Contents

0.1 Linux Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.1.2 Practical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

0.2 (*) VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20.2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20.2.2 802.1q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30.2.3 Practical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

0.3 Switching Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

0.1 Linux Switch

0.1.1 IntroductionLinux systems can be used to build a bridge with multiple NICs (also called switch). An Ethernet bridge/switch is adevice used to connect different Ethernet segments. Each of the Ethernet segments being connected corresponds toone physical interface in the bridge.

0.1.2 PracticalIn Linux, the command brctl is used to set up, maintain, and inspect the Ethernet bridge configuration in the Kernel.In a Linux APT system (like Debian), we can type the following command to install the utilities for configuring theLinux Ethernet bridge:

# apt-get install bridge-utils

To create a bridge:

# brctl addbr br1

To remove a bridge:

# brctl delbr br1

Each bridge has a number of ports attached to it. Network traffic coming in any of these ports will be forwardedto the other ports transparently, so that the bridge is invisible to the rest of the network. To add a port (interface) to abridge:

# brctl addif br1 eth0# brctl addif br1 eth1# brctl addif br1 eth3

To remove an interface from a bridge:

# brctl delif br1 eth3

To show some information about a bridge and its attached ports:

# brctl show br1

On the other hand, the bridge keeps track of Ethernet addresses seen on each port (MAC learning). When it needsto forward a frame, and it happens to know on which port the destination Ethernet address (specified in the frame)is located, it can forward the frame to that port only. However, the Ethernet address location data is not static data.Devices can move to other ports, network cards can be replaced (which changes the machine’s Ethernet address), etc.In this context, we can use the following commands. To show the list of learned MAC addresses by a bridge:

# brctl showmacs br1

To set the Ethernet (MAC) address ageing time, in seconds:

# brctl setageing br1 20

With the previous command, after 20 seconds of not having seen a frame coming from a certain address, the bridgewill time out (delete) that address from the Forwarding Database (FDB).

Finally, to activate the bridge it is mandatory to assing an IP (L3) address to it:

# ifconfig br1 192.168.0.1br1: port 2(eth1) entered forwarding statebr1: port 1(eth0) entered forwarding state

0.2 (*) VLANs

0.2.1 IntroductionVirtual LANs or VLANs are used to separate hosts that should not be able to access each other and create multipledistinct L2 broadcast domains. VLANs are implemented on a switch device. Simpler devices only support partitioningon a port level, so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisti-cated switches can mark frames through tagging, which allows a VLAN span more than one switch without dedicatedlinks (see Figure 1). When a link is used to transport data for various VLANs it is called a “trunk”. For example, inthe sample switching topology of Figure 1 there are two trunks.

alice

eth0

bob

eth0

carla

eth0

david

eth0

eric

eth0

SW1 SW2

SW3

frank

eth0

trunk1 (vlan10,vlan20)trunk2 (vlan10

,vlan20)

vlan10 vlan10

vlan10

vlan20

vlan20 vlan20

eth0 eth1 eth2Port1 Port2 Port3

eth1eth0 eth2Port1 Port2 Port3

eth1eth0 eth2Port1 Port2 Port3

eth3Port4

Figure 1: A Sample Switching Topology

There are two types of frames on a VLAN, these are tagged and untagged:

2

• The untagged frame is a regular frame and looks just like a frame that exists on a regular network. Untaggedframes are the most common type on a VLAN. The decision of which VLAN an untagged frame belongs to ismade by the switch because a switch can be configured to assign specific ports to specific VLANs.

• A switch can also be configured to receive and switch tagged frames. Then, the output ports are determinedusing the VLAN tag.

0.2.2 802.1q

The IEEE 802.1q standard defines the VLAN tag. 802.1q does not actually encapsulate the original frame. Instead,for Ethernet frames, it adds a 32-bit field (4 bytes) between the source MAC address and the Type/Length fields of theoriginal frame. This leaves the minimum frame size unchanged at 64 bytes (octets) but extends the maximum framesize from 1,518 bytes to 1,522 bytes.

A VLAN is assigned a specific id. The standard defines a 12-bit field for the VLAN id and several fields forQuality of Service (QoS). The VLAN id can be anything between 1 and 4094. VLAN 1 is most commonly used formanagement so this should not be used.

0.2.3 Practical

In a Linux APT system (like Debian), we can type the following command to install the user mode programs to manageVLANs on Ethernet devices:

$ sudo apt-get install vlan

Then, we have to load the 8021q module into the kernel.

# modprobe 8021q

On the other hand, the files in /proc/sys/net/bridge (Debian) are used to filter frames on the bridge devices. Ingeneral, the default configuration is correct but if you want to avoid any filtering you can set them all to 0:

# echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables# echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables# echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables# echo 0 > /proc/sys/net/bridge/bridge-nf-filter-pppoe-tagged# echo 0 > /proc/sys/net/bridge/bridge-nf-filter-vlan-tagged

You can create/remove a new interface that is a member of a specific VLAN using the commands:

# vconfig add eth1 10# vconfig rem eth1.10

The first of the previous commands creates a VLAN interface called eth1.10 (VLAN id=10). The existingconfiguration of eth1 will not be affected. You can check that the VLANs have been correctly setup by running thecommand:

# cat /proc/net/vlan/conf

You can create bridges that contain VLAN interfaces. In this case, tagged traffic received through VLAN interfacesis stripped of its VLAN header, and presented untagged to the bridge.

For example, next we create a bridge (br1) that includes three interfaces: eth0.10 (VLAN id 10), eth1 andeth2. Tagged and untagged (native) traffic might enter on eth0. The traffic tagged with VLAN id 10 will be strippedof its VLAN header and presented untagged to eth1 and eth2. On the other way it happens the reserse operation,untagged traffic comming from eth1 or eth2 is sent through eth0 with a tag (VLAN id 10). The commands forthis example are:

3

# vconfig add eth0 10# ifconfig eth0.10 up# brctl addbr br1# brctl addif br1 eth0.10# brctl addif br1 eth1# brctl addif br1 eth2# ifconfig br1 192.168.0.1

On the other hand, we can create also VLAN subinterfaces of a bridge interface. The difference is that whenVLAN subinterfaces are defined on an interface, which is added to a bridge, Linux will strip the VLAN tag. However,when VLAN subinterfaces are defined on a bridge interface, the VLAN tags are kept. For example:

# brctl addbr br1# brctl addif br1 eth1# brctl addif br1 eth2# vconfig add br1 10# vconfig add br1 20# ifconfig br1.10 up# ifconfig br1.20 up# ifconfig br1 192.168.0.1

In the previous example tagged traffic is presented directly to eth1 and eth2 (with the VLAN tagging intact).This is the typical configuration for trunk links. Notice that if the bridge does not have a particular VLAN subinterface,that VLAN traffic will be dropped (e.g VLAN 30 in our example).

In practice, there are also protocols to manage VLANs like VLAN Trunking Protocol (VTP) and Multiple Regis-tration Protocol (MRP).

0.3 Switching Practices

BA

Switch

(a) One Chat.

B CA

Switch

(b) Two Chats.

Figure 2: LLC1 Chats.

Exercise1– The goal of this practice is to test a LLC over Ethernet transmission with physical equipment (hosts andswitches). In particular, we will use a simple client/server chat using LLC1.

As server, we use the application server-chatllc.py:

# ./server-chatllc.py -hServer for chat with LLC1Version 1.0 by JLMOptions:

[-h, --help][-i, --iface] <listening interface> by defalut eth0[--sap <sap>] <listening SAP> by default 0x88

4

As client, we use the application client-chatllc.py:

# ./client-chatllc.py -hClient for chat with LLC1Version 1.0 beta by JLMOptions:

[-h, --help]-d, --dst_mac <destination mac>[-o, --outif] <ouput interface> by default eth0[--ssap <ssap>] by default 0x88[--dsap <dsap>] by default 0x88

1. As shown in Figure 2a, create a chat between two hosts using the parameters that you consider necessary.

Capture traffic, exchange 5 o 6 text messages in the chat and explain the protocol fields of the traffic captured(MAC addresses, etc.).

Explain also how the chat works.

2. Using three hosts, create two chats as shown in Figure 2b.

Explain the parameters that you have used.

For the rest of the exercises we use an emulated scenario with virtual equipment (that works exactly the same asphysical equipment). To start the simulation scenario of Figure 3, execute on your phyhost the following command:

phyhost:~# simctl switching start

alice

tap0eth0

eth0

bob

tap3eth0

eth1

tap1

eth0eth1 eth2

carla

tap5eth0

david

tap4eth0

tap2

eth1eth0

eth2

eric

tap6eth0

eth2

SW1Port1 Port2 Port3

SW2

Port1 Port2 Port3

Port1 Port2 Port3

SW3

frank

tap7eth0

eth3Port4

Figure 3: Scenario for testing Switching

Exercise2– The goal of this practice is to test a LLC over Ethernet transmission with emulated equipment (hosts andswitches). In particular, we will use the simple LLC1 client/server chat. The commands for the client and the serverare in the directory /tmp of the virtual machines.

1. Using alice and bob, create a chat between these hosts as shown in Figure 2a using the parameters that youconsider necessary.

Capture traffic with wireshark in tap2 in the phyhost and set the display filter: !ipv6 and !igmp

Exchange 5 o 6 text messages in the chat and explain the protocol fields of the traffic captured (MAC addresses,etc.).

5

2. Using alice, bob and carla, create two chats as shown in Figure 2b.

Explain the parameters that you have used.

Exercise3– The goal of this practice is to study the MAC learning process of switches using the emulated scenario.To do so, we are going to use a simple application called send-frame.py that you can find in the directory /tmp.This application can be used to send LLC1 frames (use the -h option to see how it works).

1. Get a console of SW1 (which is a Linux box used to build a switch with 3 ports) and type the followingcommand:

root@SW1:~# watch -n 5 brctl showmacs br1

The previous command shows the MAC table of the switch every 5 seconds. Remember that the MAC tablecontains the MAC addresses learned by the switch. On the other hand, the ageing in the switches is set to1 minute.

Capture in tap1 and tap2 and send a frame from alice to bob using send-frame.py.

Explain the traffic captured in each Tap and the time evolution of the MAC addresses of alice and bob (onlythese) in the MAC table of SW1.

2. Wait for a minute and repeat the experiment sending:

• One frame from alice to bob.• Before 60 seconds of the previous transmission, send another frame from alice to bob.• Before 60 seconds of the previous transmission, send another frame from bob to alice.

Explain the traffic captured in each Tap and the time evolution of the MAC addresses of alice and bob (onlythese) in the MAC table of SW1.

3. Increase the ageing in all the switches to 10 minutes. Using alice, bob and carla, create two chats as shown inFigure 2b. Capture traffic in tap2 and tap1, exchange 5 or 6 text messages in each chat and explain the trafficthat you observe in each Tap.

Exercise4– (*) The goal of this practice is to study and test VLANs.

1. In SW3, create one LAN for the ports 1 and 3 and another LAN for the ports 2 and 4.

Explain your configuration. Do you need any VLAN id? Test your configuration with our LLC1 chat applica-tion.

2. Create a configuration in the switches in which, hosts send untagged frames but they belong to the followingVLANs:

• VLAN 10: alice, bob and carla.• VLAN 20: david, eric and frank.

Explain your configuration.

Capture traffic in trunk interfaces (tap1 and tap2) and in the host tap interfaces that you consider useful.

Then, test your configuration appropriately with send-frame.py and the L2 broadcast address.

Discuss the results and the format of the VLAN frames.

6