Virtual LAN VLAN_Basic knowledge

Overview of Virtual LAN VLAN

1. The background of the birth of virtual LAN VLAN

• A switched Ethernet network is created by connecting multiple sites through one or more Ethernet switches.

• All stations in a switched Ethernet network belong to the same broadcast domain.

• As the size of switched Ethernet increases, the broadcast domain also expands accordingly.

• A huge broadcast domain will bring a series of problems:

  • Broadcast storm: Broadcast storm will waste network resources and CPU resources of each host.
  • Difficult to manage and maintain, resulting in potential security risks

• Many protocols in the TCPIP protocol stack use broadcasts:

  • Address Resolution Protocol ARP
  • Routing Information Protocol RIPv1
  • Dynamic Host Configuration Protocol DHCP

• NetBEUI: Broadcast protocol used under Windows

• IPX/SPX: Protocol Stack for Novell Networks

• Apple Talk: Apple’s network protocol stack

• 分割广播域Methods:

  • Broadcast domains can be isolated using routers (higher cost)
  • Virtual LAN technology emerged as the times require

Therefore, in order to divide the broadcast domain, the introduction of virtual LAN VLAN overview

• Virtual Local Area Network (VLAN) is a technology that divides the sites in the LAN into 与物理位置无关的逻辑组. A logical group is a VLAN, and each site in the VLAN has Certain common application requirements.
• Sites belonging to the same VLAN can communicate directly with each other, but sites in different VLANs cannot communicate directly.
• Network administrators can configure each switch in the LAN to create multiple logically independent VLANs.
  • Multiple sites connected to the same switch can belong to different VLANs, and multiple sites belonging to the same VLAN can be connected to different switches.
    Virtual LAN VLAN is not a new type of network, it is just a service that LAN can provide to users.

2. Implementation mechanism of virtual LAN VLAN

• Virtual LAN VLAN has a variety of implementation technologies, the most common one is基于以太网交换机的接口来实现VLAN. This requires the Ethernet switch to implement the following two functions:
  • (1) can handle frames with VLAN tags, that is, IEEE 802.1Q帧.
  • (2) Each interface of the switch can support不同的接口类型, and interfaces of different interface types process frames differently.

(1).IEEE 802.1Q frame

• IEEE 802.1Q frame is also called Dot One Q frame, which extends the MAC frame format of Ethernet V2: inserting 4字节的VLAN标签 between the source address field and the type field (tag) field.
  
  Note that the maximum length is 1518 bytes for one and 1522 bytes for the other.
  Compared with the MAC frame of Ethernet V2, 802.1Q frame has more VLAN tags
  

• 标签协议标识符TPID:The length is 16 bits, and its value is fixed at 0x8100, indicating that the frame is an IEEE 802.1Q frame.

• 优先级PRI: The length is 3 bits, and the value range is 0~7. The larger the value, the higher the priority. When the network is blocked, the device sends 802.1Q frames with high priority first.
  

• 规范格式指示符CFI:The length is 1 bit. A value of 0 indicates that the MAC address is encapsulated in a canonical format. A value of 1 indicates that the MAC address is encapsulated in a non-canonical format. For Ethernet, the value of CFI is 0.

• 虚拟局域网标识符VID: The length is 12 bits, and the value range is 0~4095, of which 0 and 4095 are reserved and not used. VID is the number of the VLAN to which the 802.1Q frame belongs. The device uses VID to identify the VLAN to which the frame belongs. Broadcast frames are only forwarded within the same VLAN, thus limiting the broadcast domain to one VLAN.
  Note:

• 802.1Q frames are generally not processed by the user host, but by the Ethernet switch:

  • When the switch receives an ordinary Ethernet MAC frame, it inserts a 4-byte VLAN tag into it to make it an 802.1Q frame. This process is referred to as "tagging".
  • When a switch forwards an 802.1Q frame, it may remove its 4-byte VLAN tag and turn it into an ordinary Ethernet MAC frame. This process is referred to as "de-tagging". The switch may not perform "removal" processing when forwarding 802.1Q frames. Whether to perform "removal" processing depends on the interface type of the switch.

(2).Interface type of Ethernet switch

• Depending on how the interface processes frames when receiving and sending frames, and the objects to which the interface is connected, the interface types of Ethernet switches are generally divided into Access and Trunk.
• After the Ethernet switch is powered on and started, if no VLAN-related settings have been made for each interface before, the interface type of each interface defaults to Access, and the default VLAN ID of each interface is 1, that is, each interface defaults to VLAN1 .
  • For Cisco switches, the default VLAN ID of the interface is called the native VLAN (Native VLAN).
  • For Huawei switches, the default VLAN ID of the interface is called Port VLAN ID, abbreviated as PVID
    Note:交换机的每个接口有且仅有一个PVID

Example 1: There is no artificial VLAN division on a switch, and each interface of the switch belongs to VLAN1 by default and is of type Access
To put it simply, the following situation is the switch VLAN Initialization situation

Example 2: The situation of dividing two different VLANs on a switch.
Different PVIDs

Example 3: Two switches are interconnected through a Trunk-type interface, and the Trunk interface forwards the 802.1Q frame after "unlabeling" it.

Example 4: Two switches are interconnected through a Trunk type interface, and the Trunk interface directly forwards 802.1Q frames.

Summary: Access接口 and Trunk接口
Access interface: Access interface is generally used to connect user computers. Since it can only belong to one VLAN, Therefore, the PVID value of the Access interface is the same as the ID of the VLAN to which it belongs, and its default value is 1.

• receive processing
  • Generally, only "untagged" ordinary Ethernet MAC frames are accepted, and the frame is "tagged" according to the PVID of the interface receiving the frame, that is, a 4-byte VLAN tag field is inserted. The VID value in the VLAN tag field is the interface's PVID value.
• Forward processing
  • If the VID value in the frame is equal to the PVID value of the interface, the frame will be "unlabeled" before forwarding, otherwise the frame will not be forwarded. Therefore, the frames forwarded from the Access interface are ordinary Ethernet MAC frames without VLAN tags.
    Trunk interface: Trunk interface is generally used for interconnection between switches. A Trunk interface can belong to multiple VLANs, that is, a Trunk interface can pass frames belonging to different VLANs. The default PVID value of a Trunk interface is 1, which is generally not recommended for users to modify. If the PVID values ​​of interconnected Trunk interfaces are not equal, forwarding errors may occur.
• receive processing
  • It can receive both "untagged" ordinary Ethernet MAC frames and "tagged" 802.1Q frames. When a normal Ethernet MAC frame is received, the frame is "tagged" according to the PVID of the interface that receives the frame, which is the same as the processing of the Access interface.
• Forward processing
  • For 802.1Q frames whose VID value is equal to the PVID value of the interface, they will be "de-tagged" and forwarded; for 802.1Q frames whose VID value is not equal to the PVID value of the interface, they will be forwarded directly. Therefore, the frames forwarded from the Trunk interface may be ordinary Ethernet MAC frames or 802.1Q frames.
    Extension:Hybird interface
• Hybrid interface is a proprietary interface type of Huawei switches. The Hybrid interface can be used for interconnection between switches (the same as the Trunk interface), or for the interconnection between the switch and the user computer (the same as the Access interface).
• In addition, most functions of the Hybrid interface are the same as those of the Trunk interface. The difference lies in the forwarding processing of the Hybrid interface: the Hybrid interface will check whether the VID value of the frame is in the "remove label" list of the interface. If it exists, it will "remove the label" and then forward it. If it does not exist, it will forward it directly.

example