IEEE 802.1v RWU 2002 1 Protocol-based VLAN (IEEE 802.1v) by Robert Wu ( 吳經義 ) August 30, 2002.
38
1 IEEE 802.1v RWU 2002 Protocol-based VLAN (IEEE 802.1v) by Robert Wu ( 吳吳吳 ) August 3 0, 2002
-
Upload
rosa-franklin -
Category
Documents
-
view
303 -
download
0
Transcript of IEEE 802.1v RWU 2002 1 Protocol-based VLAN (IEEE 802.1v) by Robert Wu ( 吳經義 ) August 30, 2002.
1IEEE 802.1v RWU 2002
Protocol-based VLAN (IEEE 802.1v)
by
Robert Wu ( 吳經義 )
August 30, 2002
2IEEE 802.1v RWU 2002
AGENDA
I.I. Virtual LAN ConceptVirtual LAN Concept
II. Ethernet Frame Format
III. How to Implement Protocol-based VLAN
3IEEE 802.1v RWU 2002
Standard & References
1. IEEE Draft P802.1v/D6 Standard for Supplement to IEEE 802.1QVLAN Classification by Protocol & Port Nov. 28, 2000
2. IEEE Standards for Local & Metropolitan Area Networks :Virtual Bridged Local Area Networks July, 1998
3. IEEE StandardFrame Extensions for Virtual Bridged Local Area Network(VLAN) Tagging on 802.3 Networks IEEE std 802.3ac-1998
4. A Standard for the Transmission of IP Datagrams overIEEE 802 Networks RFC 1042, Feb. 1988
5. Recommended Practice for MAC Bridging of Ethernet V2.0in IEEE 802 Local Area Networks IEEE802.1H, 1995
6. Draft Standard for Local & Metropolitan Area Networks:Overview and Architecture IEEE P802/D29, 2001
7. The Switch Book by Rich Seifert 2000
4IEEE 802.1v RWU 2002
VLAN technology allows users to separate logical connectivityfrom physical connectivity. Users are still connected viaphysical cables to physical wiring devices, but the connectivityview from application is no longer restricted to the bounds ofphysical topology.
Virtual LAN Concept
1 2 3 4 5 6 7 8
9
10 11 12
13
14 15 16
ES #2ES #2 ES #3ES #3
ES #1ES #1
17
18
19
5IEEE 802.1v RWU 2002
Port-based VLAN
MAC-based VLAN
Protocol-based VLAN
Layer-3(Network)-based VLAN
Application-based VLAN
VLAN Membership
6IEEE 802.1v RWU 2002
MAC client data
Destination Address
Source Address
S F DPreamble
802.1Q Tag Type
TAG Control InformationMAC Length/Type
F C S
81-00TCI
7 octets
1 octet
6 octets
6 octets
2 octets
2 octets
2 octets
4 octets
42-1500 octets
Tagged Ethernet Frame Format
7IEEE 802.1v RWU 2002
User_priority VLAN Identifier(VID)
1 3 4 5 8 12 15
CFI
CFI is the Canonical Format Indicator Tag header contains Tag Protocol ID & Tag Control Information(TCI) Tag Header is inserted between last octet of source field and first octet of Type/Length field
Tagged Frame Format(Con’t)
8IEEE 802.1v RWU 2002
Typ
e
DA SA
Typ
e
DA SA Tag
TPID COS CFI VLAN id
802.1Q Tagged frame
Untagged frame
6 bytes
6 bytes 2 bytes
4 bytes
Remainder of frame
Remainder of frame
16 bits 3 bits 1 bit 12 bits
Ethernet Frame Format
6 bytes
6 bytes
9IEEE 802.1v RWU 2002
Generic Generic RouterRouter R
Switch witSwitch with multiple h multiple
FDBs FDBs
1 2 4
25
5
VLA VLB
Sv1
ES2
ES1
ES4
ES3
12 13
R1 R2
IP.1.0 IP.2.0
IP.1.0 IP.2.0
IP.1.AIP.2.B
Could also Could also use .1Q trunk—use .1Q trunk—Trunks must be Trunks must be
taggedtagged
All VLANs can share All VLANs can share a single server—less a single server—less
routingrouting
Individual VLAN Learning
10IEEE 802.1v RWU 2002
Generic Generic RouterRouter R
Switch Switch with with
SFDB SFDB
2 4 5
Sv1
ES2
ES1
ES4
R1 R2
IP.1.0 IP.2.0
IP.1.0 IP.2.0
IP.1.AIP.2.B
ES3
1
25 12 13
All VLANs can share All VLANs can share a single server—less a single server—less
routingrouting
VLAN AVLAN B
Shared VLAN Learning
11IEEE 802.1v RWU 2002
IPX user-1
IP user-2
UNIX IP
IP user-6
Host-7
IPX Server
EtherSwitch-12
Host-10
VLAN-2
VLAN-4
VLAN-27
AppleTalk ServerIPX user-4
IP & IPX user-9
IP user-5
EtherSwitch-13
Protocol-based VLAN
Match “port” and “protocols”
12IEEE 802.1v RWU 2002
Ethernet Data
IP Protocol DataIP HDR
Destination Address SourceAddress
Type or Length
CRC
(Type=0x0800 )(Type=0x0800 )
The IP layer is responsible for transferring data across routersbetween hosts on the Internet.
IP Frame EncapsulationIP Frame Encapsulation
13IEEE 802.1v RWU 2002
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
VERS LEN Type Of ServiceType Of Service Total Length
Identification Fragment OffsetFlags
Time To live Time To live ProtocolProtocol Header Checksum
Source IP Address
Destination IP AddressDestination IP Address
Option Padding
D A T A
Total: 20 bytes
0
4
8
C
E
10
14
Protocol field:Protocol field:1 - ICMP2 - IGMP6 - TCP8 - EGP17 - UDP89 - OSPF
IP Header FormatIP Header Format
14IEEE 802.1v RWU 2002
I. Virtual LAN Concept
II. Ethernet Frame FormatEthernet Frame Format
III. How to Implement Protocol-based VLAN
15IEEE 802.1v RWU 2002
PreambleDestination
MAC AddressSource
MAC Address Type CRC
8 bytes 6 6 2 0-1500 4
IP Datagram
Ethernet II Frame
IEEE 802.3 with SNAP Frame
IPPacket
Control03
SSAPAA
DSAPAA
OUI/Protocol ID00 00 00 08 00
PreambleDestination
MAC AddressSource
MAC Address Length CRC
8 bytes 6 6 2 4
DATA
0-1500
Note : OUI – 0000F80000F8 for Bridge Tunnel Encapsulation Protocol
Ethernet Frame Format
16IEEE 802.1v RWU 2002
FC DA SA AA-AA-03 00-00-00 8100 0002 Packet...AA-AA-03 00-00-00 Len
SNAP Encoded10 bytes
Tagged Ethernet Frame Format
17IEEE 802.1v RWU 2002
Standard network layer protocols have been assigned reservedLLC addresses in ISO/IEC TR 11802.1.Other protocols are :
1) local assignment of LSAPs; 2) Sub-Network Access Protocol (SNAP)
Multiple protocols above LLC sublayerMultiple protocols above LLC sublayer
BPDU DataControl
03SSAP
42DSAP
42OUI/Protocol ID00 00 00 00 00
IPPacket
Control03
SSAPAA
DSAPAA
OUI/Protocol ID00 00 00 08 00
or
Typ
e
DA SA
6 bytes 2 bytes
Remainder of frame
6 bytes
Copy CopyConstant
18IEEE 802.1v RWU 2002
Length Field Interpretation Undefined Type Field Interpretation
hex 0000 05DC 0600 FFFF
decimal 0 1500 1536 65535
<----- Length FieldLength Field Type Field -Type Field ------->(IEEE 802.3 format) (DIX format)
Packet DataLLC
ControlLLC
SSAPLLC
DSAPOUI/Protocol ID00 00 00 08 00
PreambleDestination
MAC AddressSource
MAC AddressLength/
Type CRC
8 bytes 6 6 2 4
DATA
0-1500
51 1 1
Ethernet MAC Frame
Ethernet MAC frame format includes 16-bit type/length value:
19IEEE 802.1v RWU 2002
DSAP SSAP Control
OUI/Protocol ID
802.3/4/5 MAC
802.2 LLC
802.3 SNAP
MAC Header
Header Format in Header Format in RFC1042RFC1042
20IEEE 802.1v RWU 2002
DA/SALength-encapsulated 802.3 frameType
DA/SA Length FF-FF
DA/SA Length AA-AA-03 00-00-00 Type
DA/SA Length AA-AA-03 Protocol ID
DA/SA Length AA-AA-03 00-00-F8 Type
DA/SA 81-00 TCI
Type-encapsulated IPX Raw frame
Length-encapsulated 802.3 frame(RFC 1042)
Length-encapsulated 802.3/SNAP frame
Length-encapsulated 802.3 frame(802.1H)
802.3 tagging frame
Ethernet-2
LLC_other
RFC_1042
SNAP_other
SNAP_8021H
Tagged
Frame Types
21IEEE 802.1v RWU 2002
I. Virtual LAN Concept
II. Ethernet Frame Format
III.III. How to Implement Protocol-based VLANHow to Implement Protocol-based VLAN
Protocol-based VLAN per port-based,Protocol-based VLAN per port-based, not for whole systemnot for whole system
Detect the value of the Length/Type fieldDetect the value of the Length/Type field in a MAC framein a MAC frame
22IEEE 802.1v RWU 2002
Tagged Frame?
MAC belongs toMAC VLAN?
IP SA belongsTo IP VLAN?
Ether Type belongs toone of Protocol-based VLAN?
Frame associated to matchingVLAN(tag = VLAN ID)
Frame associated to matchingVLAN(MAC-based VLAN)
Frame associated to matchingVLAN(IP subnet-based VLAN)
Frame associated to matchingVLAN(Protocol-based VLAN)
Yes
Yes
Yes
Yes
No
No
No
No
Frame associated to matchingVLAN corresponding to the port
Frame ClassificationFrame Classification
Order of precedence in VLAN membership:VLAN ID, MAC-based VLAN, IP subnet-based VLAN,Protocol-based VLAN, then port-based VLAN.
23IEEE 802.1v RWU 2002
Protocol-based VLANsProtocol-based VLANs
For Layer 3 module, protocol-based VLANs enable you to use protocoltype and switching ports as the distinguishing characteristic for yourVLANs.
Important Consideration
When you create this type of VLAN interface, review these guidelines :
. If you plan to use the VLAN for bridging purposes, select one or more protocols per VLAN. Select them one protocol at a time. . If you plan to use the VLAN for routing, you can select one or more protocols per VLAN, one protocol at a time, and subsequently define a routing interface for each routable protocol that is associated with the VLAN. You can perform routing as follows : ~ You can route between VLANs defined on Layer-3 modules ~ You can use a Layer 3 module to route between VLANs that are defined on Layer 3 modules . The Layer 3 modules support routing for two protocol suites : IP & IPX. . To define a protocol-based VLAN interface, specify this information :
24IEEE 802.1v RWU 2002
~ The VID, or accept the next-available VID ~ The switching ports that are part of the VLAN interface. (If you have trunk ports, specify the anchor port for the trunk) ~ The protocol for the specified ports in the VLAN ~ IEEE 802.1Q tagging must be selected for ports that overlap on both port and protocol (for example, if two IPX VLANs overlap on port 3). ~ The name of this VLAN interface.
. If you use IP as the protocol and also specify a Layer 3 address, the protocol-based VLAN becomes a network-based VLAN. You should consider removing an network-based VLANs and defining multiple IP interface per VLAN.
The protocol suiteprotocol suite describes which protocol entities can comprise a protocol-based VLAN. For example, VLANs on the Layer 3 module support the IPprotocol suite, which has three protocol entities (IP, ARP, and RARP).
25IEEE 802.1v RWU 2002
Protocol Protocol Entries No. of protocol No. of protocol Suite Suites in a Suite
IP IP, ARP, RARP(Ethernet-2, SNAP PID 1 3Novell IPX(supports all of below 4 IPX types) 4 2 IPX IPX-type II(Ethernet-II) 1 1 IPX-802.2 LLC(DSAP/SSAP : 0xE0) 1 0 IPX-802.3 Raw(DSAP/SSAP : 0xF0) 1 0AppeTalk DDP, AARP(Ethernet-II, SNAP PID) 1 2Xerox XNS IDP, XNS address translation, XNS 1 3XNS compatibility(Ethernet-II, SNAP PID)DEXnet DEC MOP, DEC Phase IV, DEC LAT, 1 5 DEC LAVC(Ethernet-II, SNAP PID) SNA SNA service over Ethernet(Ethernet-II 2 1 DSAP/SSAP : 0x04 & 0x05) Banyan Banyan(Ethernet-II, DSAP/SSAP : 0xBC 1 1 , SNAP PID)X.25 X.25 Layer-3(Ethernet-II) 1 1NetBIOS NetBIOS(DSAP/SSAP : 0xF0) 1 0Default Default (all protocol types) 1 1(unspecific)
Support Protocol Suites Support Protocol Suites for VLAN Configurationfor VLAN Configuration
26IEEE 802.1v RWU 2002
Your Layer 3 modules impose two important limits regarding the number ofVLANs and the number of protocols :
. Number of VLANs supported - To determine the minimum number of VLANs that the Layer 3 module can support, use the equation described in “Number of VLANs” here. A Layer 3 module supports a maximum of 64 VLANs. . Maximum number of protocols - Use the value 15 as the limit of protocols that can be implemented on the Layer 3 module. A protocol suite that is used in more than one VLAN is counted only once towards the maximum number of protocols.
Establishing routing between VLANs
Your Layer 3 modules support routing IP, IPX VLANs. If VLANs are configuredfor other routable network layer protocols, they can communicate between themonly via an external router or a Layer 3 module configured for routing.
The Layer 3 module’s routing over bridging model lets you configure routingprotocol interfaces based on a static VLAN defined for one or more protocols.
27IEEE 802.1v RWU 2002
You must first define a VLAN to support one or more protocols and then assignA routing interface for each protocol associated with the VLAN.
Important Considerations
To create an IP interface that can route through a static VLAN, you must :
1. Create a protocol-based IP VLAN for a group of switching ports. (If the VLAN overlaps with another VLAN on any ports, be sure that you define in in accordance with the requirements of your VLAN mode).
(This IP VLAN does not need to contain Layer 3 information unless you want a network-based IP VLAN).
2. Configure an IP routing interface with a network address and subnet mask and specify the interface type vlan.
3. Select the IP VLAN interface index that you want to bind to that IP interface. If Layer 3 information is provided in the IP VLAN interface for which you are configuring an IP routing interface, the subnet portion of both addresses must be compatible.
28IEEE 802.1v RWU 2002
For example : . IP VLAN subnet 157.103.54.0 with subnet mask of 255.255.255.0 . IP host interface address 157.103.54.254 with subnet mask of 255.255.255.0
Layer 2 (bridging) communication is still possible within an IP VLAN (orrouter interface) for the group of ports within that IP VLAN. For IVL,IP data destined for a different IP subnetwork uses the IP routing interface toreach that different subnetwork even if the destination subnetwork is on ashared port. For SVL, using the destination MAC address in the frame causesthe frame to be bridged; otherwise, it is routed in the same manner as for IVL.
4. Enable IP routing.
You perform similar steps to create IPX routing interfaces.
Example 1: Routing between Layer 3 modules
The configuration in Figure shows routing between Layer 3 modules.in this configuration :
29IEEE 802.1v RWU 2002
Dest Src Length D A T AD A T A FCS
FFFF IPXHeader
NetWare Core Protocol
IPX Raw Frame FormatIPX Raw Frame Format
30IEEE 802.1v RWU 2002
Dest Src Length 802.2 D A T A FCS
DSAP E0E0
SSAP E0E0
Cntl 0303
IP protocolIP protocol 8137
IPX header
IPX-802.2 Frame FormatIPX-802.2 Frame Format
31IEEE 802.1v RWU 2002
Dst Src Length 802.2SNAP DATA FCS
DSAP AA
SSAP AA
Cntl 0303
Prot ID
000000Type
8137
IPX HeaderIPX Header
IPX-802.3/802.2/SNAP Frame Format
32IEEE 802.1v RWU 2002
SAP Values for FrameSAP Values for Frame
SNA IP SNAP Banyan IPX-802.2 NetBIOS Lan Mgr. IPX-802.3
04 06 AA BC E0 F0 F4 FF
For example :IP can be encapsulated in an “Ethernet” frame 3 ways : Ethernet-II frame Type = x0800 802.3 with 802.2 frame SAP code = x06 802.3 with SNAP frame SAP code = xAA (indicates SNAP header)
Control = x03SNAP OUI = x000000 (indicates SNAP Ether type
same as Ethernet-II type)SNAP Ether type = x0800
33IEEE 802.1v RWU 2002
Protocol Suites Protocol Entries DSAP/SSAP
IP 0800 (IP)0806 (ARP)0835 (RARP)
IPX-II 8137IPX 802.2 LLC E0E0IPX Raw FFFFIPX 802.3 SNAP AAAAXNS 0600 (NS IDP)
06010807 (XNS)
AppleTalk 809B80F3(AARP)
DECnet 6001 (MOP)6002 (MOP)6003 (Phase IV)6004 (LAT)6007 (DIAG)
SNA 80D5 040405050504
X25 0805NetBIOS F0F0Banyan VINES 0BAD BCBC
Protocol Suites Protocol Suites ConfigurationConfiguration
34IEEE 802.1v RWU 2002
IEEE 802.3 “raw”IEEE 802.3 “raw”This follows IEEE standard frame specification without the 802.2header. After the length field, Novell decided to use first 2-byte inthe data portion of the packet, the IPX checksum field, to identifyan 802.3 raw frame using the IPX/SPX protocol. It’s Hex valueis 0xFFFF.
Ethernet IIEthernet IIThis follows the DIX Specification. The frame type field is alwaysgreater than 1500 octets. Novell was assigned Hex 0x8137 valuefor IPX/SPX.
IEEE 802.3 with 802.2IEEE 802.3 with 802.2This follows IEEE standard frame specification with 802.2 header.NetWare IPX/SPX packets contain the Hex value 0xE0E0 in theDSAP & SSAP fields.
IEEE 802.3 with SNAPIEEE 802.3 with SNAPThis follows IEEE standard frame specification with SNAP protocol.The value of DSAP & SSAP fields in 802.2 header are both set to 0xAA.Novell was assigned Hex 0x8137 value in protocol type field for IPX/SPX.
NetWare’s Ethernet Frame Type
35IEEE 802.1v RWU 2002
To perform the calculation, determine the total number of protocol suites on yoursystem. Remember to include the unspecified type for the default VLAN, even ifyou have removed the default VLAN and do not have other VLAN defined withthe unspecified protocol type.
Use the following guideline to count the protocol suites that are used on the Layer-3module :
. IP counts as one protocol suite for IP VLANs . AppleTalk counts as one protocol suite for AppleTalk VLANs . Generic IPX, which uses all four IPX types, counts as four protocol suites. (Each IPX type alone counts as one). To conserve VLAN resources, it is better to specify a specific IPX frame type than to use generic IPX. . DECnet counts as one protocol suite for DECnet VLANs. . The unspecified type of protocol suite counts as one, whether or not the default VLAN or port-based VLANs are defined. Even if you have only the unspecified protocol suite on the system, the limits is still 64 VLANs. . X.25, SNA, Banyan VINES, and NetBIOS each count as one protocol suite for their respective VLANs.
36IEEE 802.1v RWU 2002
Frame Type Value GroupID
Ethernet-2 0800 BEthernet-2 0806 BRFC_1042 0800 BRFC_1042 0806 BLLC_other FEFE CLLC_other FFFF ASNAP_other 00B00001 CSNAP_8021H 80F3 A
Port No GroupID VID VLAN No
1 B 234 1 C 567
2 B 123 567 C 456 A 567
Protocol Group DatabaseProtocol Group Database
37IEEE 802.1v RWU 2002
Protocol Filtering Protocol Filtering SchemeScheme
There are two mechanism :
Forwarding rule is based on mapping either the packet’s Ethernet type or DSAP/SSAP to a port-specific VLAN ID
Filtering technique with mask string
38IEEE 802.1v RWU 2002
Examine Type/Length field?
Decode LSAP
Examine DSSP/SSAP/ Control
ExamineSNAP OUI
SNAP protocolID=0x809B?
AppleTalkencapsulation
Invalidprotocol
=0x080007
=0x000000 for RFC1042=0x0000F8 for IEEE802.1H=others for unknown protocol
=0xFFFF/E0E0 for raw IPX/IPX-II=0xF0F0 for NetBIOS
=0xAAAA03
>=0x06000x5DC<it< 0x600
InvalidType/Length
Y
N
Protocol Classification Protocol Classification AlgorithmAlgorithm
<=0x05DC
