Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Bridging Protocols Overview Bridge Functions Consortium Bridging Protocols Filtering Database (802.1Q/802.1D) Spanning Tree Protocol (802.1D clauses 8 & 9) VLANs (802.1Q) GARP/GVRP (802.1D clause 12/802.1Q clause 11) GARP/GMRP (802.1D clause 10 & 12) Link Aggregation (802.3ad) Bridging History Back in the days before Ethernet was the clear winning technology on the LAN, Token Ring and FDDI were popular This meant two different methods of bridging 1) Source Route Bridging a. 2) Used by Token Ring and FDDI Transparent Bridging a. Used by Ethernet Source Route Bridging Source Route Bridging allows load balancing to avoid congestion. This is done by routing packets over two or more routes to a destination. Source LAN Switch 2 Switch 1 Switch 3 Destination LAN Server Transparent Bridging The transparent bridging method follows the plug and play philosophy. Each bridge contains one (or more) Filtering Databases that learn and remember MAC addresses on its networks. Forwarding decisions are then made with consultation of the Filtering Database. If a destination MAC address has been learned, the packet is then forwarded out of that port. These addresses then will be cleared from the Filtering Database if they are not active for a specific amount of time. This range is defined by Aging Time, which can be set in the management. Filtering Database One database contains MAC addresses, which port they’re on, and if they’re active or disabled Duplicate MAC addresses not allowed (the second one would replace the first) Entry 1 2 3 4 5 6 7 8 9 10 11 12 MAC Addr 0800900A2580 002034987AB1 00000C987C00 00503222A001 Port 1 1 2 2 active yes yes yes yes Learning of Addresses The Filtering Database learns a station’s location from the source address on an incoming frame Frame with source address 00Frames 22 22 33 33the 44 destination is with received 1. 33 33 44 are addresson 00Port 22 22 Destination addresson notport yet 1learned. only forwarded This source addressout is all ports. Packet is forwarded “learned” by the filtering database. All future frames Frame with destination address destined for this MAC address 00 22 22 33 33 44 is received will be forwarded ONLY out of on Port 4. this Port. Port 1 Switch Port 4 Multicast Frames Multicast Frames originate from one source and have the possibility of going to more than one destination. An example of this is the Spanning Tree BPDU. Switch 2 Switch 3 Switch 4 Shared LAN Switch 1 The Permanent Database Upon Bridge Initialization, a reserved block of Multicast Addresses is transferred to the Filtering Database Assignment Bridge Group Address (Span. Tree) IEEE Std. 802.3, Full Duplex Pause Operation Slow Protocols Multicast Address Reserved for future standardization 01 01 01 01 01 Value 80 C2 00 00 80 C2 00 00 80 C2 00 00 80 C2 00 00 To 80 C2 00 00 00 01 02 03 0F Currently only 3 of these multicast addresses are standardized. The rest are reserved for future use. Frames containing these addresses in the source are never learned or forwarded. Basic/Extended Filtering Services Bridges that support Basic Filtering Services can dynamically learn all MAC addresses except those from the Permanent Database These addresses can also be statically configured so that they do not age out Switches filtering frames from the Permanent Database are said to support Basic Filtering Services Extended Filtering Services are implemented by devices that support advanced features like GARP Aging Time Aging time is defined as a range of 10 to one million seconds One million seconds = 11 days 13 hrs 46 min and 40 sec The default time is 300 seconds The Filtering Database starts aging time when an address is learned and resets it whenever another frame arrives on that port Why is aging time important? When aging time expires, the address and port are discarded from the Filtering Database. Filtering Database Review Every bridge has a table called a Filtering Database Entries in this table are updated upon receipt of frames, the source addresses and the ports they arrive on are learned Once a MAC address is associated with a port, frames containing that destination address are only forwarded out of that port Filtering Database Review (cont.) In real switches these tables vary in size, most have the capability of holding several thousand MAC addresses. I’ve seen one that has the capacity to learn more than 150,000 addresses (3Com9100). Spanning Tree Protocol (STP) “An algorithm,…, used to prevent logic loops in a bridged network by creating a spanning tree… When multiple paths exist,…, STA lets a bridge use only the most efficient one. If that path fails, STA automatically reconfigures the network to make another path become active, sustaining network operations…” Definition of Spanning Tree Algorithm from Newton’s Telecom Dictionary. The Spanning Tree Poem I think that I shall never see A graph more lovely than a tree. A tree whose crucial property Is loop-free connectivity. A tree that must be sure to span So packets can reach every LAN. First, the root must be selected. By ID, it is elected. Least-cost paths from root are traced. In the tree, these paths are placed. A mesh is made by folks like me, Then bridges find a spanning tree. -Radia Perlman What is a Spanning Tree? Only one active path exists between any two devices. Resembles a family tree. (problems arise in both when loops occur) Why Spanning Tree? The purpose of Spanning Tree is to have bridges dynamically discover a subset of the topology that is loop-free and yet has just enough connectivity so that there is a path between every pair of nodes in the LAN. How does Spanning Tree work? The basic idea behind the Spanning Tree Protocol is that bridges transmit special messages to each other that allow them to calculate a spanning tree Configuration Bridge Protocol Data Units (BPDUs) Sometimes referred to a Config. BPDUs STP Example Root C A B D E F Port States Bridge ports operate the Spanning Tree Algorithm using the following states: Blocking – incoming frames are discarded Listening – incoming frames are discarded, but the port is in the process of transitioning to Learning Learning – incoming frames are discarded, but their source addresses and ports are placed in the Filtering Database Forwarding – incoming frames are forwarded, source addresses are learned Disabled – the port is disabled by management Configuration BPDUs The Configuration BPDU contains enough info so that bridges can do the following: 1) 2) 3) 4) 5) Elect a single bridge to be Root Bridge Calculate the distance of the shortest path from themselves to the Root Bridge Elect a Designated Bridge for each LAN segment, which is the bridge in the LAN segment closest to the Root Bridge, to forward packets from that LAN segment toward the Root Bridge. Choose the port, called the root port, that gives the best path from themselves to the Root Bridge. Select ports to be included in the spanning tree. These include only root ports and designated ports. Inside Config BPDUs Destination MAC Address: 01 80 C2 00 00 00 Special Multicast address for Spanning Tree Root ID ID of the bridge assumed to be root Bridge ID ID of the bridge transmitting BPDU Cost Cost of least-cost path to the root from the transmitting bridge (at least the best path of which the transmitting bridge is currently aware of) Inside Config BPDUs Protocol ID = 0x0000 Protocol Version ID and BPDU Type = 0x00 If transmitting bridge is Root, Message Age = Zero, otherwise it is set to the value of the Root Port’s Message Age timer plus an increment of one* Path Cost Path costs are designed to be associated with the speed of the link Link Speed Recommended value Recommended range Range 4 Mb/s 250 100–1000 1–65 535 10 Mb/s 100 50–600 1–65 535 16 Mb/s 62 40–400 1–65 535 100 Mb/s 19 10–60 1–65 535 1 Gb/s 4 3–10 1–65 535 10 Gb/s 2 1–5 1–65 535 Bridge Initialization Root ID set to Bridge ID Root Path Cost set to zero All ports on bridge become designated ports Configuration BPDU transmitted on each designated port Hello Timer is started How this all works together A bridge continuously receives Configuration BPDUs on each of its ports and saves the “best” configuration message from each port. The bridge determines the best configuration message by comparing not only the Configuration BPDUs received on a particular port, but also the configuration message that the bridge would transmit on that port. How is “best” determined? Given two Configuration BPDUs—C1 and C2— C1 is the “best” if: the root ID in C1 is numerically lower then the root ID in C2 If the root IDs are equal, then if the cost in C1 is numerically lower than the cost in C2 If the root IDs and cost are equal, then if the Bridge ID in C1 is numerically lower than the Bridge ID in C2 The final tiebreaker is the port ID. Each port on a switch has a port ID. Useful if two ports from the same switch are on one LAN segment. Transmitting BPDUs If Hold Timer is active the Configuration BPDU will be transmitted upon expiration. Ensures no more than one Configuration BPDU is transmitted per Hold Time period Transmit only if Message Age < Max Age After transmission Hold Timer is reset BPDU Processing Received Configuration BPDU is checked against stored BPDU If the received BPDU is better or the same but with a smaller age, then stored BPDU is overwritten Bridge then recalculates root, root path cost, and root port Message Age Each Configuration BPDU contains a message age field Incremented after every unit of time If message age = max age then the BDPU is discarded “Root” or “Path to Root” Fails Bridge will no longer receive fresh BPDUs Gradually increases message age on currently stored Configuration BPDU When max age occurs bridge will recalculate root, root path cost, and root port Hello Time/Root BPDU Propagation The Root Bridge periodically transmits Configuration BPDUs every hello time When the Root Bridge generates a Configuration BPDU the message age field is set to 0 Upon receipt, Bridge will transmit Configuration BPDU on each port for which it is the Designated Bridge, and increment the message age by at least one* Designated Bridge Topology Change? Stopping Loops during Topology Change Use two substates: Listening and Learning Data received while in these states is not forwarded Received Configuration BPDUs are stored Root, root path cost, and root port are calculated Topology Change Procedure 1) 2) Bridge notices that the Spanning Tree algorithm has caused it to transition a port into or out of the blocking state Bridge periodically transmits a Topology Change Notification BPDU with same period as hello time. It continues this until the Root bridge acknowledges by setting the topology change bit in its Configuration BPDUs. Topology Change Procedure 3) (cont.) A bridge that receives a Topology Change Notification BPDU on a port for which it is the Designated Bridge does two things: 1) 2) Performs step 2 from previous slide (notifies the root bridge of topology change) Sets the topology change acknowledgement flag in the next Configuration BPDU it transmits on the LAN from which the Topology Change Notification BPDU was received Topology Change Procedure 4) (cont.) Root Bridge sets the topology change flag in its Configuration BPDUs for a period equal to the sum of forward delay and max age, if the Root Bridge a. b. Notices a topology change because one of its ports has changed state, or Receives a topology change notification message Topology Change Procedure 5) (cont.) A bridge that is receiving Configuration BPDUs with the topology change flag set (or the Root Bridge that is setting the topology change flag in its Configuration BPDUs) uses the forward delay timer until it starts receiving Configuration BPDUs without the topology change flag set Networkwide Parameters For correct operation some parameters need to be uniform throughout the Spanning Tree. The Root Bridge includes the following values in its Configuration BPDUs: 1) 2) 3) Max age: time after which Configuration BPDUs are discarded Hello time: interval, used by the Root Bridge, between issuing Configuration BPDUs Forward Delay: amount of time in learning and listening states (half the time of transition from blocking to forwarding) Management Parameters Bridge priority: a 2-octet value that allows the network admin. to influence the choice of the Root Bridge and the Designated Bridge Port Priority: a 1-octet value that allows the network admin. to influence the choice of port when a bridge has two ports connected to the same LAN segment Why eliminate Loops? Loops cause traffic to build up in a network until the network no longer function due to full bandwidth usage LAN Connection A Incoming broadcast frame B Performance Issues Two properties make bridge performance crucial: 1) 2) Lack of receipt of BPDUs causes bridges to add connectivity. If a bridge does not receive any Configuration BPDUs on some port it will take over as the Designated Bridge on that port. Extra connectivity will cause loops What affects Bridge Performance? Network Congestion Bridge will discard packets before looking at them if CPU can’t keep up Bridge must be able to transmit BPDUs no matter how congested the network is This involves being able to move BPDUs to the front of the queue VLANs (Virtual Local Area Network) “A means by which LAN users on different physical LAN segments are afforded priority access privileges across the LAN backbone in order that they appear to be on the same physical segment on an enterprise-level logical LAN. VLAN solutions, which are priority in nature, are implemented in LAN switches, and VLAN membership is defined by the LAN administrator on the basis of either port address or MAC address.” Definition of VLAN from Newton’s Telecom Dictionary. How VLANs work: 1) 2) LAN Bridge receives tagged data from workstation Bridge reads current tag, and forwards data with a VLAN ID (tag) corresponding to the VLAN the data came from (explicit tagging) OR 1) LAN Bridge receives untagged data from workstation 2) Bridge determines the VLAN membership of data by noting the port on which it arrives (implicit tagging) Basic VLAN Concepts Port-based VLANs Tagged Frames Allow for multiple VLANs to cross one link Access Links VLAN ID and Priority info is inserted (4 bytes) Trunk Links Each port on a switch is in one and only one VLAN (except trunk links) The edge of the network, where legacy devices attach Hybrid Links Combo of Trunk and Access Links Basic VLAN Concepts Priority-tagged frame tag header carries priority info., but no VLAN ID VLAN-tagged frame (cont.) tag header carries both VLAN ID and priority info. Port VLAN ID (PVID) provides the VID for untagged and prioritytagged frames received on that Port Trunk Link Attaches two VLAN-aware switches Carries Tagged frames ONLY. Access Links Access Links are Untagged for VLAN unaware devices The VLAN switch adds Tags to received frames, and removes Tags when transmitting frames. VLAN ID (Tag) 4 Bytes inserted after Destination and Source Address Length/Type Field VLANs = 0x8100 Priority Bit Range: 0-7 VLAN ID Range: 0-4094 Tagging Conversions Port VLAN ID Each port has a VLAN ID configured on it Indicates which VLAN untagged data should be associated with Does not constrain the port to a specific VLAN, nor does it mean that only untagged data can be processed Sample VLANs Traffic Segregation Workgroups: Physically Defined A mobile user from workgroup C, in building 2, needs to do work in building 1. By physically changing buildings he must change the workgroup section of the LAN which he/she is in. VLANs: Logically Defined With VLANs he/she can physically change buildings, but remain in the same workgroup. Broadcast Domains (Layer 2) broadcast domain: a network (or portion of a network) that will receive a broadcast packet from any node located within that network broadcast packet: an Ethernet packet sent to the broadcast address (FF:FF:FF:FF:FF:FF) which designates the packet as destined for all nodes in the broadcast domain Constricting Broadcast Domains What defines the edge of a layer 2 broadcast domain? Router: does not forward layer 2 broadcast frames Filtering Database: by configuring the broadcast address to be not forwarded VLANs: broadcast packets are tagged so they do not leave the configured topology of the VLAN Security Data is contained in the VLAN’s topology By allotting sensitive data its own VLAN, only those nodes in the VLAN will see it. GARP/GVRP Generic Attribute Registration Protocol GARP VLAN Registration Protocol How does GARP work? Devices declare their desire for a given attribute by making a declaration Done by issuing a Join event Declarations can be withdrawn by issuing a Leave event Devices enter a registration for an attribute on a given port when they hear a declaration for the attribute on that port GARP General-purpose protocol that supports a specific class of applications within bridges Defines a subset of the spanning tree that contains devices interested in a given network commodity Referred to as an attribute GVRP GARP VLAN Registration Protocol Disadvantages to Static VLANs Static VLANs are created via management Must be maintained by a network admin Static VLANs must be reconfigured for every network topology change GVRP Simplifies All This! GVRP creates dynamic VLANs No manual configuration needed GVRP is maintained by the devices themselves Topology change? No problem, GVRP recreates the dynamic VLAN automatically What can GVRP do for you? Allows the creation of VLANs with a specific VID and a specific port, based on updates from GVRP-enabled devices. Advertises manually configured VLANs to other GVRP-enabled device. As a result of this the GVRP-enable devices in the core of the network need no manual configuration in order to inter-operate. GVRP Info GVRP is a GARP application that registers attributes for dynamic VLANs GVRP deals only with the management of dynamic VLANs Everything that you have learned about static VLAN packet format and transmission applies How GVRP does all this: The method of advertisement used by GVRP-enabled devices consists of sending Protocol Data Units (PDUs), similar to Spanning Tree BPDUs, to a known multicast MAC address (01 80 C2 00 00 21) to which all GVRP-enabled devices listen to for updates. GVRP advertisement follows the definition of GARP. What do these PDUs contain? A single PDU may contain several different messages telling the GVRP-enabled device to perform a specific action. Join: register the port for the specified VLAN Leave: de-register the port for the specified VLAN LeaveAll: de-register all VLAN registrations on that port Empty: request to re-advertise dynamically and statically configured VLANs Windows screenshot —> Vendors (current): Cisco Systems, 3Com and Hewlett Packard Several others are developing working implementations also. Industry Implementation Example 3Com manufactures Network Interface Cards that take advantage of GVRP Accessed via the Control Panel (DynamicAccess ) Extremely easy to configure ® Example: GARP/GVRP S E E RED S S E E GOLD THE END Any Questions?