【New Star Project · 2023】Explanation of the principle of one-arm routing

Enterprise 2023-06-05 07:16:37 views: null

One-arm routing refers to the way of configuring sub-interfaces on an interface of a router, so that VLANs that were originally isolated from each other can communicate with each other.

1. Overview of one-arm routing

In the network, VLAN technology is used to realize functions such as isolated broadcasting , convenient management, and improved security . Once VLANs are divided, the same VLAN can communicate with each other, and different VLANs are prohibited from communicating with each other.

Here comes the problem! ! !

In a real enterprise environment, departments and servers belong to different VLANs . If different VLANs cannot communicate with each other , clients cannot access services provided by other departments and servers . This is like improving the company's network Security, directly disconnecting the link between the corporate network and the Internet. Security needs to be improved, but it directly affects the use of Internet resources by employees. This approach is obviously not feasible.

So in the actual production environment, how to ensure that the VLAN of the employee's department can communicate with the VLAN of the server?

The main function of enterprise VLAN division is to isolate broadcasting . As long as the communication problem between different VLANs is solved , normal communication can be realized under the premise of ensuring isolated broadcasting, that is, the communication technology between VLANs.

There are many technologies to realize inter-VLAN communication, and the typical ones are implemented through Layer 3 switches and single-arm routing . But no matter which method, it must be realized with the help of three-tier equipment .

Reasons for needing to use layer 3 devices:

If the communication problem between VLANs is solved through Layer 2 devices, broadcasts can also be transmitted across VLANs.

2. The principle of one-arm routing

Assume that host A belongs to VLAN 10 and host B belongs to VLAN 20 , and the two hosts are respectively connected to F0/1 and F0/2 interfaces of SW1.29c1a972e745485a81279b73de00e3e0.jpg

Since the two hosts are logically separated by the switch , they cannot communicate directly . And according to experience, the IP addresses assigned to hosts in different VLANs generally belong to different network segments , so the communication between hosts in different network segments must use a gateway.

The above analysis shows that in order to achieve inter-VLAN communication, other devices , such as routers, must be used . The following analyzes several issues to understand the concept of inter-VLAN routing in detail.

1. Link type

First of all, we need to know the link type in the above figure. The link connecting the two hosts is undoubtedly an Access link .

The key question is what is the link between the router and the switch?

Host A and host B belong to different VLANs , and the traffic sent by the two hosts may pass through this link. Therefore, this link is a trunk link.

2. Sub-interface

Host A communicates with host B. Because the two parties belong to different network segments , host A first needs to communicate with the gateway . The gateway of host A is R1 , and the gateway of host B is also R1.

How can a router interface become a gateway for multiple network segments?

This requires everyone to understand the concept of sub-interfaces. A physical interface of a router can be divided into multiple logical interfaces , and these divided logical interfaces are vividly called sub-interfaces.

Example: F0/1 interface can be divided into multiple sub-interfaces such as F0/1.1, F0/1.2, F0/1.3, etc. It is worth noting that these logical sub-interfaces cannot be enabled or disabled independently. When it is enabled or disabled, all sub-interfaces of this interface will be enabled or disabled accordingly.

3. Routing between VLANs

With the addition of a router, different VLANs can be forwarded through the router . The router itself isolates broadcasts , so it can also isolate broadcasts on the premise of solving inter-VLAN communication.

If a Layer 3 device needs routing information to forward data between different network segments, do I need to configure routing information?

The answer is that there is a route , but it does not need to be configured . When we configure a sub-interface on the router and configure an IP address for the sub-interface, the direct route already exists, and the data forwarding between VLANs can be realized through the direct route. . In order to facilitate understanding, the topology information in the above figure can hide the detailed information of the second layer between VLANs, and only display the information of the third layer, just like hiding the internal road information of each province in a detailed national map. Displaying the main road information between provinces can make the map look clearer overall. As shown below:5d59e349ed974ef59ba7a416b89d75ab.jpg

4. Conversion of VLAN ID

In the process of forwarding data, in addition to re-encapsulating the MAC address of the data , R1 also needs to convert the VLAN ID . When host A sends a data frame to the gateway router, the ID in the data frame belongs to VLAN 10. When the data is transmitted from When forwarded by the router, the VLAN ID is converted to VLAN 20 , as shown in the figure below:

9904ccd91a9f44148da937ac398bd6c6.jpg

From the description of the above three questions, we should have a simple understanding of inter-VLAN routing. This process is shown below for an example of host A communicating with host B.

(1) As shown in the table below, the destination IP address of the data sent by host A is the IP address of host B, and the destination MAC address is the MAC address of the gateway, that is, the MAC address of the F0/0.1 interface of R1 (the process of ARP is omitted here). Because the data frame is sent by the host, there is no identification.

dd43ecb0645e4f539142a20fed5f8c1d.jpg

(2) The switch is a layer-2 device , so it will not re-encapsulate the frame structure of the layer-2 , but since the forwarding direction is the Trunk link , the switch needs to encapsulate the VLAN ID for the data frame , so the data forwarded from the switch The only change is the VLAN ID.

(3) The router will re-encapsulate the Layer 2 data frame , so the destination and source MAC addresses are changed . In addition, the data forwarded by the router will belong to the new broadcast domain - VLAN20 , so the router needs to replace the data frame VLAN ID in .

(4) The switch will forward the data frame again, and the difference from the step (2) is that it removes the identifier in the data frame.

 

 

Guess you like

Origin blog.csdn.net/m0_73995538/article/details/130775301
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com