addresses which belong to each VLAN,Provides full user movement,Clients and server always on the same LAN regardless of location,Disadvantages,Too many addresses need to be entered and managedNotebook PCs change
20、 docking stations,1,2,3,4,5,6,7,8,9,MACA,MACB,MACC,MACD,amble SFD,20,TOC,Layer 3 VLAN:Membership by Protocol type,Membership implied by MAC protocol type fieldThis is the most flexible method and provides the most logicalgrouping of users,pre-,DA SA,P A Y L O A D(461500 Bytes)FCS,Lengthor Type,21,TO
21、C,Layer 3 VLAN:Membership by IP Subnet Address,The network IP subnet address(layer 3 header)can be used toclassify VLAN membership,1,2,3,4,5,6,7,8,9,IP:138.22.24.5,IP:138.21.35.47,IP:138.21.35.58,IP:,138.22.24.10,TOC,VLAN types-Glossary/Terminology,Port based VLAN classification,VID based on port of
22、 arrivalFrame receives Port VLAN identifier PVID,Default VID,Not standardized within 802.1QInterpretation according to contextOften equals PVID,Port-and-protocol-based VLAN classification,VID based on port of arrival and the protocol identifier of the frameMultiple VLAN-Ids associated with port of t
23、he bridge VID set22,23,TOC,VLAN link types:Access Link,Access link,Link that is a member of only one VLANContain VLAN unaware devicesAll frames on access link are untaggedNormal ports to which we connect our network devices such as PCs.VLAN aware Bridge,Access Link,VLAN unawareworkstation,TOC,VLAN l
24、ink types:Trunk Link,Trunk Link,Capable of carrying multiple VLANsUsed at links between switchesAllowing VLANS to span over all network switches,VLAN aware Bridge,VLAN aware Bridge,VLAN awareworkstation,Trunk Link,Trunk Link24,TOC,VLAN link types:Hybrid Link,Hybrid Link,VLAN aware Bridge25,VLAN awar
25、e Bridge,Contain both VLAN aware and VLAN unaware devicesAll frames for specific VLAN are tagged or untaggedVLAN awareworkstation,Hybrid LinkVLAN unawareworkstation,TOC,Q-VLAN tag(IEEE 802.1Q),Also referred to as C-VLAN tag,Customer VLAN tag,VLAN Bridge,SFD,pre-amble,DA,SA,lengthtype,P A Y L O A D(4
26、61500 Bytes),FCS,TPID,TCI,Q-VLAN aware bridgecomprising a single Q-VLAN componentFrame size:Min 68 bytes,Max 1522 bytes,2 bytes802.1Q tag-type(value 81 00),2 bytesTag Control Information,3 bits,12 bits,Priority”p-bits”(802.1p)26#8,Vlan_ID”Q-TAG”(802.1Q)#4096,CFI,Tag protocol Identifier,TOC,802.1Q Ta
27、g-based-Glossary/Terminology,Untagged frame,A frame doesnt contain a tag header,Priority-tagged frame,A frame with tag header carries priority but no VID(VID=0),VLAN-tagged frame,A frame with Q-tag header carries both priority and VID.,802.1Q Tag VLAN,Each VLAN group has unique VIDEach member of VLA
28、N group can talk to each other,VLAN-aware,The device can recognize and support VLAN-tagged frame,VLAN-unaware,The device cant recognize VLAN-tagged frame27,TOC,Forwarding engine-Glossary/Terminology,Ingress,Towards the forwardingEngineEgressOut of the forwarding engineUpstreamFrom user to networkDow
29、nstream,From network to user28,Forwardingengine,End-userEnd-user,EthernetportIngressEgressDownstreamUpstream,TOC,FilteringDatabaseForwardingProcess,PacketReceiveIngress Rule29,PacketTransmitEgress Rule,802.1Q Process,Ingress Rule,Classify the received frames belonging to a VLAN,Forwarding Process,De
30、cide to filter or forward the frame,Egress Rule,Decide if the frames must be sent tagged or untagged,30,TOC,Tagged frame,Ingress Rule,VIDUntagged frame,Tagged frame,VIDTagged framePVID,Ingress Rule,VLAN-aware switch can accept tagged and untagged framesTagged frame:,is directly sent to the forwardin
31、g engine,Untagged frame:,A tag is added onto this untagged frame(with the PVID)Then the tagged frame is sent to the forwarding engine,PVID,Default Port VLAN ID for incoming untagged frames,TowardsForwardingProcess,31,TOC,MAC Table,VLAN Table,Forwarding Process,Forwarding decision is based on the fil
32、tering database,Filtering database contains two tables.-MAC table and VLAN tableFirst,check destination MAC address based on the MAC tableSecond,check the VLAN ID based on the VLAN table,Egress port is the allowed outgoing member port of VLANFiltering Database,32,TOC,Egress Rule,Tagged frameVID,Unta
33、gged frame,Tagged frameVID,Egress RuleTagged frameVID,C-VID of incoming frames is determined:,If C-TAG is present,C-VID is taken from tag(no translation!)If C-TAG is not present,*If supported:port and protocol are used for C-VID classification.*else,the default C-VID for that port is used(PVID);*the
34、 standard leaves room for proprietary assignment of C-VID based on otherparameters,Incoming frame is forwarded according to forwarding information baseassociated with the C-VLAN.Outgoing frame may carry C-TAG or not,depending on egress rule.33,VLAN tag added by CPEVLAN tag added by access node,TOCSe
35、curity check that VLAN idis allowed on that access line,e.g.outgoing port supports only tagged,Principles of operation in a VLAN Bridge=Q/C-VLAN tag,TOC,Objective of VLAN stacking,The existing Ethernet technology is not enough to satisfy carrier-grade requirements,Q/C-VLAN tagonly 4094 VIDsScalabili
36、ty issueBusiness customers typically have one-to-one mappingProblem if different customers are using the same VID!no customer traffic segregation,Enhancement:new Service Provider VLAN tag(S-VLAN)tobecome a carrier solution,IEEE 802.1 adDoes not only describe S-VLAN for use in VLAN-stacking34,TOC,IEE
37、E 802.1ad-Systems,VLAN Bridge=Customer Bridge=.1Q Bridge,Treats C-TAG only.,Provider Bridge(new),Treats S-TAG only.,Provider Edge Bridge(new),Contains a Provider Bridge component and a Customer BridgecomponentTreats C-TAG and S-TAG35,12 bit VID.,SFD,DA,SA,TPID,TCI,P A Y L O A D(461500 Bytes),36,TOC,
38、IEEE 802.1ad-Tags,Customer TAG(C-TAG),C-TAG is used to identify a Customer VLAN(C-VLAN)by means ofa Customer VLAN ID(C-VID).,Service TAG(S-TAG)(new),S-TAG is used to identify a Service VLAN(S-VLAN)by means of aService VLAN ID(S-VID).Pre-standard synonyms:VMAN-tag,P-VLAN tag.IEEE802.1ad:not finalized
39、,Draft 3(25 October 2004)3 bit priority,1 bit CFI,pre-ambleTag-Type:TBD,FCS,Frame size:Min 68 bytes,Max TBDlengthtype,2 bytestag-type(TBD),2 bytesTag Control Information(TBD),TOC,S-VLAN aware Bridge component,C-VLAN aware Bridge component,IEEE 802.1ad-Portsto provider equipmentProvider Network Port,
40、to provider equipmentProvider Network Port,Customer Network Port,Customer Network PortInternal EISS,Provider Edge Portto customer equipment,Provider Edge Portto customer equipment,Customer Network PortInternal EISS,ProviderBridgeto customer equipment,Yellow ports can read C-TAGs,or assign a C-VID to
41、 untagged frames.Green ports can read S-TAGs,or assign an S-VID to untagged frames.37,S-VLAN aware Bridge component,Customer,NW Port,C-VLAN aware,Bridge comp,Customer,NW Port,Provider,NW Port,Internal,EISS,Provider,Edge Port,TOC,S-VID of incoming frames is defined:,If S-TAG is present,S-VID is taken
42、 from tagIf S-TAG is not present,Same rules as for C-TAG in VLAN bridge.,Incoming frame is forwarded according to forwardinginformation base associated with the S-VLAN.Outgoing frame may carry S-TAG or not(egress rule).38,Operation in a provider edge bridge:single tag=S-VLAN tag,S-VLAN aware bridge
43、component,Customer,NW Port,C-VLAN aware,bridge comp,Customer,NW Port,Provider,NW Port,Internal,EISS,Provider,Edge Port,TOC,An incoming frame on a provider edge port is forwardedinternally depending on the C-TAG.This two-step approach enables a translation of C-VID to S-VID.Incoming frame is forwarde
44、d according to forwardinginformation base associated with respectively the C-VLAN/S-VLAN to which the frame belongs.Outgoing frame may carry S-TAG or not(egress rule)39,Operation in a Provider Edge Bridge:single tag=Q/C-VLAN tag=S-VLAN tage.g.Outgoing port supports only tagged,40,TOC,Dual VLAN VLAN
45、Stacking,IEEE 802.1ad DRAFT 3.0,Certain vendors apply today 1Q-in-Q VLAN TagCisco,Alcatel,SFD,pre-amble,DA,SA,lengthtype,P A Y L O A D(461500 Bytes),FCS,TPID,TCI,Single VLAN tag,Frame size:Min 68 bytes,Max 1522 bytes,SFD,pre-amble,DA,SA,lengthtype,P A Y L O A D(461500 Bytes),FCS,TPID,TCI,Dual VLAN t
46、ag”(“Vlan stacking”),TPID,TCI,Frame size:Min 72 bytes,Max TBDS-Vlan C-Vlan,2 bytestag-type(TBD),2 bytesTag Control Information(TBD),41,TOC,Dual VLAN VLAN Stacking,Q-in-Q VLAN,Not standardizedThe second VLAN tag protocol identifier is 802.1Q tag type just likein Single VLAN tagged frames,SFD,pre-ambl
47、e,DA,SA,lengthtype,P A Y L O A D(461500 Bytes),FCS,Dual VLAN tag”(“Vlan stacking”),TPID TCI TPID TCI,Frame size:Min 72 bytes,Max 1526 bytesS-Vlan C-Vlan,2 bytesTag Control Information,3 bits,12 bits,Priority”p-bits”(802.1p)#8,Vlan_ID”Q-TAG”(802.1Q)#4096,CFI,2 bytestag-type(value 81 00)Tag protocol I
48、dentifier,S-VLAN aware bridge component,Customer,NW Port,C-VLAN aware,bridge comp,Customer,NW Port,Provider,NW Port,Internal,EISS,Provider,Edge Port,TOC,We now have two tags,The S-TAG may be added and removed independently of the C-tag.,A Provider Bridge ignores C-tags,except on Provider Edge PortsVLAN-stacking can occur even if the incoming frame is untagged(at provider edge port).42,Operation in a Provider Bridge:VLAN stacking=Q/C-VLAN tag=S-VLAN tag,
