Virtual Links: VLANs and Tunneling

Virtual links vlans and tunneling l.jpg
1 / 27
0
0
814 days ago, 151 views
PowerPoint PPT Presentation

Presentation Transcript

Slide 1

Virtual Links: VLANs and Tunneling CS 4251: Computer Networking II Nick Feamster Spring 2008

Slide 2

Why VLANs? Layer 2: gadgets on one VLAN can't speak with clients on another VLAN without the utilization of switches and system layer addresses Advantages Help control communicates (fundamentally MAC-layer communicates) Switch table section scaling Improve arrange security Help legitimately assemble organize clients Key element: Divorced from physical system topology

Slide 3

VLAN essentials VLAN design issues: A switch makes a communicate space VLANs oversee communicate areas VLANs can be characterized on port gatherings, clients or conventions LAN switches and arrange administration programming give a component to make VLANs control the measure of communicate areas and restrict movement. VLANs are connected with individual systems. Gadgets in various VLANs can't specifically convey without the mediation of a Layer 3 directing gadget.

Slide 4

VLAN Trunking Protocol VLAN trunking: numerous VLANs all through an association by adding extraordinary labels to casings to distinguish the VLAN to which they have a place. This labeling permits numerous VLANs to be conveyed over a typical spine, or trunk. IEEE 802.1Q trunking convention is the standard, broadly executed trunking convention

Slide 5

Trunking: History A case of this in an interchanges system is a spine interface between a MDF and an IDF A spine is made out of various trunks.

Slide 6

VLAN Trunking Conserve ports while making a connection between two gadgets executing VLANs Trunking will package numerous virtual connections more than one physical connection by permitting the activity for a few VLANs to go over a solitary link between the switches.

Slide 7

Trunking Operation Manages the exchange of casings from various VLANs on a solitary physical line Trunking conventions build up understanding for the circulation of edges to the related ports at both finishes of the storage compartment Two components outline sifting outline labeling

Slide 8

Frame Filtering

Slide 9

Frame Tagging A casing labeling system appoints an identifier, VLAN ID, to the edges Easier administration Faster conveyance of edges

Slide 10

Frame Tagging Each casing sent on the connection is labeled to distinguish which VLAN it has a place with. Diverse labeling plans exist Two basic plans for Ethernet outlines 802.1Q : IEEE standard Encapsulates parcel in an extra 4-byte header ISL  – Cisco exclusive Inter-Switch Link convention Tagging happens inside the edge itself

Slide 11

VLANs and trunking VLAN outline labeling is an approach that has been particularly created for exchanged interchanges. Outline labeling places a novel identifier in the header of every casing as it is sent all through the system spine. The identifier is comprehended and analyzed by every switch before any communicates or transmissions are made to different switches, switches, or end-station gadgets. At the point when the edge leaves the system spine, the switch expels the identifier before the edge is transmitted to the objective end station. Outline labeling capacities at Layer 2 and requires small preparing or regulatory overhead.

Slide 12

Inter-VLAN Routing If a VLAN traverses over different gadgets a trunk is utilized to interconnect the gadgets. A trunk conveys movement for numerous VLANs. For instance, a trunk can associate a change to another change, a change to the between VLAN switch, or a change to a server with an extraordinary NIC introduced that backings trunking. Keep in mind that when a host on one VLAN needs to speak with a host on another, a switch must be included.

Slide 13

Inter-VLAN Issues and Solutions Hosts on various VLANs must convey Logical availability: a solitary association, or trunk, from the change to the switch That trunk can bolster different VLANs This topology is known as a switch on a stick on the grounds that there is a solitary association with the switch

Slide 14

Physical and legitimate interfaces The essential favorable position of utilizing a trunk connection is a diminishment in the quantity of switch and switch ports utilized. Not just can this spare cash, it can likewise decrease setup intricacy. Therefore, the storage compartment associated switch approach can scale to a much bigger number of VLANs than a one-interface per-VLAN outline.

Slide 15

Why Tunnel? Security E.g., VPNs Flexibility Topology Protocol Bypassing neighborhood arrange engineers Oppressive administrations: China, Pakistan, TS… Compatibility/Interoperability Dispersion/Logical gathering/Organization Reliability Fast Reroute, Resilient Overlay Networks (Akamai SureRoute) Stability ("way sticking") E.g., for execution ensures

Slide 16

MPLS Overview Main thought: Virtual circuit Packets sent construct just with respect to circuit identifier Source 1 Destination Source 2 Router can forward movement to a similar goal on various interfaces/ways.

Slide 17

Circuit Abstraction: Label Swapping D Label-exchanged ways (LSPs): Paths are "named" by the mark at the way's entrance point At every bounce, name decides: Outgoing interface New name to join Label appropriation convention: in charge of scattering flagging data 2 A 1 Tag Out New 3 A 2 D

Slide 18

Layer 3 Virtual Private Networks Private interchanges over an open system An arrangement of destinations that are permitted to speak with each other Defined by an arrangement of authoritative approaches decide both availability and QoS among locales built up by VPN clients One approach to actualize: BGP/MPLS VPN components (RFC 2547)

Slide 19

Building Private Networks Separate physical system Good security properties Expensive! Secure VPNs Encryption of whole system stack between endpoints Layer 2 Tunneling Protocol (L2TP) "PPP over IP" No encryption Layer 3 VPNs Privacy and interconnectivity (not classification, uprightness, and so forth.)

Slide 20

Layer 2 versus Layer 3 VPNs Layer 2 VPNs can convey activity for a wide range of conventions, while Layer 3 is "IP just" More confused to arrangement a Layer 2 VPN Layer 3 VPNs: conceivably more adaptability, less setup cerebral pains

Slide 21

VPN A/Site 2 10.2/16 VPN B/Site 1 10.2/16 CE A2 CE 1 B1 10.1/16 CE B2 VPN B/Site 2 P 1 PE 2 CE 2 B1 P 2 PE 1 PE 3 CE A3 CE A1 P 3 10.3/16 CE B3 10.1/16 VPN A/Site 3 10.4/16 VPN A/Site 1 VPN B/Site 3 Layer 3 BGP/MPLS VPNs Isolation: Multiple consistent systems over a solitary, shared physical foundation Tunneling: Keeping courses out of the center BGP to trade courses MPLS to forward movement

Slide 22

High-Level Overview of Operation IP parcels land at PE Destination IP address is gazed upward in sending table Datagram sent to client's system utilizing burrowing ( i.e., a MPLS name exchanged way)

Slide 23

BGP/MPLS VPN enter segments Forwarding in the center: MPLS Distributing courses between PEs: BGP Isolation: Keeping diverse VPNs from directing activity more than each other Constrained appropriation of steering data Multiple "virtual" sending tables Unique locations: VPN-IP4 Address augmentation

Slide 24

Virtual Routing and Forwarding Separate tables per client at every switch Customer 1 10.0.1.0/24 10.0.1.0/24 RD: Green Customer 1 Customer 2 10.0.1.0/24 Customer 2 10.0.1.0/24 RD: Blue

Slide 25

Site 2 Site 1 Site 3 Routing: Constraining Distribution Performed by Service Provider utilizing course sifting in light of BGP Extended Community property BGP Community is connected by entrance PE course separating in view of BGP Community is performed by departure PE BGP Static course, RIP, and so forth. RD: 10.0.1.0/24 Route target: Green Next-jump: An A 10.0.1.0/24

Slide 26

Forwarding PE and P switches have BGP next-bounce reachability through the spine IGP Labels are circulated through LDP (jump by-jump) relating to BGP Next-Hops Two-Label Stack is utilized for parcel sending Top mark shows Next-Hop (inside name) Second level name demonstrates active interface or VRF (outside name) Corresponds to VRF/interface at exit Corresponds to LSP of BGP next-bounce (PE) Layer 2 Header Label 1 Label 2 IP Datagram

Slide 27

Forwarding in BGP/MPLS VPNs Step 1: Packet touches base at approaching interface Site VRF decides BGP next-bounce and Label #2 Label 2 IP Datagram Step 2: BGP next-bounce query, include comparing LSP (likewise at site VRF) Label 1 Label 2 IP Datagram

SPONSORS