Thursday, June 16, 2011

Chapter 1: Network Fundamentals Review (Part03)

Addressing

Add a note hereThis section describes physical and network layer addressing and how routers use these addresses. The section concludes with a brief introduction to IP addressing.

Add a note here Physical Addresses

Add a note hereMAC addresses were discussed earlier; recall that these are at the data link layer and are considered physical addresses. When a network interface card is manufactured, it is assigned an address—called a burned-in address (BIA)—that doesn’t change when the network card is installed in a device and is moved from one network to another. Typically, this BIA is copied to interface memory and is used as the interface’s MAC address. MAC addresses are analogous to Social Insurance numbers or Social Security numbers—one is assigned to each person, and the numbers don’t change when that person moves to a new house. These numbers are associated with the physical person, not where the person lives.


Note

Add a note hereSome organizations set the MAC addresses of their devices to something other than the BIA (for example, based on the location of the device in the network) for management purposes.


Note

Add a note hereThe top 2 bits of the BIA are not actually part of the OUI. The seventh bit in a BIA is referred to as the universal/locally administered (U/L) bit; it identifies whether the address has been locally or universally assigned. The eighth bit in the BIA is the individual/group (I/G) bit; it identifies whether the address is for an individual device or a group.

Add a note hereKnowing the MAC address assigned to a PC or to a router’s interface doesn’t tell you anything about where it is or what network it is attached to—it can’t help a router determine the best way to send data to it. For that you need logical network layer addresses; they are assigned when a device is installed on a network and should be changed when the device is moved.

Add a note here Logical Addresses

Add a note hereWhen you send a letter to someone, you have to know that person’s postal address. Because every postal address in the world is unique, you can potentially send a letter to anyone in the world. Postal addresses are logical and hierarchical—for example, they include the country, province/state, street, and building/house number. The top portion of Figure 1-14 illustrates Main Street with various houses. All these houses have one portion of their address in common—Main Street—and one portion that is unique—their house number.

Image from book
Add a note hereFigure 1-14: Network Layer Addresses Are Similar to Postal Addresses

Note

Add a note here The terms device, host, and node are used interchangeably to represent the entity that is communicating.

Add a note hereThe lower portion of Figure 1-14 illustrates a network, 17, with various PCs on it. All these PCs have one portion of their address in common—17—and one part that is unique—their device number. Devices on the same logical network must share the same network portion of their address and have different device portions.

Add a note here Routing and Network Layer Addresses

Add a note hereA router typically looks at only the network portion of a destination address. It compares the network portion to its routing table, and if it finds a match, it sends the packet out the appropriate interface, toward its destination.

Add a note hereA router needs to concern itself only with the device portion of a destination address if it is directly connected to the same network as the destination. In this case, the router must send the packet directly to the appropriate device, and it needs to use the entire destination address for this. A router on a LAN uses ARP to determine the MAC address of the device with that IP address and then creates an appropriate frame with that MAC address as the destination MAC address.

Add a note here IP Addresses

Add a note hereIP addresses are network layer addresses. As you saw earlier, IP addresses are 32-bit numbers. As shown in Figure 1-15, the 32 bits are usually written in dotted-decimal notation—they are grouped into 4 octets (8 bits each), separated by dots, and each octet is represented in decimal format. Each bit in the octet has a binary weight (the highest is 128 and the next is 64, followed by 32, 16, 8, 4, 2, and 1). Thus, the minimum value for an octet is 0, and the maximum decimal value for an octet is 255.

Click to collapse
Add a note hereFigure 1-15: 32-Bit IPv4 Addresses Are Written in Dotted-Decimal Notation

Note

Add a note hereThe maximum value of an octet is when all 8 bits are binary 1. The decimal value of an octet is calculated by adding all the weighted bits—in this case, 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255.


Note

Add a note here Appendix B details how to convert between decimal and binary formats and vice versa and provides a decimal-to-binary conversion chart. Appendix B also includes further details on IPv4 addressing.

IP Address Classes

Add a note hereIPv4 addresses are categorized into five classes: A, B, C, D, and E. Only Class A, B, and C addresses are used for addressing devices; Class D is used for multicast groups, and Class E is reserved for experimental use.

Add a note hereThe first octet of an IPv4 address defines which class it is in, as illustrated in Table 1-1 for Class A, B, and C addresses. The address class determines which part of the address represents the network bits (N) and which part represents the host bits (H), as shown in this table. The number of networks available in each class and the number of hosts per network are also shown.

Add a note here Table 1-1: IP Address Classes A, B, and C Are Available for Addressing Devices
Open table as spreadsheet

Add a note hereClass

Add a note hereFormat[*]

Add a note hereHigher-Order Bits

Add a note hereAddress Range

Add a note hereNumber of Networks

Add a note hereNumber of Hosts per Network

Add a note hereA

Add a note hereN.H.H.H

Add a note here0

Add a note here1.0.0.0 to 126.0.0.0

Add a note here126

Add a note here16,777,214

Add a note hereB

Add a note hereN.N.H.H

Add a note here10

Add a note here128.0.0.0 to 191.255.0.0

Add a note here16,386

Add a note here65,534

Add a note hereC

Add a note hereN.N.N.H

Add a note here110

Add a note here192.0.0.0 to 223.255.255.0

Add a note here2,097,152

Add a note here254

Add a note here [*]N=network number bits; H=host number bits


Note

Add a note hereClass A addresses are any addresses that have the higher-order bit set to 0; this would include 0 through 127 in the first octet. However, network 0.0.0.0 is reserved, and network 127.0.0.0 (any address starting with decimal 127) is reserved for loopback functionality. Therefore, the first octet of Class A addresses ranges from 1 to 126.


Note

Add a note hereClass D addresses have higher-order bits 1110 and are in the range of 224.0.0.0 to 239.255.255.255. Class E addresses have higher-order bits 1111 and are in the range of 240.0.0.0 to 255.255.255.255.

Add a note hereFor example, 192.168.5.1 is a Class C address. Therefore, it is in the format N.N.N.H—the network part is 192.168.5 and the host part is 1.

Private and Public IP Addresses

Add a note hereThe IPv4 address space is divided into public and private sections. Private addresses are reserved addresses to be used only internally within a company’s network, not on the Internet. When you want to send anything on the Internet, private addresses must be mapped to a company’s external registered address. Public IPv4 addresses are provided for external communication.


Note

Add a note hereInternet RFC documents are written definitions of the Internet’s protocols and policies. A complete list and the documents themselves can be found at http://www.rfc-editor.org/rfc.html.

Add a note hereNote that all the IP addresses used in this book are private addresses, to avoid publishing anyone’s registered address.

Subnets

Add a note hereAs illustrated in Table 1-1, Class A addresses have little use in a normal organization—most companies would not want one network with more than 16 million PCs on it! This would not be physically possible or desirable. Because of this limitation on addresses when only their class is considered (called classful addressing) and the finite number of such addresses, subnets were introduced by RFC 950, Internet Standard Subnetting Procedure.

Add a note hereClass A, B, and C addresses can be divided into smaller networks, called subnetworks or subnets, resulting in a larger number of possible networks, each with fewer host addresses available than the original network.

Add a note hereThe addresses used for the subnets are created by borrowing bits from the host field and using them as subnet bits; a subnet mask indicates which bits have been borrowed. A subnet mask is a 32-bit value associated with an IP address to specify which bits in the address represent network and subnet bits and which represent host bits. Using subnet masks creates a three-level hierarchy: network, subnet, and host.

Add a note hereThe default subnet masks for Class A, B, and C addresses are shown Table 1-2.

Add a note here Table 1-2: IP Address Default Subnet Masks
Open table as spreadsheet

Add a note hereClass

Add a note hereDefault Mask in Binary Format

Add a note hereDefault Mask in Decimal Format

Add a note hereA

Add a note here11111111.00000000.00000000.00000000

Add a note here255.0.0.0

Add a note hereB

Add a note here11111111.11111111.00000000.00000000

Add a note here255.255.0.0

Add a note hereC

Add a note here11111111.11111111.11111111.00000000

Add a note here255.255.255.0

Add a note hereWhen all of an address’s host bits are 0, the address is for the subnet itself (sometimes called the wire). When all of an address’s host bits are 1, the address is the directed broadcast address for that subnet (in other words, for all the devices on that subnet).


Note

Add a note hereAn IP-directed broadcast is an IP packet destined for all devices on an IP subnet. When the directed broadcast originates from a device on another subnet, routers that are not directly connected to the destination subnet forward the IP-directed broadcast in the same way they would forward unicast IP packets destined for a host on that subnet.

Add a note hereOn Cisco routers, the ip directed-broadcast interface command controls what the last router in the path, the one connected to the destination subnet, does with a directed broadcast packet. If ip directed-broadcast is enabled on the interface, the router changes the directed broadcast to a broadcast and sends the packet, encapsulated in a Layer 2 broadcast frame, onto the subnet. However, if the no ip directed-broadcast command is configured on the interface, directed broadcasts destined for the subnet to which that interface is attached are dropped. In Cisco IOS version 12.0, the default for this command was changed to no ip directed-broadcast.

Add a note here For example, 10.0.0.0 is a Class A address with a default subnet mask of 255.0.0.0, indicating 8 network bits and 24 host bits. If you want to use 8 of the host bits as subnet bits instead, you would use a subnet mask of 11111111.11111111.00000000.00000000, which is 255.255.0.0 in decimal format. You could then use the 8 subnet bits to address 256 subnets. Each of these subnets could support up to 65,534 hosts. The address of one of the subnets is 10.1.0.0; the broadcast address on this subnet is 10.1.255.255.

Add a note hereAnother way of indicating the subnet mask is to use a prefix. A prefix is a slash (/) followed by a numeral that is the number of bits in the network and subnet portion of the address—in other words, the number of contiguous 1s that would be in the subnet mask. For example, the subnet mask of 255.255.240.0 is 11111111.11111111.11110000.00000000 in binary format, which is 20 1s followed by 12 0s. Therefore, the prefix would be /20 for the 20 bits of network and subnet information, the number of 1s in the mask.

Add a note hereIP addressing is further explored in Appendix B; IP address planning is discussed in Chapter 6.


Switching Types

Add a note hereSwitches were initially introduced to provide higher-performance connectivity than hubs because switches define multiple collision domains. Switches have always been able to process data at a faster rate than routers because the switching functionality is implemented in hardware—in Application-Specific Integrated Circuits (ASIC)—rather than in software, which is how routing has traditionally been implemented. However, switching was initially restricted to the examination of Layer 2 frames. With the advent of more powerful ASICs, switches can now process Layer 3 packets, and even the contents of those packets, at high speeds.

Add a note hereThe following sections first examine the operation of traditional Layer 2 switching. Layer 3 switching—which is really routing in hardware—is then explored.

Add a note here Layer 2 Switching

Add a note hereThe heart of a Layer 2 switch is its MAC address table, also known as its content-addressable memory. This table contains a list of the MAC addresses that are reachable through each switch port. Recall that a physical MAC address uniquely identifies a device on a network. When a switch is first powered up, its MAC address table is empty, as shown in Figure 1-16.

Image from book
Add a note hereFigure 1-16: The MAC Address Table Is Initially Empty

Add a note here In this sample network, consider what happens when device A sends a frame destined for device D. The switch receives the frame on port 1 (from device A). Recall that a frame includes the MAC address of the source device and the MAC address of the destination device. Because the switch does not yet know where device D is, the switch must flood the frame out of all the other ports; therefore, the switch sends the frame out of ports 2, 3, and 4. This means that devices B, C, and D all receive the frame. Only device D, however, recognizes its MAC address as the destination address in the frame; it is the only device on which the CPU is interrupted to further process the frame.

Add a note hereIn the meantime, the switch now knows that device A can be reached on port 1 because the switch received a frame from device A on port 1; the switch therefore puts the MAC address of device A in its MAC address table for port 1. This process is called learning—the switch is learning all the MAC addresses it can reach.

Add a note hereAt some point, device D is likely to reply to device A. At that time, the switch receives a frame from device D on port 4; the switch records this information in its MAC address table as part of its learning process. This time, the switch knows where the destination, device A, is; the switch therefore forwards the frame only out of port 1. This process is called filtering—the switch sends the frames out of only the port through which they need to go, when the switch knows which port that is, rather than flooding them out of every port. This reduces the traffic on the other ports and reduces the interruptions that the other devices experience. Over time, the switch learns where all the devices are, and the MAC address table is fully populated, as shown in Figure 1-17.

Image from book
Add a note hereFigure 1-17: The Switch Learns Where All the Devices Are and Populates Its MAC Address Table

Add a note here The filtering process also means that multiple simultaneous conversations can occur between different devices. For example, if device A and device B want to communicate, the switch sends their data between ports 1 and 2; no traffic goes on ports 3 or 4. At the same time, devices C and D can communicate on ports 3 and 4 without interfering with the traffic on ports 1 and 2. Consequently, the network’s overall throughput has increased dramatically.

Add a note hereThe MAC address table is kept in the switch’s memory and has a finite size (depending on the specific switch used). If many devices are attached to the switch, the switch might not have room for an entry for every one, so the table entries time out after a period of not being used. As a result, the most active devices are always in the table.

Add a note hereMAC addresses can also be statically configured in the MAC address table, and you can specify a maximum number of addresses allowed per port. One advantage of static addresses is that less flooding occurs, both when the switch first comes up and because of not aging out the addresses. However, this also means that if a device is moved, the switch configuration must be changed. A related feature available in some switches is the capability to sticky-learn addresses—the address is dynamically learned, as described earlier, but is then automatically entered as a static command in the switch configuration. Limiting the number of addresses per port to one and statically configuring those addresses can ensure that only specific devices are permitted access to the network; this feature is particularly useful when addresses are sticky-learned.

Add a note here Layer 3 Switching

Add a note hereThe functions performed by routers (as described in the earlier “Routing” section) can be CPU-intensive. Offloading the switching of the packet to hardware can result in a significant increase in performance.

Add a note hereA Layer 3 switch performs all the same functions as a router; the differences are in the physical implementation of the device rather than in the functions it performs. Therefore, functionally, the terms router and Layer 3 switch are synonymous.

Add a note hereLayer 4 switching is an extension of Layer 3 switching that includes examination of the contents of the Layer 3 packet. For example, the protocol number in the IP packet header (as described in the “IP Datagrams” section) indicates which transport layer protocol (for example, TCP or UDP) is being used, and the port number in the TCP or UDP segment indicates the application being used (as described in the “TCP/IP Transport Layer Protocols” section). Switching based on the protocol and port numbers can ensure, for example, that certain types of traffic get higher priority on the network or take a specific path.

Add a note hereWithin Cisco switches, Layer 3 switching can be implemented in two different ways—through multilayer switching or through Cisco Express Forwarding, as described in Chapter 4.


Spanning Tree Protocol

Add a note hereThe following sections examine why such a protocol is needed in Layer 2 networks. STP terminology and operation are then introduced.

Add a note here Redundancy in Layer 2 Switched Networks

Add a note hereRedundancy in a network, such as that shown in Figure 1-18, is desirable so that communication can still take place if a link or device fails. For example, if switch X in this figure stopped functioning, devices A and B could still communicate through switch Y. However, in a switched network, redundancy can cause problems.

Image from book
Add a note hereFigure 1-18: Redundancy in a Switched Network Can Cause Problems

Add a note hereThe first type of problem occurs if a broadcast frame is sent on the network. For example, consider what happens when device A in Figure 1-18 sends an ARP request to find the MAC address of device B. The ARP request is sent as a broadcast. Both switch X and switch Y receive the broadcast; for now, consider just the one received by switch X, on its port 1. Switch X floods the broadcast to all its other connected ports; in this case, it floods it to port 2. Device B can see the broadcast, but so can switch Y, on its port 2; switch Y floods the broadcast to its port 1. This broadcast is received by switch X on its port 1; switch X floods it to its port 2, and so forth. The broadcast continues to loop around the network, consuming bandwidth and processing power. This situation is called a broadcast storm.

Add a note hereThe second problem that can occur in redundant topologies is that devices can receive multiple copies of the same frame. For example, assume that neither of the switches in Figure 1-18 has learned where device B is located. When device A sends data destined for device B, switch X and switch Y both flood the data to the lower LAN, and device B receives two copies of the same frame. This might be a problem for device B, depending on what it is and how it is programmed to handle such a situation.

Add a note hereThe third difficulty that can occur in a redundant situation is within the switch itself—the MAC address table can change rapidly and contain wrong information. Again referring to Figure 1-18, consider what happens when neither switch has learned where device A or B is located, and device A sends data to device B. Each switch learns that device A is on its port 1, and each records this in its MAC address table. Because the switches don’t yet know where device B is, they flood the frame—in this case, on their port 2. Each switch then receives the frame from the other switch on its port 2. This frame has device A’s MAC address in the source address field; therefore, both switches now learn that device A is on their port 2. As a result, the MAC address table is overwritten. Not only does the MAC address table have incorrect information (device A is actually connected to port 1, not port 2, of both switches), but because the table changes rapidly, it might be considered unstable.

Add a note hereTo overcome these problems, you must have a way to logically disable part of the redundant network for regular traffic while maintaining redundancy for the case when an error occurs. STP does just that.

Add a note here STP Terminology and Operation

Add a note hereThe following sections introduce the IEEE 802.1d STP terminology and operation.

STP Terminology

Add a note hereSTP terminology can best be explained by examining how a sample network, such as the one shown in Figure 1-19, operates.

Click to collapse
Add a note hereFigure 1-19: STP Chooses the Port to Block

Note

Add a note here Notice that STP terminology refers to the devices as bridges rather than switches.

Add a note hereWithin an STP network, one switch is elected as the root bridge—it is at the root of the spanning tree. All other switches calculate their best path to the root bridge. Their alternative paths are put in the blocking state. These alternative paths are logically disabled from the perspective of regular traffic, but the switches still communicate with each other on these paths so that the alternative paths can be unblocked in case an error occurs on the best path.

Add a note hereAll switches running STP (it is turned on by default in Cisco switches) send out Bridge Protocol Data Units (BPDU). Switches running STP use BPDUs to exchange information with neighboring switches. One of the fields in the BPDU is the bridge identifier (ID); it comprises a 2-octet bridge priority and a 6-octet MAC address. STP uses the bridge ID to elect the root bridge—the switch with the lowest bridge ID is the root bridge. If all bridge priorities are left at their default values, the switch with the lowest MAC address therefore becomes the root bridge. In Figure 1-19, switch Y is elected as the root bridge.

Add a note hereAll the ports on the root bridge are called designated ports, and they are all in the forwarding state—that is, they can send and receive data. The STP states are described in the next section.

Add a note hereOn all nonroot bridges, one port becomes the root port, and it is also in the forwarding state. The root port is the one with the lowest cost to the root. The cost of each link is by default inversely proportional to the link’s bandwidth, so the port with the fastest total path from the switch to the root bridge is selected as the root port on that switch. In Figure 1-19, port 1 on switch X is the root port for that switch because it is the fastest way to the root bridge.


Note

Add a note here If multiple ports on a switch have the same fastest total path costs to the root bridge, STP considers other BPDU fields. STP looks first at the bridge IDs in the received BPDUs (the bridge IDs of the next switch in the path to the root bridge); the port that received the BPDU with the lowest bridge ID becomes the root port. If these bridge IDs are also equal, the port ID breaks the tie; the port with the lower port ID becomes the root port. The port ID field includes a port priority and a port index, which is the port number. Therefore, if the port priorities are the same (for example, if they are left at their default value), the lower port number becomes the root port.

Add a note hereEach LAN segment must have one designated port. It is on the switch that has the lowest cost to the root bridge (or, if the costs are equal, the port on the switch with the lowest bridge ID is chosen), and it is in the forwarding state. In Figure 1-19, the root bridge has designated ports on both segments, so no more are required.


Note

Add a note hereThe root bridge sends configuration BPDUs on all its ports periodically—every 2 seconds, by default. These configuration BPDUs include STP timers, therefore ensuring that all switches in the network use the same timers. On each LAN segment, the switch that has the designated port forwards the configuration BPDUs to the segment; every switch in the network therefore receives these BPDUs on its root port.

Add a note hereAll ports on a LAN segment that are not root ports or designated ports are called nondesignated ports and transition to the blocking state—they do not send data, so the redundant topology is logically disabled. In Figure 1-19, port 2 on switch X is the nondesignated port, and it is in the blocking state. Blocking ports do, however, listen for BPDUs.

Add a note hereIf a failure happens—for example, if a designated port or a root bridge fails—the switches send topology change BPDUs and recalculate the spanning tree. The new spanning tree does not include the failed port or switch, and the ports that were previously blocking might now be in the forwarding state. This is how STP supports the redundancy in a switched network.

STP States

Add a note here Figure 1-20 illustrates the various STP port states.

Click to collapse
Add a note hereFigure 1-20: A Port Can Transition Among STP States

Add a note here When a port initially comes up, it is put in the blocking state, in which it listens for BPDUs and then transitions to the listening state. A blocking port in an operational network can also transition to the listening state if it does not hear any BPDUs for the max-age time (a default of 20 seconds). While in the listening state, the switch can send and receive BPDUs but not data. The root bridge and the various final states of all the ports are determined in this state.

Add a note hereIf the port is chosen as the root port on a switch, or as a designated port on a segment, that port transitions to the learning state after the listening state. In the learning state, the port still cannot send data, but it can start to populate its MAC address table if any data is received. The length of time spent in each of the listening and learning states is dictated by the value of the forward-delay parameter, which is 15 seconds by default. After the learning state, the port transitions to the forwarding state, in which it can operate normally. Alternatively, if in the listening state the port is not chosen as a root port or designated port, it becomes a nondesignated port and transitions back to the blocking state.

Add a note here Several features and enhancements to STP are implemented on Cisco switches to help to reduce the convergence time—the time it takes for all the switches in a network to agree on the network’s topology after that topology has changed.

Rapid STP

Add a note hereRapid STP (RSTP) is defined by IEEE 802.1w. RSTP incorporates many of the Cisco enhancements to STP, resulting in faster convergence. Switches in an RSTP environment converge quickly by communicating with each other and determining which links can forward, rather than just waiting for the timers to transition the ports among the various states. RSTP ports take on different roles than STP ports. The RSTP roles are root, designated, alternate, backup, and disabled. RSTP port states are also different from STP port states. The RSTP states are discarding, learning, and forwarding. RSTP is compatible with STP. For example, 802.1w alternate and backup port states correspond to the 802.1d blocking port state.

Virtual LANs

Add a note hereAs noted earlier, a broadcast domain includes all devices that receive each others’ broadcasts (and multicasts). All the devices connected to one router port are in the same broadcast domain. Routers block broadcasts (destined for all networks) and multicasts by default; routers forward only unicast packets (destined for a specific device) and packets of a special type called directed broadcasts. Typically, you think of a broadcast domain as being a physical wire, a LAN. But a broadcast domain can also be a VLAN, a logical construct that can include multiple physical LAN segments.

Add a note here Figure 1-21 illustrates the VLAN concept. On the left side of the figure, three individual physical LANs are shown, one each for Engineering, Accounting, and Marketing. These LANs contain workstations—E1, E2, A1, A2, M1, and M2—and servers—ES, AS, and MS. Instead of physical LANs, an enterprise can use VLANs, as shown on the right side of the figure. With VLANs, members of each department can be physically located anywhere, yet still be logically connected with their own workgroup. Therefore, in the VLAN configuration, all the devices attached to VLAN E (Engineering) share the same broadcast domain, the devices attached to VLAN A (Accounting) share a separate broadcast domain, and the devices attached to VLAN M (Marketing) share a third broadcast domain. Figure 1-21 also illustrates how VLANs can span multiple switches; the link between the two switches in the figure carries traffic from all three of the VLANs and is called a trunk.

Click to collapse
Add a note hereFigure 1-21: A VLAN Is a Logical Implementation of a Physical LAN

Add a note here VLAN Membership

Add a note hereStatic port membership means that the network administrator configures which VLAN the port belongs to, regardless of the devices attached to it. This means that after you have configured the ports, you must ensure that the devices attaching to the switch are plugged into the correct port, and if they move, you must reconfigure the switch.

Add a note hereAlternatively, you can configure dynamic VLAN membership. Some static configuration is still required, but this time, it is on a separate device called a VLAN Membership Policy Server (VMPS). The VMPS could be a separate server, or it could be a higher-end switch that contains the VMPS information. VMPS information consists of a MAC address–to–VLAN map. As a result, ports are assigned to VLANs based on the MAC address of the device connected to the port. When you move a device from one port to another port (either on the same switch or on another switch in the network), the switch dynamically assigns the new port to the proper VLAN for that device by consulting the VMPS.

Add a note here Trunks

Add a note here As mentioned earlier, a port that carries data from multiple VLANs is called a trunk. A trunk port can be on a switch, a router, or a server. A trunk port can use one of two protocols: Inter-Switch Link (ISL) or IEEE 802.1Q.

Add a note hereISL is a Cisco-proprietary trunking protocol that involves encapsulating the data frame between an ISL header and trailer. The header is 26 bytes long; the trailer is a 4-byte cyclic redundancy check that is added after the data frame. A 15-bit VLAN ID field is included in the header to identify the VLAN that the traffic is for. (Only the lower 10 bits of this field are used, thus supporting 1024 VLANs.)

Add a note hereThe 802.1Q protocol is an IEEE standard protocol in which the trunking information is encoded within a Tag field inserted inside the frame header itself. Trunks using the 802.1Q protocol define a native VLAN. Traffic for the native VLAN is not tagged; it is carried across the trunk unchanged. Consequently, end-user stations that don’t understand trunking can communicate with other devices directly over an 802.1Q trunk as long as they are on the native VLAN. The native VLAN must be defined to be the same VLAN on both sides of the trunk. Within the Tag field, the 802.1Q VLAN ID field is 12 bits long, allowing up to 4096 VLANs to be defined. The Tag field also includes a 3-bit 802.1p user priority field; these bits are used as class of service (CoS) bits for QoS marking. (Chapter 4 describes QoS.)

Add a note hereThe two types of trunks are not compatible with each other, so both ends of a trunk must be defined with the same trunk type.


Note

Add a note hereMultiple switch ports can be logically combined so that they appear as one higher-performance port. Cisco does this with its EtherChannel technology, combining multiple Fast Ethernet or Gigabit Ethernet links. Trunks can be implemented on both individual ports and on these EtherChannel ports.

Add a note here STP and VLANs

Add a note hereCisco developed per-VLAN spanning tree (PVST) so that switches can have one instance of STP running per VLAN, allowing redundant physical links within the network to be used for different VLANs and thus reducing the load on individual links. PVST is illustrated in Figure 1-22.

Click to collapse
Add a note hereFigure 1-22: PVST Allows Redundant Physical Links to Be Used for Different VLANs

Add a note here The top diagram in Figure 1-22 shows the physical topology of the network, with switches X and Y redundantly connected. In the lower-left diagram, switch Y has been selected as the root bridge for VLAN A, leaving port 2 on switch X in the blocking state. In contrast, the lower-right diagram shows that switch X has been selected as the root bridge for VLAN B, leaving port 2 on switch Y in the blocking state. With this configuration, traffic is shared across all links, with traffic for VLAN A traveling to the lower LAN on switch Y’s port 2, whereas traffic for VLAN B traveling to the lower LAN goes out switch X’s port 2.

Add a note herePVST works only over ISL trunks. However, Cisco extended this functionality for 802.1Q trunks with the PVST+ protocol. Before this became available, 802.1Q trunks supported only Common Spanning Tree, with one instance of STP running for all VLANs.

Add a note hereMultiple-Instance STP (MISTP) is an IEEE standard (802.1s) that uses RSTP and allows several VLANs to be grouped into a single spanning-tree instance. Each instance is independent of the other instances so that a link can forward for one group of VLANs while blocking for other VLANs. MISTP therefore allows traffic to be shared across all the links in the network, but it reduces the number of STP instances that would be required if PVST/PVST+ were implemented.

Add a note hereRapid per-VLAN Spanning Tree Plus (RPVST+) is a Cisco enhancement of RSTP, using PVST+.

Add a note here Inter-VLAN Routing

Add a note hereA Layer 3 device can be connected to a switched network in two ways: by using multiple physical interfaces or through a single interface configured as a trunk. These two connection methods are shown in Figure 1-23. The diagram on the left illustrates a router with three physical connections to the switch; each physical connection carries traffic from only one VLAN.

Click to collapse
Add a note hereFigure 1-23: A Router, Using Either Multiple Physical Interfaces or a Trunk, Is Required for Communication Among VLANs

Add a note hereThe diagram on the right illustrates a router with one physical connection to the switch. The interfaces on the switch and the router have been configured as trunks; therefore, multiple logical connections exist between the two devices. When a router is connected to a switch through a trunk, it is sometimes called a “router on a stick,” because it has only one physical interface (a stick) to the switch.

Add a note hereEach interface between the switch and the Layer 3 device, whether physical interfaces or logical interfaces within a trunk, is in a separate VLAN and therefore in a separate subnet for IP networks.

No comments:

Post a Comment