VLAN 1v

Protocol-based VLAN (IEEE 802.
1v)
by Robert Wu ()
August 30, 2002
IEEE 802.1v RWU 2002
AGENDA
I. II. Virtual LAN Concept Ethernet Frame Format
III. How to Implement Protocol-based VLAN
Standard & References

1. IEEE Draft P802.1v/D6 Standard for Supplement to IEEE 802.1Q VLAN Classification by Protocol & Port
Nov. 28, 2000
2. 3.
IEEE Standards for Local & Metropolitan Area Networks : Virtual Bridged Local Area Networks July, 1998 IEEE Standard Frame Extensions for Virtual Bridged Local Area Network (VLAN) Tagging on 802.3 Networks IEEE std 802.3ac-1998 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks RFC 1042, Feb. 1988 Recommended Practice for MAC Bridging of Ethernet V2.0 in IEEE 802 Local Area Networks IEEE802.1H, 1995 Draft Standard for Local & Metropolitan Area Networks: Overview and Architecture IEEE P802/D29, 2001 The Switch Book by Rich Seifert 2000
3
4. 5. 6. 7.
Virtual LAN Concept

VLAN technology allows users to separate logical connectivity from physical connectivity. Users are still connected via physical cables to physical wiring devices, but the connectivity view from application is no longer restricted to the bounds of physical topology.
ES #1
2 9
ES #2
13 10 11 12 14 15 16 17
ES #3
18 19
VLAN Membership Port-based VLAN MAC-based VLAN Protocol-based VLAN Layer-3(Network)-based VLAN Application-based VLAN
Tagged Ethernet Frame Format

7 octets
1 octet 6 octets 6 octets 2 octets 2 octets 2 octets
Preamble SFD
Destination Address Source Address

802.1Q Tag Type
TAG Control Information
81-00 TCI
MAC Length/Type
42-1500 octets
MAC client data

FCS
4 octets
Tagged Frame Format(Cont)
User_priority
C F I
VLAN Identifier(VID)
12
15
CFI is the Canonical Format Indicator Tag header contains Tag Protocol ID & Tag Control Information(TCI) Tag Header is inserted between last octet of source field and first octet of Type/Length field
Ethernet Frame Format

6 bytes 6 bytes 2 bytes Type
Untagged frame
DA
SA
Remainder of frame
6 bytes
6 bytes
4 bytes Type Tag
802.1Q Tagged frame
DA
SA
Remainder of frame
TPID COS CFI VLAN id

16 bits 3 bits 1 bit 12 bits
Individual VLAN Learning

Generic All VLANs can share Router
a single serverless routing
R
R1 R2
IP.2.0
Could also use .1Q trunk Trunks must be tagged Switch with multiple FDBs
IP.1.0
Sv1
IP.1.A IP.2.B
25
12
13
VLA
ES1 1 ES2
IP.1.0 IP.2.0
VLB
4 5
ES4
ES3
Shared VLAN Learning

Generic Router
All VLANs can share a single serverless routing
R
R1 R2
IP.2.0
IP.1.0
Sv1
IP.1.A IP.2.B
25
VLAN A
12
13
VLAN B
Switch with SFDB
ES1 1 ES2
IP.1.0 IP.2.0
ES4 ES3
10
Protocol-based VLAN
EtherSwitch-12 EtherSwitch-13
IP user-5
VLAN-2 IP user-2
IP user-6 Host-10 UNIX IP Host-7 AppleTalk Server IPX Server
VLAN-27
IPX user-4
IPX user-1
VLAN-4
IP & IPX user-9
Match port and protocols

11
IP Frame Encapsulation
IP HDR
IP Protocol Data
Destination Address
Source Address
Type or Length (Type=0x0800 )
Ethernet Data
CRC
The IP layer is responsible for transferring data across routers between hosts on the Internet.
12
IP Header Format
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
VERS
LEN
Type Of Service
Flags
Total Length Fragment Offset
Identification
Time To live
4
8 C
Protocol
Header Checksum
Source IP Address
Protocol field: 1 - ICMP 2 - IGMP 6 - TCP 8 - EGP 17 - UDP 89 - OSPF
Destination IP Address Option Padding
E
10 14
DATA
Total: 20 bytes
13
I. II.
Virtual LAN Concept Ethernet Frame Format
14
Ethernet Frame Format

Ethernet II Frame Preamble
Destination Source MAC Address MAC Address
Type
IP Datagram
CRC
8 bytes
0-1500
IEEE 802.3 with SNAP Frame Preamble 8 bytes

Destination Source MAC Address MAC Address
Length
2
DATA
CRC 4
0-1500
DSAP AA
SSAP AA
Control 03
OUI/Protocol ID 00 00 00 08 00
IP
Packet
Note : OUI 0000F8 for Bridge Tunnel Encapsulation Protocol

15
Tagged Ethernet Frame Format

SNAP Encoded 10 bytes
FC DA SA AA-AA-03 00-00-00 8100 0002 AA-AA-03 00-00-00 Len Packet...
16
Multiple protocols above LLC sublayer

Standard network layer protocols have been assigned reserved LLC addresses in ISO/IEC TR 11802.1. Other protocols are : 1) local assignment of LSAPs; 2) Sub-Network Access Protocol (SNAP)
6 bytes 6 bytes 2 bytes Type
DA
SA
Remainder of frame
Constant
Copy
Copy
DSAP 42 DSAP AA
SSAP 42 SSAP AA
Control 03 Control 03
OUI/Protocol ID 00 00 00 00 00 OUI/Protocol ID 00 00 00 08 00
BPDU Data IP
Packet
or
17
Ethernet MAC Frame

Ethernet MAC frame format includes 16-bit type/length value:
Length Field Interpretation

hex decimal 0000 0 05DC 1500
Undefined
0600 1536
Type Field Interpretation

FFFF 65535
<----- Length Field (IEEE 802.3 format)
Type Field -------> (DIX format)
Preamble 8 bytes
Length/ Destination Source MAC Address MAC Address Type
DATA 0-1500
CRC 4
LLC DSAP
1
LLC SSAP
1
LLC Control
1
OUI/Protocol ID 00 00 00 08 00
5
Packet Data
18
Header Format in RFC1042

MAC Header 802.3/4/5 MAC 802.2 LLC
DSAP
SSAP
Control
OUI/Protocol ID
802.3 SNAP
19
Frame Types
Ethernet-2
LLC_other RFC_1042 DA/SA DA/SA DA/SA DA/SA DA/SA DA/SA Type Length
FF-FF
Length-encapsulated 802.3 frame Type-encapsulated IPX Raw frame Type
Length AA-AA-03 00-00-00 Length AA-AA-03
Length-encapsulated 802.3 frame(RFC 1042)

Length-encapsulated 802.3/SNAP frame Length-encapsulated 802.3 frame(802.1H) 802.3 tagging frame
SNAP_other SNAP_8021H Tagged
Protocol ID Type
Length AA-AA-03 00-00-F8 81-00

TCI
20
I. II.
Virtual LAN Concept Ethernet Frame Format

Protocol-based VLAN per port-based, not for whole system Detect the value of the Length/Type field in a MAC frame
21
Frame Classification
Tagged Frame?
Yes
Frame associated to matching VLAN(tag = VLAN ID)
No
MAC belongs to MAC VLAN?
Yes
Frame associated to matching VLAN(MAC-based VLAN)
No
IP SA belongs To IP VLAN?
Yes
Frame associated to matching VLAN(IP subnet-based VLAN)
No
Ether Type belongs to one of Protocol-based VLAN?
Yes
Frame associated to matching VLAN(Protocol-based VLAN)
No
Frame associated to matching VLAN corresponding to the port
Order of precedence in VLAN membership: VLAN ID, MAC-based VLAN, IP subnet-based VLAN, Protocol-based VLAN, then port-based VLAN.
22
Protocol-based VLANs
For Layer 3 module, protocol-based VLANs enable you to use protocol type and switching ports as the distinguishing characteristic for your VLANs.
Important Consideration
When you create this type of VLAN interface, review these guidelines :
. If you plan to use the VLAN for bridging purposes, select one or more protocols per VLAN. Select them one protocol at a time. . If you plan to use the VLAN for routing, you can select one or more protocols per VLAN, one protocol at a time, and subsequently define a routing interface for each routable protocol that is associated with the VLAN. You can perform routing as follows : ~ You can route between VLANs defined on Layer-3 modules ~ You can use a Layer 3 module to route between VLANs that are defined on Layer 3 modules . The Layer 3 modules support routing for two protocol suites : IP & IPX. . To define a protocol-based VLAN interface, specify this information :
23
~ The VID, or accept the next-available VID ~ The switching ports that are part of the VLAN interface. (If you have trunk ports, specify the anchor port for the trunk) ~ The protocol for the specified ports in the VLAN ~ IEEE 802.1Q tagging must be selected for ports that overlap on both port and protocol (for example, if two IPX VLANs overlap on port 3). ~ The name of this VLAN interface. . If you use IP as the protocol and also specify a Layer 3 address, the protocol-based VLAN becomes a network-based VLAN. You should consider removing an network-based VLANs and defining multiple IP interface per VLAN.
The protocol suite describes which protocol entities can comprise a protocolbased VLAN. For example, VLANs on the Layer 3 module support the IP protocol suite, which has three protocol entities (IP, ARP, and RARP).
24
Support Protocol Suites for VLAN Configuration

Protocol Suite IP Novell IPX Protocol Entries No. of protocol No. of protocol Suites in a Suite 1 4 1 1 1 1 1 1 2 1 1 1 1 3 2 1 0 0 2 3 5 1 1 1 0 1
IP, ARP, RARP(Ethernet-2, SNAP PID IPX(supports all of below 4 IPX types) IPX-type II(Ethernet-II) IPX-802.2 LLC(DSAP/SSAP : 0xE0) IPX-802.3 Raw(DSAP/SSAP : 0xF0) AppeTalk DDP, AARP(Ethernet-II, SNAP PID) Xerox XNS IDP, XNS address translation, XNS XNS compatibility(Ethernet-II, SNAP PID) DEXnet DEC MOP, DEC Phase IV, DEC LAT, DEC LAVC(Ethernet-II, SNAP PID) SNA SNA service over Ethernet(Ethernet-II DSAP/SSAP : 0x04 & 0x05) Banyan Banyan(Ethernet-II, DSAP/SSAP : 0xBC , SNAP PID) X.25 X.25 Layer-3(Ethernet-II) NetBIOS NetBIOS(DSAP/SSAP : 0xF0) Default Default (all protocol types) (unspecific)
25
Your Layer 3 modules impose two important limits regarding the number of VLANs and the number of protocols : . Number of VLANs supported - To determine the minimum number of VLANs that the Layer 3 module can support, use the equation described in Number of VLANs here. A Layer 3 module supports a maximum of 64 VLANs. . Maximum number of protocols - Use the value 15 as the limit of protocols that can be implemented on the Layer 3 module. A protocol suite that is used in more than one VLAN is counted only once towards the maximum number of protocols. Establishing routing between VLANs Your Layer 3 modules support routing IP, IPX VLANs. If VLANs are configured for other routable network layer protocols, they can communicate between them only via an external router or a Layer 3 module configured for routing. The Layer 3 modules routing over bridging model lets you configure routing protocol interfaces based on a static VLAN defined for one or more protocols.
26
You must first define a VLAN to support one or more protocols and then assign A routing interface for each protocol associated with the VLAN. Important Considerations To create an IP interface that can route through a static VLAN, you must : 1. Create a protocol-based IP VLAN for a group of switching ports. (If the VLAN overlaps with another VLAN on any ports, be sure that you define in in accordance with the requirements of your VLAN mode).
(This IP VLAN does not need to contain Layer 3 information unless you want a network-based IP VLAN).
2. Configure an IP routing interface with a network address and subnet mask and specify the interface type vlan.
3. Select the IP VLAN interface index that you want to bind to that IP interface. If Layer 3 information is provided in the IP VLAN interface for which you are configuring an IP routing interface, the subnet portion of both addresses must be compatible.
27
For example : . IP VLAN subnet 157.103.54.0 with subnet mask of 255.255.255.0 . IP host interface address 157.103.54.254 with subnet mask of 255.255.255.0 Layer 2 (bridging) communication is still possible within an IP VLAN (or router interface) for the group of ports within that IP VLAN. For IVL, IP data destined for a different IP subnetwork uses the IP routing interface to reach that different subnetwork even if the destination subnetwork is on a shared port. For SVL, using the destination MAC address in the frame causes the frame to be bridged; otherwise, it is routed in the same manner as for IVL. 4. Enable IP routing. You perform similar steps to create IPX routing interfaces.
Example 1: Routing between Layer 3 modules

The configuration in Figure shows routing between Layer 3 modules. in this configuration :
28
IPX Raw Frame Format
Dest Src Length
D A T A
FCS
IPX FFFF Header
NetWare Core Protocol
29
IPX-802.2 Frame Format
Dest Src Length
802.2
DSAP SSAP Cntl 03 E0 E0 IP protocol 8137 IPX header
DATA
FCS
30
IPX-802.3/802.2/SNAP Frame Format
Dst
Src
Length
802.2 SNAP
DATA
FCS
DSAP SSAP Cntl AA AA 03
Prot ID
Type
000000 8137
IPX Header
31
SAP Values for Frame
SNA
IP
SNAP Banyan IPX-802.2 NetBIOS Lan Mgr. IPX-802.3
04
06
AA
BC
E0
F0
F4
FF
For example : IP can be encapsulated in an Ethernet frame 3 ways : Ethernet-II frame Type = x0800 802.3 with 802.2 frame SAP code = x06 802.3 with SNAP frame SAP code = xAA (indicates SNAP header) Control = x03 SNAP OUI = x000000 (indicates SNAP Ether type same as Ethernet-II type) SNAP Ether type = x0800
32
Protocol Suites Configuration

Protocol Suites IP Protocol Entries 0800 (IP) 0806 (ARP) 0835 (RARP) 8137 E0E0 FFFF AAAA 0600 (NS IDP) 0601 0807 (XNS) 809B 80F3(AARP) 6001 (MOP) 6002 (MOP) 6003 (Phase IV) 6004 (LAT) 6007 (DIAG) 80D5 DSAP/SSAP
IPX-II IPX 802.2 LLC IPX Raw IPX 802.3 SNAP XNS
AppleTalk DECnet
SNA
0404 0505 0504 F0F0 BCBC
X25 NetBIOS Banyan VINES

0805 0BAD
33
NetWares Ethernet Frame Type

IEEE 802.3 raw This follows IEEE standard frame specification without the 802.2 header. After the length field, Novell decided to use first 2-byte in the data portion of the packet, the IPX checksum field, to identify an 802.3 raw frame using the IPX/SPX protocol. Its Hex value is 0xFFFF. Ethernet II This follows the DIX Specification. The frame type field is always greater than 1500 octets. Novell was assigned Hex 0x8137 value for IPX/SPX. IEEE 802.3 with 802.2 This follows IEEE standard frame specification with 802.2 header. NetWare IPX/SPX packets contain the Hex value 0xE0E0 in the DSAP & SSAP fields. IEEE 802.3 with SNAP This follows IEEE standard frame specification with SNAP protocol. The value of DSAP & SSAP fields in 802.2 header are both set to 0xAA. Novell was assigned Hex 0x8137 value in protocol type field for IPX/SPX.
34
To perform the calculation, determine the total number of protocol suites on your system. Remember to include the unspecified type for the default VLAN, even if you have removed the default VLAN and do not have other VLAN defined with the unspecified protocol type. Use the following guideline to count the protocol suites that are used on the Layer-3 module : . IP counts as one protocol suite for IP VLANs . AppleTalk counts as one protocol suite for AppleTalk VLANs . Generic IPX, which uses all four IPX types, counts as four protocol suites. (Each IPX type alone counts as one). To conserve VLAN resources, it is better to specify a specific IPX frame type than to use generic IPX. . DECnet counts as one protocol suite for DECnet VLANs. . The unspecified type of protocol suite counts as one, whether or not the default VLAN or port-based VLANs are defined. Even if you have only the unspecified protocol suite on the system, the limits is still 64 VLANs. . X.25, SNA, Banyan VINES, and NetBIOS each count as one protocol suite for their respective VLANs.
35
Protocol Group Database

Frame Type Ethernet-2 Ethernet-2 RFC_1042 RFC_1042 LLC_other LLC_other SNAP_other SNAP_8021H Value 0800 0806 0800 0806 FEFE FFFF 00B00001 80F3 GroupID B B B B C A C A
Port No GroupID VID 1 2 B C B C A 234 567 123 456 567
VLAN No 1 567
36
Protocol Filtering Scheme

There are two mechanism : Forwarding rule is based on mapping either the packets Ethernet type or DSAP/SSAP to a port-specific VLAN ID Filtering technique with mask string
37
Protocol Classification Algorithm

0x5DC<it< 0x600 Examine Type/ Length field? <=0x05DC Invalid Type/Length Examine DSSP/SSAP/ Control =0xFFFF/E0E0 for raw IPX/IPX-II =0xF0F0 for NetBIOS >=0x0600 Decode LSAP
=0xAAAA03 Examine SNAP OUI =0x080007 N =0x000000 for RFC1042 =0x0000F8 for IEEE802.1H =others for unknown protocol
SNAP protocol ID=0x809B? Y AppleTalk encapsulation

Invalid protocol 38

VLAN 1v

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

VLAN 1v

Diunggah oleh

Hak Cipta:

Format Tersedia

Protocol-based VLAN (IEEE 802.

August 30, 2002

IEEE 802.1v RWU 2002

III. How to Implement Protocol-based VLAN

IEEE 802.1v RWU 2002

Standard & References

Nov. 28, 2000

IEEE 802.1v RWU 2002

Virtual LAN Concept

IEEE 802.1v RWU 2002

IEEE 802.1v RWU 2002

Tagged Ethernet Frame Format

Destination Address Source Address

MAC client data

IEEE 802.1v RWU 2002

Tagged Frame Format(Cont)

IEEE 802.1v RWU 2002

Ethernet Frame Format

4 bytes Type Tag

802.1Q Tagged frame

TPID COS CFI VLAN id

IEEE 802.1v RWU 2002

Individual VLAN Learning

Shared VLAN Learning

All VLANs can share a single serverless routing

Switch with SFDB

IEEE 802.1v RWU 2002

IP user-6 Host-10 UNIX IP Host-7 AppleTalk Server IPX Server

Match port and protocols

IEEE 802.1v RWU 2002

Type or Length (Type=0x0800 )

IEEE 802.1v RWU 2002

Total Length Fragment Offset

Destination IP Address Option Padding

IEEE 802.1v RWU 2002

Virtual LAN Concept Ethernet Frame Format

III. How to Implement Protocol-based VLAN

IEEE 802.1v RWU 2002

Ethernet Frame Format

IEEE 802.3 with SNAP Frame Preamble 8 bytes

Note : OUI 0000F8 for Bridge Tunnel Encapsulation Protocol

Tagged Ethernet Frame Format

IEEE 802.1v RWU 2002

Multiple protocols above LLC sublayer

IEEE 802.1v RWU 2002

Ethernet MAC Frame

Length Field Interpretation

Type Field Interpretation

<----- Length Field (IEEE 802.3 format)

Type Field -------> (DIX format)

Length/ Destination Source MAC Address MAC Address Type

Header Format in RFC1042

IEEE 802.1v RWU 2002

Length-encapsulated 802.3 frame Type-encapsulated IPX Raw frame Type

Length AA-AA-03 00-00-00 Length AA-AA-03

Length-encapsulated 802.3 frame(RFC 1042)

SNAP_other SNAP_8021H Tagged

Length AA-AA-03 00-00-F8 81-00

IEEE 802.1v RWU 2002

Virtual LAN Concept Ethernet Frame Format

III. How to Implement Protocol-based VLAN

IEEE 802.1v RWU 2002