Beruflich Dokumente
Kultur Dokumente
Course Objective:
Master VLAN/PVLAN theory
Understand STP principle
Master Trunking technology
Reference:
DSLAM Technique Manual
Contents
Chapter 1 .........................................................................1
Layer 2 technology ..........................................................1
VLAN .............................................................................. 1
VLAN Protocol ........................................................................ 1
PVLAN................................................................................... 7
QinQ VLAN ............................................................................ 7
VLAN Stacking ....................................................................... 8
MVLAN .................................................................................. 8
Trunking ....................................................................... 12
Chapter
Layer 2 technology
VLAN
The VLAN (Virtual LAN) is a group of equipments on one or more
LANs, which are configured such through the management
software that they can communicate as if attached on one line.
However, they actually are located on different LAN segments.
The VLAN is based on the logical connection, rather than
physical connection, which makes it very flexible.
VLAN Protocol
Before you learn the VLAN, let us look at two concepts: Collision
domain and broadcast domain. The collision domain is the
network area occupied by a packet (regardless of its type
(unicast or broadcast)) sent from a host. While, the broadcast
domain is the network area occupied by a broadcast packet sent
from a host.
The VLAN is a logical broadcast domain, which may cross
multiple physical LAN segments. A VLAN can be created by
function, project group or application, regardless of the physical
location of the subscribers. The ports of a switch can only belong
to a VLAN. The ports of a VLAN can share broadcast, while ports
of different VLANs cannot share broadcast. This can improve the
performance and security of the network.
On the switching network, the VLAN provides segmentation
and flexibility. The VLAN technology allows you to put
subscribers (coordination personnel in a department, or product
group) into a group by putting the corresponding ports in a
group, to share some network application programs.
A VLAN may be on a separate switch or on multiple switches
interconnected. A VLAN can include all the sites in a building or
the sites in multiple buildings, or even sites crossing the WAN.
PO_SP01_E1 L2 Protocols
Operation of VLAN
Firstly, the switch operates similarly to a traditional bridge.
Each VLAN can perform address learning, data forwarding
and filtering. The switch is more advanced in that it has the
VLAN function, which can confine data forwarding to the ports on
the VLAN same as the port where the data is from. Such
stipulation applies to all packets, whether unicast, multicast, or
broadcast.
Division of VLAN
A VLAN is logical sub-net or network segment, while the
members on the network segment are defined by the subscriber.
The members of a VLAN are usually based on ports. However,
you can also divide VLANs by MAC addresses.
The most common method to divide VLANs is by geographic
location, known as local VLAN.
An End-to-End VLAN is a method to divide VLANs in the whole
switching area. This method allows a VLAN to cross several
switches or buildings. Such method is usually related to a work
group (for example, a department and a project team).
The following methods are available to divide VLAN members:
Static VLAN: It is the method to put ports into a VLAN, whose
members are divided based on ports.
Dynamic VLAN: It is the method to put a group of MAC
addresses into a VLAN through the NMS software. When an
equipment enters the network, the VLAN it belongs to is
determined based on its MAC address. This method is often
referred to as MAC based division. See FIGURE 1.
F I G U R E 1 T Y P E S O F V L AN S
Characteristics of VLAN
FIGURE 2 FLAT NETWORK
PO_SP01_E1 L2 Protocols
F I G U R E 3 A V L AN I S A B R O A D C A S T D O M A I N
PO_SP01_E1 L2 Protocols
PVLAN
In the MAC+VLAN forwarding mode, a VLAN constitutes a
broadcast domain. Broadcast packets belongs to a VLAN and
unknown unicast packets will be broadcasted to all ports of this
VLAN. In general, VLAN division relates to IP address allocation
mode. To make efficient use of IP addresses, a divided VLAN is
expected to of certain size. However, from the viewpoint of user
access data flow and data security, the number of users in a
broadcast domain shall be minimal, or even each user has an
independent broadcast domain to ensure full isolation of users.
To achieve the above two objectives, a VLAN must have two
roles: Network side interface, located in the same broadcast
domain as all subscribers; subscriber side interface, only located
in the same broadcast domain as the network side interface and
isolated from other ports.
Private VLAN (PVLAN) has two types of ports: One is normal
VLAN port and the other is PVLAN port. A normal port can
interwork with all ports in the same VLAN, but a PVLAN port
cannot interwork with other PVLAN ports.
PVLAN port refers to the port that cannot interwork in the PVLAN
but can interwork with normal ports. In actual application, it is
often served as a subscriber side port. A normal port refers to
the port that can interwork with all other ports in the PVLAN. In
actual application, a normal port is often served as a uplink port.
QinQ VLAN
The feature of QinQ VLAN is to implement the directly
transparent transmission of VLAN service to the opposite. The
principle of QinQ VLAN is that L2 equipment receives the packet
with VLAN tag from the lower level network and assigns VLAN ID
of the public network to the packet, then, forwards it to the
upper level network. The packet is forwarded through the core
network of MAN. When the packet reaches to the other side of
the core network, the VLAN tag of public network is pelt off and
the packet is resumed. Then, the resumed packet is forwarded
to the user-side device. The packet forwarded in the core
network has two 802.1q tags: the public network tag and the
private network tag. In this way, the private VLAN can
transparently forwarded to the opposite directly. The VLAN ID
resource of the public network is greatly saved.
PO_SP01_E1 L2 Protocols
VLAN Stacking
VLAN Stacking meets the user demands of VLAN expansion and
dedicated line batch service. The dedicated line batch service
indicates that multiple ISPs probably exits in a Layer 2 switching
MAN. Users utilize the outer-layer VLAN of VLAN Stacking to
identify the users ISP. The VLAN Stacking principle is described
below. The system assigns an inner-layer tag (Customer VLAN)
to the port which wan to implement Stacking service for
identifying the user. Then, it tags the outer-layer VLAN (SP
VLAN) to the port. On the network, the service is forwarded
upon the outer-layer VLAN, which is pelted off when the service
reaches to BAS device. At the BAS device, the system identifies
the user upon the inner-layer tag. VLAN Stacking functions to
locate the port.
MVLAN
MVLAN has two meanings. MVLAN corresponds to the basic
VLAN for multicast service. In addition, MVLAN is a logical entity
under the management of DSLAM multicast. MVLAN contains
three management parameters: management group set,
multicast source port set and multicast receiver port set. The
proper configuration of the three parameters is fundamental for
a MVLAN to perform correct multicast management.
Management group set: The management group set is an IP
address list of a multicast group MVLAN manages. If the
requested multicast address is not in the management group set,
the user can not obtain the relevant services the multicast
address provides. The management group set of different
MVLANs can not be overlapped.
Multicast source port: A multicast source port is a port used for
uplink multicast router or for multicast service cascade in a
MVLAN. Essentially, the multicast source port is a special port
performing the above functions in the basic VLAN. One MVLAN
can have multiple multicast source ports and one source port
can belong to multiple MVLANs.
Multicast receiver port: A multicast receiver port is such a port
which authorizes a user port with the qualification of asking for
multicast service. If the user port is not the receiver port of one
MVLAN, any broadcast request of its will be refused. In addition,
the receiver port can be used for cascade. Therefore, MVLAN
enables DSLAM to supports two services: forwarding broadcast
service directly to DSLAM and DSLAM dynamically requesting
broadcast service from the uplink broadcast device.
Spanning-Tree Protocol
Before learning the spanning tree protocol, let us first look at the
operating principle of the transparent bridge.
STP Overview
The Spanning-Tree Protocol is a protocol used to eliminate loops
on the network.
It ensures that only the path of one route is connected to the
ADSL port on the network and other bridge equipment (including
switches, bridges and routers) with other networks, for
connecting different networks. If any unnecessary path or loop is
detected, the corresponding ports will be blocked (prohibit data
transmission) to shield the unnecessary paths. However, if one
or more paths are damaged on the network topology, it will
select a good port from the ports blocked according to the
setting for data transmission, to ensure smoothness of the
network.
PO_SP01_E1 L2 Protocols
BPDU is sent from all ports once every two seconds, to ensure
firm and stable network topology and free from loops.
The root is the reference point used by all switches on the
network to determine loops. When a switch boots, it takes itself
as the root, and sets the root ID as the bridge ID. To create a
spanning tree free from loops, the first step is electing the root.
The bridge ID is composed of two parts:
path cost
port priority
The switch first views the path cost, to select the port with the
smallest cost. This value is calculated based on the rate of the
line and the number of the lines. The port with the smallest cost
10
will be set to the forwarding status, while all other ports will be
set to the blocking status.
If one or more ports have the same path cost, the switch will
evaluate the port priority. The port with the smallest port ID will
be set to the forwarding status, while all other ports will be set
to the blocking status.
Thus, by election of the root and determination of the forwarding
port, the STP determines a tree crossing all switches, forcedly
setting a redundant line to standby or closed status to eliminate
loops.
11
PO_SP01_E1 L2 Protocols
Trunking
The trunking function is the Link Aggregation technology. It
makes one or more connections form a link aggregation set
through aggregation. For MAC Client at the upper layer, link
aggregation is a logical link, but the communication capacity of
this link increases a lot. The trunking technology is used to
connect two switches. If there is no fault, the bandwidth
between two switches may increase as the physical links in the
trunk increase, but the information flows are evenly distributed
to the physical links in the trunk. When a physical link fails, it
will automatically be disabled and transmission of information to
it will be stopped. In addition, the switch will no longer allocate
information flows to the port connected with this failed link. The
failure of one or more physical links in the trunk does not affect
the connectivity between two switches, but link bandwidth will
decrease as disabled links increase. Therefore, the trunking
technology can effectively improve network bandwidth and error
tolerance. The trunking technology complies with the 802.3ad
protocol.
When link aggregation is used, pay attention to the following:
12