Analysis of Communication Between Different Networks

Analysis of Communication Between Different Networks

purpose of analysis

1 How do devices communicate between different networks?
2. Will there be a loop in the redundant link during the communication process?
3. What is the reason for the obvious slow access speed during the communication process?
4 During the communication process, some addresses on the same network segment are connected and some addresses are not connected, what is the matter?
5 What is the reason why the addresses of different network segments are unreachable during the communication process?

No communication between vlans - Layer 3 switch realizes communication between vlans

theoretical basis

A layer-3 switch generally divides a layer-2 network through VLANs and realizes layer-2 switching, and at the same time can realize layer-3 IP mutual access between different VLANs.

Layer 2 communication:
Before the source host initiates communication, it compares its own IP with the IP of the destination host. If the two are in the same network segment, the source host directly sends an ARP request to the destination host, and receives the ARP response from the destination host. After obtaining the other party's physical layer (MAC) address, and then use the other party's MAC address as the destination MAC address of the message to send the message

Layer 3 communication:
When the source host judges that the destination host is in a different network segment than itself, it will submit the message through the gateway (Gateway), that is, send an ARP request to obtain the MAC corresponding to the gateway IP address, and get the ARP response from the gateway , use the gateway MAC as the destination MAC of the message to send the message. At this time, the source IP of the message sent is the IP of the source host, and the destination IP is still the IP of the destination host.

Configuration practice:

Layer 3 switch
creates vlan 30 40

[Huawei]vlan ba	
[Huawei]vlan batch 30 40

Configure vlanif address

[Huawei]interface vlan 30
[Huawei-Vlanif30]ip add	
[Huawei-Vlanif30]ip address 192.168.3.1 24
[Huawei-Vlanif30]quit

Configure vlanif address

[Huawei]interface vlan 40
[Huawei-Vlanif40]ip address 192.168.4.1 24
[Huawei-Vlanif40]quit

Allow vlan30 40 to pass

[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk 
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan 30 40
[Huawei-GigabitEthernet0/0/2]display this
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 30 40
#
return
[Huawei-GigabitEthernet0/0/2]

Layer 2 switch configuration

create vlan 30 40

[Huawei]vlan ba	
[Huawei]vlan batch 30 40

Allow vlan30 40 to pass

Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port	
[Huawei-GigabitEthernet0/0/1]port lin	
[Huawei-GigabitEthernet0/0/1]port link-ty	
[Huawei-GigabitEthernet0/0/1]port link-type tr	
[Huawei-GigabitEthernet0/0/1]port link-type trunk 
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 30 40
[Huawei-GigabitEthernet0/0/1]quit

Divide port 2 into vlan 30

[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access 
[Huawei-GigabitEthernet0/0/2]port default vlan 30
[Huawei-GigabitEthernet0/0/2]quit

Divide port 3 into vlan 40

[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/2]port link-type access 
[Huawei-GigabitEthernet0/0/2]port default vlan 40
[Huawei-GigabitEthernet0/0/2]quit

The effect achieved is that PC3 can access pc4 normally

One-arm routing realizes communication between VLANs

theoretical basis

The physical interface of the router can be divided into multiple logical interfaces, and each sub-interface corresponds to the gateway of a VLAN network segment.
The router achieves communication by re-encapsulating the MAC address and converting the VLAN tag .

The one-arm routing technology allows a physical interface of the router to correspond to different VLAN data. The essence is to divide the physical interface into several sub-interfaces. These sub-interfaces are encapsulated with 802.1q tags to identify the TAG tags of different VLANs.

configuration practice

Configure the router to configure
sub-interface 1, and enable the arp broadcast request function

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]
[Huawei]interface GigabitEthernet 0/0/0.10
[Huawei-GigabitEthernet0/0/0.10]dot1q  termination vid 10
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.1.1 24
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable 
[Huawei-GigabitEthernet0/0/0.10]quit

Configure sub-interface 2 and enable the arp broadcast request function

[Huawei]interface GigabitEthernet 0/0/0.20
[Huawei-GigabitEthernet0/0/0.10]dot1q  termination vid 20
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.2.1 24
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable 
[Huawei-GigabitEthernet0/0/0.10]quit

Layer 2 switch configuration

Allow vlan10 20 to pass

Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk 
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[Huawei-GigabitEthernet0/0/1]quit

Divide port 2 into vlan 10

[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access 
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]quit

Divide port 3 into vlan 20

[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/2]port link-type access 
[Huawei-GigabitEthernet0/0/2]port default vlan 20
[Huawei-GigabitEthernet0/0/2]quit

Realize that pc1 can access pc2

Summary
What happens in the communication process without communication between vlans?
Through the packet analysis of unreachable interfaces, that is, the process of Layer 2 broadcast and Layer 3 forwarding is simple.

Is it possible to boast vlan communication without using Layer 3 equipment?

Theoretical basis:

The basis for communication between vlans is whether the ip addresses of the two pcs are in a broadcast domain, that is, whether the two addresses are in a subnet address range.

Experimental verification:

Two Layer 2 switches divide their PCs into vlan 20 and vlan40 respectively,

Switch 5 configuration
divides both port 1 and port 2 into vlan30 and sets it as access

[Huawei]vlan 30
[Huawei-vlan30]quit
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link-type access 
[Huawei-Ethernet0/0/1]port default vlan 30
[Huawei-Ethernet0/0/1]dis this
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 30
#
return
[Huawei-Ethernet0/0/1]
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 30 
[Huawei-Ethernet0/0/2]dis this
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 30
#
return
[Huawei-Ethernet0/0/2]

The configuration of switch 3
is the same, divide both port 2 and port 3 into vlan40, and set it as access

Result: The network is unreachable.
I can't find 192.168.4.10 through the broadcast message. So I went to the gateway 192.168.3.1 to inquire, and of course I couldn't find it.

If you delete the gateway of the pc and go to ping, what will happen?
Answer; It directly displays unreachable, and the message will not be sent to the switch. The unreachable result is judged locally, that is, mask calculation.

Thoughts (doesn't happen in real environment):

On the same network segment, can PCs of different vlans communicate?
Answer: It is possible to communicate by stripping off vlan tags.

Will there be any problems with the communication between VLANs in the Layer 3 switch of the dual-link network architecture?

Theoretical basis:

Feasibility analysis: This situation will be encountered in real life. The customer only has one switch, but there are two domains, which need to be divided.
Communication route: PC3—>L2002–>L2001–>L3003–>L3001–>L2004–>L2003–pc4
is theoretically possible.

Practice results have proved that if there is a dual link between the second layer and the third layer, there will be a line that cannot communicate between VLANs due to some reasons.

practice:

Layer 3 switch configuration

具体配置命令参考前面命令配置，以下为简述
1  交换机的3口给一个trunk，并只允许vlan 30通过。
2  交换机的2口给一个trunk，并只允许vlan 40通过。
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 30
#

Layer 2 switch configuration

具体配置命令参考前面命令配置，以下为简述
1  交换机的1口给一个trunk，并只允许vlan 30通过。
2  交换机的4口给一个trunk，并只允许vlan 40通过。
3  将交换机2口给一个access，并划分到vlan 30.
3  将交换机3口给一个access，并划分到vlan 40.

#
interface Ethernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface Ethernet0/0/2
 port link-type access
 port default vlan 30
#
interface Ethernet0/0/3
 port link-type access
 port default vlan 40
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 40

Result:
PC3 cannot access the gateways of vlan 30 and vlan 40

PC4 cannot access the gateways of vlan 30 and vlan 40.
Analysis:
PC3 sends icmp packets of 192.168.3.1, captures packets on the uplink ports 1 and 4 of the second-layer device, and no message appears.
PC4 sends icmp packets of 192.168.4.1, captures packets on the uplink ports 1 and 4 of the second-layer device, a message appears on port 4, and there is no message on port 1. achieve the desired effect.

To explore the problem, remove line B and keep the configuration unchanged.
PC3 can access the gateway of vlan 30 and the gateway of vlan 40.

What is the cause of this problem? I look forward to exploring the reasons with you. If you have other ideas, you can leave a message in the comment area.