An Engineering guide to IEEE 802.1Q and IEEE...
Transcript of An Engineering guide to IEEE 802.1Q and IEEE...
2Silvano Gai - 19981/6/99
• VLAN
• IEEE 802 committees
• IEEE 802.1p
• IEEE 802.1Q
• The Cisco solution
Agenda
3Silvano Gai - 19981/6/99
• VLANu assigning frames to VLANsu tagging and baby giant framesu spanning tree(s)u access or independent VLANsu single/multiple filtering data base(s)u internetworking between VLANs
• IEEE 802 committees
• IEEE 802.1p
• IEEE 802.1Q
• The Cisco solution
Compass
4Silvano Gai - 19981/6/99
Assigning frames to VLANs• A station may be member of one or
more VLANs
• Membership may be:u static
n per portu dynamic
n per MAC addressn per protocoln per layer 3 addressn per multicast addressn “policy-based” (per application, per user,
etc.)
5Silvano Gai - 19981/6/99
Frame tagging• The tag contains the VLAN membership
information
• Implicit taggingu no tag is added to the frameu easy in connection-oriented approachesu difficult for multicast/broadcast frames
• Explicit taggingu a tag is added to each frameu the tag carries the VLAN membership
informationu the tag may carry additional information
6Silvano Gai - 19981/6/99
Baby Giants• The addition of extra bytes for the tag
makes frames “Baby Giants”
• How to accommodate the extra bytesfor the tag in the frame?
u 802.1 is persuading 802.3 to increase themaximum frame size from 1518 to 1522 (4extra bytes)
7Silvano Gai - 19981/6/99
Explicit tagging• Where to position the tag in the frame?
• Two possibilities:u One level tagging
n also called “Internal tagging”u Two level tagging
n also called “External tagging”
• Both require to be implemented inASIC for wire speed performance
8Silvano Gai - 19981/6/99
One level tagging• The original frame is modified with the
addition of the tag inside the frame
• The tagged frame has a valid formatalso for the “VLAN unaware”devices
u MAC SA and DA are unchangedu an exception: it may be a baby giant
9Silvano Gai - 19981/6/99
Example of one level tagging
LEN. LLC PDU PAD FCS
PT DATA FCS
Octets 7 1 6 6 4 2 from 46 to 1500 4
PREAM. SFD DA SA
PREAM. SFD DA SA
IEEE 802.3
Ethernet v2.0
TAG
TAG
New Field
• Tagging Ethernet - IEEE 802.3
10Silvano Gai - 19981/6/99
Two-level tagging• The original frame is left unchanged
• A new external header is added in frontof the original frame
u New SA, DA, (RIF), Ethertype, and VLAN-IDu It is possible to support giant frames
• The RIF works better:u two-level tagging is a tunnelling mechanismu it is unclear how source routing works in 1Q
• A Tricky FCS fix-up in the new headerwould allow original frame FCS to beretained
11Silvano Gai - 19981/6/99
Inter-Switch Link (ISL)• Original frame is encapsulated with
ISL header and FCS, i.e. two leveltagging
• Support up to 1,024 VLANs
• Implemented in ASICs provideswire speed performance
ISL Header26 bytes
Encapsulated frame 1 ... 24.5 KBytesFCS
4 bytes
12Silvano Gai - 19981/6/99
ISL Header Format
DA Type
01-00-0c-00-00
User SA LEN AAAA03 HSA VLAN BPDU INDEX RES
• The higher 40 bit - multicast destination address
• Lowest 8 bits used by type and user field
Destination MACaddress
13Silvano Gai - 19981/6/99
Spanning Tree• Three different possibilities:
u Single spanning treeu Per VLAN spanning treeu Shared spanning tree
• Single spanning tree does not allow:u multiple active topologiesu load balancing
• Cisco implements one spanning treeper VLAN, at present
14Silvano Gai - 19981/6/99
Multiple Spanning Trees
Red ST
Green ST
S1
S3S2
• All links in the network aresimultaneously used
15Silvano Gai - 19981/6/99
What is a VLAN?• Two possible models
u Access VLANsn VLANs are a clever way to specify filters to
limit endstation-to-endstation connectivityon a single, bridged LAN
u Independent VLANsn VLANs are a clever way to utilize one
physical plant to carry multiple,independent bridged LANs
16Silvano Gai - 19981/6/99
Access VLANs• It is a single bridged LAN, with filters
u filtering helps in scaling somewhat larger
• Access VLANs require a singlespanning tree for the whole network,because they have one filteringdatabase for all VLANs in each bridge
17Silvano Gai - 19981/6/99
Access VLANs• One-way VLANs
u Half-duplex conversations between differentVLANs
u Bridge 1 never sees F’s source on yellow orblue, nor X’s or Y’s sources on green
u Filtering database must ignore “color”
FF XX
YY2211
18Silvano Gai - 19981/6/99
Independent VLANs• It is possible to build large networks
u if the scope of each VLAN is not globalu routers plus bridged LANs are known to scale
well
• Per VLAN filtering database
• They work with:u a single spanning treeu one spanning tree per VLANu multiple VLANs in each of several spanning
trees
19Silvano Gai - 19981/6/99
Independent VLANs• They support duplicate MAC addresses
u DECNet phase IV routers and two-EthernetSun workstations
u to route some protocols and bridge others
(Route IP)
Bridge NetBEUI
Y X
X YS2S1
X
Y
When R1 bridges some protocol between X and Y ondifferent VLANs, S1 and S2 see duplicate MACaddresses for Y and X.
R1
20Silvano Gai - 19981/6/99
Number of “filtering databases”• MFD/SE
u Multiple Filtering Database - Single Entryu Natural solution for independent VLANsu Compatible with multiple spanning trees
• SFD/MEu Single Filtering Database - Multiple Entryu Solution adopted in Access VLAN to try to
support duplicated MAC addressesu Requires a single spanning tree
• Duplicate MAC addresses arecommon!!!
21Silvano Gai - 19981/6/99
Internetworking between VLANs• Using routers
u classical approachu scale well
• Layer 2 shortcutsu switches create shortcuts between VLANsu limited scalability
22Silvano Gai - 19981/6/99
• VLAN
• IEEE 802 committeesu IEEE 802.1u IEEE 802.3acu standard tagging scheme
• IEEE 802.1p
• IEEE 802.1Q
• The Cisco solution
Compass
23Silvano Gai - 19981/6/99
IEEE 802 LMSC• 802 LAN/MAN Standards Committee
u 802.1: Higher Layer Interfaces (*)n 802.1D (transparent bridging)n 802.1G (metro transparent bridging)n 802.1H (translation bridging)n 802.1D Reaffirmationn 802.1p Priorities/GARP/GMRPn 802.1Q VLANs/GVRP
u 802.3: CSMA/CD (Ethernet)n 802.3ac
u 802.5: Token Ringu Others
(*) IEEE 802.1 started working on VLANs inlate 1995 and it has still not finished
24Silvano Gai - 19981/6/99
IEEE 802.3ac• IEEE Standards for Local and
Metropolitan Area Networks:u Supplement to Carrier Sense Multiple Access
with Collision Detection (CSMA/CD) AccessMethod & Physical Layer Specification
n Frame Extension for Virtual Bridged LocalArea Networks (VLAN) Tagging on 802.3Networks.
• Draft 1
• Main topic:u Extend Maximum Frame size from 1518 to
1522 octets
25Silvano Gai - 19981/6/99
Tagging scheme
Destination Address
Source Address
EtherType = TPID
Tag Control Information
MAC Length/Type
MAC DATA
PAD
FCS
6
6
2
2
2
42-
1500
4
Used in:n IEEE 802.3acn IEEE 802.1Qn IEEE 802.1p
userpriority
CFI
VID (VLAN ID) - 12 bits
3 1
26Silvano Gai - 19981/6/99
One-level tagging• Insert Ethertype and VLAN-ID after MAC
source (or RIF), but before originalEthertype/Length (or LLC)
• Includes T-R Encapsulation bit so thatT-R frames can be carried acrossEthernet backbones without 802.1Htranslation of data contents
• 802.1p and 802.1Q share the same tag
27Silvano Gai - 19981/6/99
802.1p/Q tags
Dest Src DataLen/Etypep/Q LabelEtype FCS
Priority VLAN-ID
Token-Ring Encapsulation Flag
VLAN-ID and T-REncaps Flag are
.1Q, not .1p
RecomputeFCS
6 6 2 2 2 4...
Dest Src FCSDataLen/Etype
28Silvano Gai - 19981/6/99
• VLAN
• IEEE 802 committees
• IEEE 802.1pu Expedited traffic capabilitiesu Bridge architectureu GARP, GMRP
• IEEE 802.1Q
• The Cisco solution
Compass
29Silvano Gai - 19981/6/99
IEEE 802.1p• IEEE Standards for Local and
Metropolitan Area Networks:u Supplement to Media Access Control (MAC)
bridges: Traffic Class Expediting and DynamicMulticast Filtering
• Draft 8
• Two main topics:u Expedited traffic capabilitiesu Filtering services to support the dynamic use
of Group MAC addresses
30Silvano Gai - 19981/6/99
Expedited traffic capabilities• Priority labeling
u MAC-layer priority in the add-on tagu Priority not derived from MAC address
• Multiple output queues per output portu output queue selection based on 802.1p tagu maintains ordering only between frames at
same priority
• 802.1 is cooperating with IETF’s ISSLL(Integrated Services over SpecificLower Layers)
u mapping L3 RSVP requests to 802.1p prioritiesvia a subnet bandwidth manager
31Silvano Gai - 19981/6/99
Bridge architecture
Source PortState Information
Destination PortState Information
FilteringDatabase
Frame reception Frame discarding Frame transmission
3.7.1 3.7.2 3.7.3 Queues 3.7.4 3.7.5 3.7.6
3.7.1 Enforcing topology restriction3.7.2 Filtering Frames3.7.3 Queueing Frames
3.7.4 Selecting frames for transmission3.7.5 Mapping priority3.7.6 Recalculating FCS
32Silvano Gai - 19981/6/99
GARP• Generic Attribute Registration Protocol
u Generic attribute dissemination capabilityu Used by participants in “GARP Applications
(*)” (GARP Participants) to Register and de-register attribute values with other GARPparticipants within a bridged LAN
u Attribute types and attribute values arespecific of each GARP application
u Designed to register anything
(*) there are two GARP Applications alreadydefined: GMRP and GVRP
33Silvano Gai - 19981/6/99
GARP operation• GARP Applications
u make/withdraw declarations relative toattribute values
u this results in registration/deregistration ofattribute values in other GARP participants
u registration/deregistration is recorded in astate variable in the “Registar state machine”
n only on the port that receives the GARPPDU containing the declaration
n even on ports that are not ST forwardingu attribute values registered on ports belonging
to the active topology are propagated to all theother bridge ports belonging to the activetopology by the “Applicant state machine”
34Silvano Gai - 19981/6/99
Declaration and Registration
Aa
a a
a a
a
a
A = Declaration of attribute value Aa = Registration of attribute value A Propagation of declaration
Switch
End Station
a
A A
A
A
a
a
a
A
A A
35Silvano Gai - 19981/6/99
From two end stations
Aaa
Aa a
a a
a
a Switcha
A A
Aa
A
Aa
Aa
Aa
Aa
Aa A
A = Declaration of attribute value Aa = Registration of attribute value A Propagation of declaration
End Station
36Silvano Gai - 19981/6/99
Active topology
Aaa
Aa a
a a
a
a Switcha
A A
Aa
A
Aa
Aa
Aa
Aa
Aa A
A = Declaration of attribute value Aa = Registration of attribute value A Propagation of declaration Active topology
End Station
37Silvano Gai - 19981/6/99
GARP Participant• In each bridge it consists of a GARP
application and a GID per each port
• GID (GARP Information Distribution)u a set of state machines that defines the
current registration and declaration state of allattribute values
• GIP (GARP Information Propagation)u propagation of information between GARP
participantsu within a bridgeu between bridges
n based on LLC Type 1 service
38Silvano Gai - 19981/6/99
GARP architecture
GARPapplication
GID
GARP participant
LLC
FrameRX
FrameTX
MACrelayentity
GARPapplication
GID
GARP participant
LLC
FrameRX
FrameTX
GARPapplication
GID
GARP participant
LLC
FrameRX
FrameTX
End Station
Bridge
39Silvano Gai - 19981/6/99
GID architecture
ApplicantState
Machine
RegistarState
Machine
Attribute n state:
ApplicantState
Machine
RegistarState
Machine
Attribute n-1 state:
ApplicantState
Machine
RegistarState
Machine
Attribute ... state:
ApplicantState
Machine
RegistarState
Machine
Attribute ... state:
ApplicantState
Machine
RegistarState
Machine
Attribute C state:
ApplicantState
Machine
RegistarState
Machine
Attribute B state:
ApplicantState
Machine
RegistarState
Machine
Attribute A state:
GID
40Silvano Gai - 19981/6/99
GMRP(GARP Multicast Registration Protocol)
• Multicast group membership at MAClayer (MAC layer version of IGMP)
u Allows endstations to register for the MACmulticasts that they want
u Tracks which ports request each multicastaddress
u Allows frame switches to send multicasts onlywhere they’re needed
u Allows endstations to register for all MACmulticasts
41Silvano Gai - 19981/6/99
GMRP• GMRP attributes
u Group Membership Informationn Composition of the groupn The attribute type is the 48-bit multicast MAC
addressn Updating Filtering database to indicate the
ports on which members of the groups havebeen registered
u Default Group behavior:n Filter Unregistered Groups (default)n Forward All Groupn Forward Unregistered Group
42Silvano Gai - 19981/6/99
GMRP
Application station belonging to Group M
Group Registration entry for Group M
Application station NOT belonging to Group M
43Silvano Gai - 19981/6/99
Priority tagged frame• The 1Q/1p tag can be used also in
absence of VLANs
• Useful to carry priorities
• It is sufficient to set the VID = 0u The receiving port will retag the frame using
the PVID (Port VLAN ID)
Switch VID=0, Prio=5
PVID=4
Incoming frameThe received frame is retagged with VID = 4
44Silvano Gai - 19981/6/99
• VLAN
• IEEE 802 committees
• IEEE 802.1p
• IEEE 802.1Qu architectural modelu GVRPu relaying functionu port-based VLANs - native VLANu spanning tree issuesu interaction between 1Q and 1p
• The Cisco solution
Compass
45Silvano Gai - 19981/6/99
IEEE 802.1Q• IEEE Standards for Local and
Metropolitan Area Networks:u Virtual Bridged Local Area Network
• Draft 7
• Two main topics:u Bridged/switched networksu VLANs (Virtual LANs)
46Silvano Gai - 19981/6/99
IEEE 802.1Q• Defines the capabilities of a “VLAN-
aware” bridge
• Adds to IEEE 802.1D the VLAN supportu it interoperates with “VLAN-unaware” bridges
• Compared to proprietary solutions:u it is lateu it has a limited set of features
47Silvano Gai - 19981/6/99
Architectural choices• Per-port VLANs only
u Assigning frames to VLANs by filtering, e.g.using L3 information, is allowed but notspecified in the standard
• Single spanning tree
• Explicit taggingu one level tagging
• Supports both SFD/ME and MFD/SE
48Silvano Gai - 19981/6/99
Architectural model
Relay
Distribution ofconfiguration Information
Configuration
Registration
protocols
Ingress
rules
MIBs
Topology distribu-
tion protocols
Forwarding
rules
Egress
rules
Management
GVRP
SpanningTree
Classifying a frame as belonging to a VLAN
Forwarding or filtering the frame
Output portstagged/untagged
49Silvano Gai - 19981/6/99
802.1Q VLANs• VLANs based on three-layer approach
u Configuration: netadmin sets parametersu Distribution: switches agree on working
details (to minimize configurationrequirements)
u Relay: frames are assigned to VLANs anddistributed
• The distribution protocol is GVRPu it tells which switches want which VLANs
50Silvano Gai - 19981/6/99
Relaying function
ForwardingProcess
IngressRules
EgressRules
FrameTransmission
Port StateInformation
Port StateInformation
FrameReception
Filteringdatabase
51Silvano Gai - 19981/6/99
GVRP(GARP VLAN Registration Protocol)
• VLAN membershipu End stations and bridges may issue or revoke
declarations relating to the membership ofVLANs
u The attribute type is the 12 bits VID (VLAN ID)
• Service primitivesu ES_REGISTER_VLAN_MEMBER(VID)u ES_DEREGISTER_VLAN_MEMBER(VID)
52Silvano Gai - 19981/6/99
Port-based VLANs
VLAN A
VLAN B
accessport
VLAN-awarebridge trunk
link
VLAN A
VLAN B
accessport
VLAN-awarebridge
• Does not support user mobility nordecision based on higher levelinformation
53Silvano Gai - 19981/6/99
Native VLAN• Each physical port has a PVID (Port
VLAN-ID) to which all untagged framesare assigned
VLAN A
VLAN B
accessports
VLAN-awarebridge
trunklink
accessports
VLAN-awarebridge
VLAN-awareend station
VLAN B
VLAN-unawareend station
VLAN-unawareend station
VLAN A
VLAN B
VLAN C
VLAN-unawareend station
PVID=C
PVID=A
PVID=B
VLAN C
PVID=C
PVID=C
PVID=C
accessport
54Silvano Gai - 19981/6/99
A spanning tree problem• Mixing VLAN-aware and VLAN-unaware
switches
n If the port X is blocked the network works finen If the port Y blocks VLAN A is partitioned (the
server A is unreachable from VLAN A)
SWITCHVLAN-aware
bridge 802.1DVLAN -unaware
VLAN A
Server B(VLAN B)
VLAN B
Server A(VLAN A)
X
Y
bridge 802.1DVLAN -unaware
55Silvano Gai - 19981/6/99
A worse spanning tree problem
SWITCHVLAN-aware
SWITCHVLAN-aware
accessports
VLAN A
VLAN B
• The single spanning tree will block oneof the two VLANs
• This situation is normal andunavoidable in the case of two VLANsimplemented with ATM/LANE
Blocked
56Silvano Gai - 19981/6/99
Interaction between 1Q and 1p• 1p introduces GARP
u 1p specifies how to forward frames in amulticast environment using GMRP
• 1Q introduces GVRP and specifies howto forward frames in a VLANenvironment
u on which portsu on which VLANsu tagged or native format
• 1p specifies how to encode the framepriority