VLAN 介绍

VLANkevin4.15AgendaIntroductionWhat’svlanWhyuservlanMembershipHowvlanworksRelativeissues—belkinQ&AIntroductionToday,LocalAreaNetworksaredefinedasasinglebroadcastdomain.Thismeansthatifauserbroadcastsinformationonhis/herLAN,thebroadcastwillbereceivedbyeveryotheruserontheLAN.BroadcastsarepreventedfromleavingaLANbyusingarouter.Thedisadvantageofthismethodisroutersusuallytakemoretimetoprocessincomingdatacomparedtoabridgeoraswitch.What’svlan?VLAN'sallowanetworkmanagertologicallysegmentaLANintodifferentbroadcastdomainsVLAN'salsoallowbroadcastdomainstobedefinedwithoutusingrouters.Bridgingsoftwareisusedinsteadtodefinewhichworkstationsaretobeincludedinthebroadcastdomain.RouterswouldonlyhavetobeusedtocommunicatebetweentwoVLAN'sWhyuseVLAN's?VLAN'sofferanumberofadvantagesovertraditionalLAN's.Theyare:PerformanceFormationofVirtualWorkgroupsSimplifiedAdministrationReducedCostSecurityVLANMembershipMembershipbyportgroupMembershipbasedonMAC-layeraddressLayerthreebasedVLANsIPmulticastgroupsasVLANsMembershipbyPortGroupManyinitialVLANimplementationsdefineVLANmembershipbygroupsofswitchports(e.G.,Ports1,2,3,7,and8onaswitchequatetoVLANA,whileports4,5,and6equalVLANB).TheprimarylimitationofVLANsdefinedbyportisthatthenetworkmanagermustreconfigureVLANmembershipwhenausermovesfromoneporttoanother.ByMACAddressVLANsbasedonMACaddressesenablenetworkmanagerstomoveaworkstationtoadifferentphysicallocationonthenetworkandhavethatworkstationautomaticallyretainitsVLANmembership.OneofthedrawbacksofMAC-addressbasedVLANsolutionsistherequirementthatallusersmustbeinitiallyconfiguredtobeinaVLAN(s)fromtheoutset.根据网络层划分VLAN这种划协议类分VLAN的方法是根据每个主机的网络层地址或型(如果支持多协议)划分的虽然这种划分方法可能是根据网络地址比如IP地址但它不是路由不要与网络层的路由混淆.这种方法的缺点是效率因为检查每一个数据包的网络层地址是很费时的(相对于前面两种方法)一般的交换机芯片都可以自动检查网络上数据包的以太网帧头但要让芯片能检查IP帧头需要更高的技术同时也更费时当然这也跟各个厂商的实现方法有关.IP组播作为VLANIP组播实际上也是一种VLAN的定义即认为一个组播组就是一个VLAN这种划分的方法将VLAN扩大到了广域网因此这种方法具有更大的灵活性而且也很容易通过路由器进行扩展当然这种方法不适合局域网主要是效率不高对于局域网的组播有二层组播协议GMRP.Dynamic!?HowVLAN'sworkRegardingIEEE802.1Qstandard,Tag-basedVLANusesanextratagintheMACheadertoidentifytheVLANmembershipofaframeacrossbridges.1.TPID:TPIDhasadefinedvalueof8100inhex.WhenaframehastheEtherTypeequalto8100,thisframecarriesthetagIEEE802.1Q/802.1P.TPID=tagprotocolID2.Priority:ThefirstthreebitsoftheTCIdefineuserpriority,givingeight(2^3)prioritylevels.IEEE802.1Pdefinestheoperationforthese3userprioritybits.3.CFI:CanonicalFormatIndicatorisasingle-bitflag,alwayssettozeroforEthernetswitches.4.VID:VLANIDistheidentificationoftheVLAN,whichisbasicallyusedbythestandard802.1Q.Ithas12bitsandallowtheidentificationof4096(2^12)VLANs.Ofthe4096possibleVIDs,aVIDof0isusedtoidentifypriorityframesandvalue4095(FFF)isreserved,sothemaximumpossibleVLANconfigurationsare4,094.AccordingtotheVIDinformationinthetag,theswitchforwardandfiltertheframesamongports.TheseportswithsameVIDcancommunicatewitheachother.IEEE802.1QVLANfunctioncontainsthtasks,IngressProcess,ForwardingefollowingthreeProcessandEgressProcess.IngressProcessa)sendtoforwardprocessb)inserttagifthepackethasnotagbuttheportneedtagForwardingProcessTheForwardingProcessdecidetofrowthetheFilteringDatabase.ardthereceivedframesaccordingtoEgressProcessTheEgressProcessdecideiftheoutgoingframesbutbesenttaggedoruntagged.EgressProcessrefertotheegresstagcontrolinformationinFilteringDatabase.Ifthevalueistagged,theoutgoingframeontheegressportistagged.Ifthevalueisuntagged,thetagwillberemovedbeforeframeleavestheegressport.Relativeissues--belkinMaingoodness:reducechipcost?vlan0Linkencap:EthernetHWaddr00:90:96:52:2C:49UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:0errors:0dropped:0overruns:0frame:0TXpackets:0errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:0RXbytes:0(0.0b)TXbytes:0(0.0b)vlan1Linkencap:EthernetHWaddr00:90:96:52:2C:49UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:0errors:0dropped:0overruns:0frame:0TXpackets:0errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:0RXbytes:0(0.0b)TXbytes:0(0.0b)Eth1Br0eth0wlan0wanlan1-4wlanBr0eth1eth0wlan0wanlan1-4wlanNATBridgewanBr0eth0wlan0wanlan1-4wlanBr0eth0wlan0wanlan1-4wlanNATBridgeQ&AReference802.1qIEEE802.1QTag-basedVLAN://