以太网帧结构及VLAN技术

《以太网帧结构及VLAN技术》由会员分享，可在线阅读，更多相关《以太网帧结构及VLAN技术（42页珍藏版）》请在金锄头文库上搜索。

1、Ethernet framing & VLAN technology以太网帧结构及以太网帧结构及VLAN技术技术2TOCTable of contentsEthernet Framing. p. 3Virtual Local Area Network. p.13Ethernet framingTOCEthernet-,Ethernet and EthernetIEEE-802.3 protocol: based on Xerox Network Standard (XNS)IEEE-802.3 protocol: commonly called Ethernet.3 different ver

2、sions exist:IEEE 802.3 frame with Type field and any protocol in payloadIEEE 802.3 frame with Length field and LLC headerIEEE 802.3 frame with Length field and LLC/SNAP headerEthernet v2 is a valid IEEE 802.3 frame.used in Local Area Networksuses CSMA/CD4LANTOCCommon fields in the different “flavors

3、 of EthernetSFD DA SAXXXFCSFrame Check Sequence, CRCSource MAC addressDestination MAC addressFixed sequence to alert the receiver57B1B6B6B4Bpre-amble6TOCIEEE 802.3 Ethernet frame interpretationFrame length (=1536)DASALength orTypeXXXData Link HeaderFCSBased on type or length fieldFrame size : Min 64

4、 bytes , Max 1518 bytes2B6B6B4B7TOCIEEE 802.3 frame with type fieldDASATypeP A Y L O A D (461500 Bytes)0800IP Datagram (461500 Bytes)0806ARP ReqARP Reply (28 Bytes)PAD(18 Bytes)8035RARP ReqRARP Reply (28 Bytes)PAD(18 Bytes)0x0806 = ARP0x8035 = RARP0x888E = 802.1X0x8863=PPPoE Control frames0x8864 = P

5、PPoE Data framesTYPE = 15360x0800=IPData Link HeaderFCSCommonly called Ethernet v2 FrameFrame size : Min 64 bytes , Max 1518 bytes2B6B6B4B8TOCIEEE 802.3 frame with 802.2 LLC headerDefining Service Access Points (SAPs)SAPs ensure that the same Network Layer protocol is used at thesource and at the de

6、stination.DASAlengthP A Y L O A D (431497 Bytes)DSAP SSAP1B 1BCONTR1B02 = Individual LLC Sublayer Management Function03 = Group LLC Sublayer Management Function04 = IBM SNA Path Control (individual)05 = IBM SNA Path Control (group)06 = ARPANET Internet Protocol (IP)AA = SubNetwork Access Protocl (SN

7、AP)E0 = Novell NetWareF0 = IBM NetBIOSData Link Header802.2 LLCFrame length( 05-DC hex.802.3 has a Length or Type fieldif = 05-DCIEEE802.3 Length fieldIEEE802.3 Type fieldType field gives a protocol identification (same as Ethertype)802.3 incorporates aspects of Ethernet version 2 and willreplace it

8、 for high-speed Ethernet networksEthernet v2 is a valid 802.3 frame11TOCIP over Ethernet/IEEE 802 example0800IP datagramDestination SourcePreamble Address Address(8 bytes) (6 bytes) (6 bytes)FCS(4)Length(2 bytes)IP datagramDestination SourcePreamble Address Address(8 bytes) (6 bytes) (6 bytes)06 06L

9、SAPDestination SourcePreamble Address Address(8 bytes) (6 bytes) (6 bytes)LSAPLength AA AA 03 00(2 bytes)0800FCS(4)IP FCSdatagram (4)SNAPETHERNET IIIEEE 802.3/ IEEE 802.2 LLCIEEE 802.3/ IEEE 802.2 LLC/SNAP12Virtual Local Area Networks - VLANTOCWhat is a LAN?Local Area Network (LAN)Single Broadcast d

10、omainSame SubnetNo routing betweenmembers of a LANRouting required betweenLANsCorporate LAN14Everyone can communicate witheach other on the LANTOCWhat is VLAN?Virtual Local Area NetworkVLANUsed to separate thephysical LAN into logicalLANsLogical broadcast /multicast domainVirtualInter-VLAN communica

11、tion:only via higher-layerdevices (e.g. IP routers)LAN membership definedby the network managerCorporate LANMarketing LANEngineering LANVirtualAdministration LAN15TOCVLAN benefitsPerformanceVLANs free up bandwidth by limiting traffic.Formation of Virtual WorkgroupsUsers and resources that communicat

12、e frequently with each other can begrouped into a VLAN, regardless of physical location.Simplified AdministrationAdding or moving nodes = can be dealt with quickly and convenientlyfrom the management console rather than the wiring closetReduced CostUse of VLANs can eliminate the need for expensive r

13、outersWith a VLAN-enabled adapter, a server can be a member of multipleVLANs.SecurityVLANs create virtual boundaries that can only be crossed through a router.16TOCHow VLANs WorkVLAN can be distinguished by the method used to indicatemembership when a packet travels between switches.ImplicitExplicit

14、VLAN membership can be classified byPort,Protocol typeMAC addressIP addressIEEE 802.1QExplicit802.1Q tagImplicitPort basedPort and Protocol based17PORTVLAN125718TOCLayer 1 VLAN: Membership by portMembership in a VLAN is defined based on the ports thatbelong to the VLAN.Also refered to as Port switch

15、ingDoes not allow user mobilityDoes not allow multiple VLANs to include the same physicalsegment (or switch port)123456789MACVLANMACAMACBMACCMACD19TOCLayer 2 VLAN : Memberschip by MAC addressMembership in a VLAN is based on the MAC address of theworkstation.The switch tracks the MAC addresses which

16、belong to each VLANProvides full user movementClients and server always on the same LAN regardless of locationDisadvantagesToo many addresses need to be entered and managedNotebook PCs change docking stations123456789MACAMACBMACCMACDPROTOCOLVLANIP1IPX2amble SFD20TOCLayer 3 VLAN: Membership by Protoc

17、ol typeMembership implied by MAC protocol type fieldThis is the most flexible method and provides the most logicalgrouping of userspre-DA SAP A Y L O A D (461500 Bytes) FCSLengthor TypeSUBNET /MASKVLAN138.22.24.0/24138.21.35.0/2421TOCLayer 3 VLAN: Membership by IP Subnet AddressThe network IP subnet

18、 address (layer 3 header) can be used toclassify VLAN membership123456789IP:138.22.24.5IP:138.21.35.47IP:138.21.35.58IP:138.22.24.10TOCVLAN types - Glossary/TerminologyPort based VLAN classificationVID based on port of arrivalFrame receives Port VLAN identifier PVIDDefault VIDNot standardized within

19、 802.1QInterpretation according to contextOften equals PVIDPort-and-protocol-based VLAN classificationVID based on port of arrival and the protocol identifier of the frameMultiple VLAN-Ids associated with port of the bridge VID set2223TOCVLAN link types: Access LinkAccess linkLink that is a member o

20、f only one VLANContain VLAN unaware devicesAll frames on access link are untaggedNormal ports to which we connect our network devices such as PCs.VLAN aware BridgeAccess LinkVLAN unawareworkstationTOCVLAN link types: Trunk LinkTrunk LinkCapable of carrying multiple VLANsUsed at links between switche

21、sAllowing VLANS to span over all network switchesVLAN aware BridgeVLAN aware BridgeVLAN awareworkstationTrunk LinkTrunk Link24TOCVLAN link types: Hybrid LinkHybrid LinkVLAN aware Bridge25VLAN aware BridgeContain both VLAN aware and VLAN unaware devicesAll frames for specific VLAN are tagged or untag

22、gedVLAN awareworkstationHybrid LinkVLAN unawareworkstationTOCQ-VLAN tag (IEEE 802.1Q)Also referred to as C-VLAN tagCustomer VLAN tagVLAN BridgeSFDpre-ambleDASAlengthtypeP A Y L O A D (461500 Bytes)FCSTPIDTCIQ-VLAN aware bridgecomprising a single Q-VLAN componentFrame size : Min 68 bytes , Max 1522 b

23、ytes2 bytes802.1Q tag-type (value 81 00)2 bytesTag Control Information3 bits12 bitsPriority ”p-bits” (802.1p)26 #8Vlan_ID ”Q-TAG” (802.1Q)# 4096CFITag protocol IdentifierTOC802.1Q Tag-based- Glossary/TerminologyUntagged frameA frame doesnt contain a tag headerPriority-tagged frameA frame with tag he

24、ader carries priority but no VID (VID=0)VLAN-tagged frameA frame with Q-tag header carries both priority and VID.802.1Q Tag VLANEach VLAN group has unique VIDEach member of VLAN group can talk to each otherVLAN-awareThe device can recognize and support VLAN-tagged frameVLAN-unawareThe device cant re

25、cognize VLAN-tagged frame27TOCForwarding engine - Glossary/TerminologyIngress Towards the forwardingEngineEgressOut of the forwarding engineUpstreamFrom user to networkDownstreamFrom network to user28ForwardingengineEnd-userEnd-userEthernetportIngressEgressDownstreamUpstreamTOCFilteringDatabaseForwa

26、rdingProcessPacketReceiveIngress Rule29PacketTransmitEgress Rule802.1Q ProcessIngress RuleClassify the received frames belonging to a VLANForwarding ProcessDecide to filter or forward the frameEgress RuleDecide if the frames must be sent tagged or untagged30TOCTagged frameIngress RuleVIDUntagged fra

27、meTagged frameVIDTagged framePVIDIngress RuleVLAN-aware switch can accept tagged and untagged framesTagged frame:is directly sent to the forwarding engineUntagged frame:A tag is added onto this untagged frame (with the PVID)Then the tagged frame is sent to the forwarding enginePVIDDefault Port VLAN

28、ID for incoming untagged framesTowardsForwardingProcessVIDEgressPortRegisterEgress frametype12StaticUntag13StaticTag1003StaticUntagPortMAC AddressAging200:A0:C5:11:11:110200:A0:C5:22:22:2220300:A0:C5:33:33:33301000:A0:C5:44:44:4410031TOC MAC Table VLAN TableForwarding ProcessForwarding decision is b

29、ased on the filtering databaseFiltering database contains two tables.- MAC table and VLAN tableFirst, check destination MAC address based on the MAC tableSecond, check the VLAN ID based on the VLAN tableEgress port is the allowed outgoing member port of VLANFiltering Database32TOCEgress RuleTagged f

30、rameVIDUntagged frameTagged frameVIDEgress RuleTagged frameVIDC-VID of incoming frames is determined:If C-TAG is present, C-VID is taken from tag (no translation!)If C-TAG is not present,* If supported : port and protocol are used for C-VID classification.* else, the default C-VID for that port is u

31、sed (PVID);* the standard leaves room for proprietary assignment of C-VID based on otherparametersIncoming frame is forwarded according to forwarding information baseassociated with the C-VLAN.Outgoing frame may carry C-TAG or not, depending on egress rule.33VLAN tag added by CPEVLAN tag added by ac

32、cess nodeTOCSecurity check that VLAN idis allowed on that access linee.g. outgoing port supports only taggedPrinciples of operation in a VLAN Bridge= Q/C-VLAN tagTOCObjective of VLAN stackingThe existing Ethernet technology is not enough to satisfy carrier-grade requirementsQ/C-VLAN tagonly 4094 VID

33、sScalability issueBusiness customers typically have one-to-one mappingProblem if different customers are using the same VID!no customer traffic segregationEnhancement: new Service Provider VLAN tag (S-VLAN) tobecome a carrier solutionIEEE 802.1 adDoes not only describe S-VLAN for use in VLAN-stackin

34、g34TOCIEEE 802.1ad - SystemsVLAN Bridge = Customer Bridge = .1Q BridgeTreats C-TAG only.Provider Bridge (new)Treats S-TAG only.Provider Edge Bridge (new)Contains a Provider Bridge component and a Customer BridgecomponentTreats C-TAG and S-TAG3512 bit VID.SFDDASATPIDTCIP A Y L O A D (461500 Bytes)36T

35、OCIEEE 802.1ad - TagsCustomer TAG (C-TAG)C-TAG is used to identify a Customer VLAN (C-VLAN) by means ofa Customer VLAN ID (C-VID).Service TAG (S-TAG) (new)S-TAG is used to identify a Service VLAN (S-VLAN) by means of aService VLAN ID (S-VID).Pre-standard synonyms: VMAN-tag, P-VLAN tag.IEEE802.1ad: n

36、ot finalizedDraft 3 (25 October 2004)3 bit priority,1 bit CFI,pre-ambleTag-Type: TBDFCSFrame size : Min 68 bytes , Max TBDlengthtype2 bytestag-type (TBD)2 bytesTag Control Information (TBD)TOCS-VLAN aware Bridge componentC-VLAN aware Bridge componentIEEE 802.1ad - Portsto provider equipmentProvider

37、Network Portto provider equipmentProvider Network PortCustomer Network PortCustomer Network PortInternal EISSProvider Edge Portto customer equipmentProvider Edge Portto customer equipmentCustomer Network PortInternal EISSProviderBridgeto customer equipmentYellow ports can read C-TAGs, or assign a C-

38、VID to untagged frames.Green ports can read S-TAGs, or assign an S-VID to untagged frames.37S-VLAN aware Bridge componentCustomerNW PortC-VLAN awareBridge compCustomerNW PortProviderNW PortInternalEISSProviderEdge PortTOCS-VID of incoming frames is defined:If S-TAG is present, S-VID is taken from ta

39、gIf S-TAG is not present,Same rules as for C-TAG in VLAN bridge.Incoming frame is forwarded according to forwardinginformation base associated with the S-VLAN.Outgoing frame may carry S-TAG or not (egress rule).38Operation in a provider edge bridge: single tag= S-VLAN tagS-VLAN aware bridge componen

40、tCustomerNW PortC-VLAN awarebridge compCustomerNW PortProviderNW PortInternalEISSProviderEdge PortTOCAn incoming frame on a provider edge port is forwardedinternally depending on the C-TAG.This two-step approach enables a translation of C-VID to S-VID.Incoming frame is forwarded according to forward

41、inginformation base associated with respectively the C-VLAN / S-VLAN to which the frame belongs.Outgoing frame may carry S-TAG or not (egress rule)39Operation in a Provider Edge Bridge: single tag= Q/C-VLAN tag= S-VLAN tage.g. Outgoing port supports only tagged40TOCDual VLAN VLAN StackingIEEE 802.1a

42、d DRAFT 3.0Certain vendors apply today 1Q-in-Q VLAN TagCisco, Alcatel,SFDpre-ambleDASAlengthtypeP A Y L O A D (461500 Bytes)FCSTPIDTCISingle VLAN tagFrame size : Min 68 bytes , Max 1522 bytesSFDpre-ambleDASAlengthtypeP A Y L O A D (461500 Bytes)FCSTPIDTCIDual VLAN tag”(“Vlan stacking”)TPIDTCIFrame s

43、ize : Min 72 bytes , Max TBDS-Vlan C-Vlan2 bytestag-type (TBD)2 bytesTag Control Information (TBD)41TOCDual VLAN VLAN StackingQ-in-Q VLANNot standardizedThe second VLAN tag protocol identifier is 802.1Q tag type just likein Single VLAN tagged framesSFDpre-ambleDASAlengthtypeP A Y L O A D (461500 Byt

44、es)FCSDual VLAN tag”(“Vlan stacking”)TPID TCI TPID TCIFrame size : Min 72 bytes , Max 1526 bytesS-Vlan C-Vlan2 bytesTag Control Information3 bits12 bitsPriority ”p-bits” (802.1p)#8Vlan_ID ”Q-TAG” (802.1Q)# 4096CFI2 bytestag-type (value 81 00)Tag protocol IdentifierS-VLAN aware bridge componentCustom

45、erNW PortC-VLAN awarebridge compCustomerNW PortProviderNW PortInternalEISSProviderEdge PortTOCWe now have two tagsThe S-TAG may be added and removed independently of the C-tag.A Provider Bridge ignores C-tags, except on Provider Edge PortsVLAN-stacking can occur even if the incoming frame is untagged(at provider edge port).42Operation in a Provider Bridge: VLAN stacking= Q/C-VLAN tag= S-VLAN tag