Post on 03-Jun-2018
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
1/44
VLANs and GVRP
Curtis Simonson
Bridge Functions ConsortiumInterOperability LabJuly, 2000
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
2/44
Presentation Overview
Standards Involved
Bridging Background
802.1Q/1D:
the problem the solution
GVRP
Tagging Frames
Testing It
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
3/44
The ISO OSI Model
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
4/44
Standards Involved
IEEE Standard
The Bridge
Standards
(802.1) Most widely
used with the
802.3 MAC
(who doesnt
use Ethernet?)
Bridging is
MACindependent
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
5/44
Quick Review - Shared Medium
All machines share
the network
Only one machine can
talk at any one time
Distance limitations
Total throughput limit
Collision likelihoodincreased
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
6/44
Shared Medium (Repeated Network)
All machines share
the network
Only one machine can
talk at any one time Distance limitations
At most 205m.
Total throughput limit
Collision likelihood
increased
Repeaters
End Stations
5m
100m
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
7/44
Bridging Review
Connects Separate
shared Networks
Frame Translation/
Encapsulation (TokenRing to Ethernet)
Reduces Unicast
Traffic Switches: Allow for
multiple conversations
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
8/44
Bridging Background
Bridges work at
layer 2 of the OSI
Model
Their primary
function is to
relay frames
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
9/44
Filtering Database Review
One database contains
MAC addresses,
which port theyre on,
and if theyre active
or disabled
Duplicate MAC
addresses not allowed(the second one would replace the
first)
Entry MAC Addr Port active
1 0800900A2580 1 yes
2 002034987AB1 1 yes
3 00000C987C00 2 yes
4 00503222A001 2 yes5
6
7
8
9
1011
12
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
10/44
802.1Q - Standard for VLANs
Defines a method of
establishing VLANs
Establishes the
Tagged Frame
Provides a way to
maintain priority
information acrossLANs
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
11/44
Reasons For Standardizing VLANs
Old implementations could only be defined in
one switch
To connect a VLAN to another network, each
VLAN needed a router port
The only multi-switch VLANs were proprietary:
Cisco: ISL
Bay: Lattisspan 3Com: VLT
Cabletron: SecureFast
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
12/44
Standards Based VLANs
Includes definition for a new GARP
application called GVRP (GARP VLAN
Registration Protocol)
Propagate VLAN registration across the net
Associate incoming frames with a VLAN ID
De-associate outgoing frames if necessaryTransmit associated frames between VLAN
802.1Q compliant switches
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
13/44
What are VLANs - Virtual Local Area Networks?
Divides switch into two ormore virtual switches
with separate broadcast
domains
Achieved by manual
configuration through the
switches management
interface Only that switch will be
segmented
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
14/44
Multiple VLANs in One Switch
Multiple VLANs can be defined on the same switch
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
15/44
Why VLANs?
Lots of broadcast traffic wastes bandwidth
VLANs create separate broadcast domains
Microsoft Networking
Novell Networking
NetBEUI
IP RIP
Multicast (sometimes acts like broadcast)
VLANs can span multiple switches and
therefore create separate broadcast domains
that span multiple switches
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
16/44
More Reasons...
Link Multiplexing
slower speed
technologies share the
high-bandwidth uplink
multiple IP subnets on
one physical link with
layer 3 switching (such
as to connect Morse,
Leavitt and Ocean ifwe were switched
instead of routed)
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
17/44
And One More Reason...
Security
Traffic is only seen by who it is intended for
example: Two separate VLANs, one for accounting
and one for sales. Sensitive accounting datatransmitted over the network will only be seen by
devices in the accounting VLAN.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
18/44
Basic VLAN Concepts
Port-based VLANs
Each port on a switch is in one and only one VLAN (except trunk
links)
Tagged Frames
VLAN ID and Priority info is inserted (4 bytes)
Trunk Links
Allow for multiple VLANs to cross one link
Access Links
The edge of the network, where legacy devices attach
Hybrid Links
Combo of Trunk and Access Links
VID
VLAN Indentifier
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
19/44
Tagged Frames
4 Bytes insertedafter Destination
and Source
Address
Tagged Protocol
Identifier (TPID)
= 2 Bytes (x8100)
length/type field
Tagged Control
Information
(TCI) = 2 Bytes
contains VID
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
20/44
Trunk Link
Attaches two VLAN switches - carriesTagged frames ONLY.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
21/44
Access Links
Access Links are Untagged for VLANunaware devices - the VLAN switch adds
Tags to received frames, and removes Tags
when transmitting frames.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
22/44
Hybrid Links
Hybrid Links - ALL VLAN-unaware devices
are in the same VLAN
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
23/44
So Far So Good...
So one might ask: how does the Filtering
Database handle VLANs?
Two answers:multiple (distinct) tables: one for each VLAN
one table, with a VLAN column
They sound similar, but it turns out they areVERY different
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
24/44
Entry MAC Addr Port active
1 0800900A2580 1 yes
2 002034987AB1 1 yes
3 0500A1987C00 2 yes
4 00503222A001 2 yes5
6
7
8
9
1011
12
Multiple Tables
Called MFD (multiple
Filtering Databases) or
it might also be called
Independent Learning Each VLAN learns
MAC addresses
independently, so
duplicate MACaddresses are OK as
long as they are in
different VLANs.
Entry MAC Addr Port active
1 0800900A2580 1 yes
2 002034987AB1 1 yes
3 0500A1987C00 2 yes
4 00503222A001 2 yes
5
6
7
8
9
10
11
12
Entry MAC Addr Port active
1 0800900A2580 1 yes
2 002034987AB1 1 yes
3 0500A1987C00 2 yes4 00503222A001 2 yes
5
6
7
8
910
11
12
Entry MAC Addr Port active
1 0800900A2580 1 yes
2 002034987AB1 1 yes3 0500A1987C00 2 yes
4 00503222A001 2 yes
5
6
7
8
9
10
11
12
Each Table is
for One VLAN
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
25/44
One (Big) Table
Called SFD (Single
Filtering Database) or
Shared Learning
No duplicate MAC
addresses
Asymmetric VLAN
possible
Entry MAC Addr Port active VLAN
1 0800900A2580 1 yes 2
2 002034987AB1 1 yes 2
3 0500A1987C00 2 yes 2
4 00503222A001 2 yes 2
5 080034090478 3 yes 1
6 049874987AB1 5 yes 1
7 0555A1945600 5 yes 3
8 00503222A023 5 yes 2
9
10
11
12
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
26/44
Independent Learning I
Legacy router
learns MAC
addresses fromboth VLANs
Requires 2 physical
links
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
27/44
Independent Learning II
VLAN-aware router only needs one physical link
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
28/44
Problems
Cant combine SFD and MFD switches in
one network
Some switches only do one or the other,and cant be changed
Hybrids of SFD and MFD makes this tricky
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
29/44
Future Additions
Layer 3 based VLANs
IP traffic on a different VLAN than IPX
Multiple Spanning Trees (one per VLAN)allows for using the disabled links
ATM to IEEE VLAN mapping
Emulated LANs
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
30/44
GARP (yeah, I know, the world according to thats a new one!)
Generic Attribute Registration Protocol
Standard Defines:
method to declare attributes to other GARPparticipants
frame type to convey GARP messages:
Protocol Data Unit (PDU)
rules and timers for registering/de-registering
attributes
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
31/44
GARP - how?
A device wants
to declare a
certain attribute
It sends adeclaration
The bridge
receives it and
propagates it
throughout the
network.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
32/44
GARP - two devices
A second
device wants to
declare a
certainattribute
Now a path
has been
formed.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
33/44
GMRP
GARP Multicast Registration Protocol
Defines a GARP Application (instance of
the generic framework)
Allows devices to declare membership in a
multicast group
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
34/44
GMRP - multiple devices
Devices declare
membership in a
multicast group
All multicastframes for that
group propagate
only to the proper
devices.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
35/44
GMRP - Pros & Cons
Pros:
provides multicasting
that isnt broadcasting
works throughlegacy bridges
allows asymmetric
pruning
Cons:
end stations must
support 802.1p
no interface betweenIGMP and GMRP
(yet)
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
36/44
GVRP - GARP VLAN Registration Protocol
Disadvantages to Static VLANs
Static VLANs are created via management
Must be maintained by a network admin
Static VLANs must be reconfigured for every
network topology change
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
37/44
GVRP Simplifies All This!
GVRP creates dynamic VLANs
No manual configuration needed
GVRP is maintained by the devices themselves
Topology change? No problem, GVRP
recreates the dynamic VLAN automatically
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
38/44
What can GVRP do for you?
Allows the creation of VLANs with a specific
VID and a specific port, based on updates from
GVRP-enabled devices.
Advertises manually configured VLANs to otherGVRP-enabled device. As a result of this the
GVRP-enable devices in the core of the network
need no manual configuration in order to inter-
operate.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
39/44
GVRP Info
GVRP is a GARP application that registers
attributes for dynamic VLANs
GVRP deals only with the management of
dynamic VLANs
Everything that you have learned about
static VLAN packet format and
transmission applies
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
40/44
VLAN Data Frame Format Review
GVRP handles data in the same way as Static
VLANs do.
Header, inserted after the destination and source
addresses, that contains Protocol Identifier and VID
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
41/44
How GVRP does all this:
The method of advertisement used by
GVRP-enabled devices consists of sending
Protocol Data Units (PDUs), similar to
Spanning Tree BPDUs, to a known
multicast MAC address (01 80 C2 00 00 21)
to which all GVRP-enabled devices listen to
for updates. GVRP advertisement followsthe definition of GARP.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
42/44
What do these PDUs contain?
A single PDU may contain several different
messages telling the GVRP-enabled device
to perform a specific action.
Join: register the port for the specified VLAN
Leave: de-register the port for the specified
VLAN
LeaveAll: de-register all VLAN registrations onthat port
Empty: request to re-advertise dynamically
and statically configured VLANs
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
43/44
Industry Implementation Example
3Com manufactures Network Interface Cards that take
advantage of GVRP
Accessed via the Control Panel (DynamicAccess
)
Extremely easy to configure
Windows screenshot>
Vendors (current):
Cisco Systems, 3Com
and Hewlett Packard
Several others are
developing working
implementations also.
8/12/2019 Unh-iol Bfc Knowledgebase Vlan-gvrp
44/44
Example: GARP/GVRP
S
SS
E ERED GREEN
EE