VLANs and GVRP Curtis Simonson Bridge Functions Consortium InterOperability Lab July, 2000

Presentation Overview u Standards Involved u Bridging Background u 802.1Q/1D: –the problem –the solution »GVRP »Tagging Frames u Testing It

The ISO OSI Model

Standards Involved u IEEE Standard u The Bridge Standards (802.1) u Most widely used with the MAC (who doesn’t use Ethernet?) u Bridging is MAC independent

Quick Review - Shared Medium u All machines “share” the network u Only one machine can talk at any one time u Distance limitations u Total throughput limit u Collision likelihood increased

Shared Medium (Repeated Network) u All machines “share” the network u Only one machine can talk at any one time u Distance limitations –At most 205m. u Total throughput limit u Collision likelihood increased Repeaters End Stations 5m 100m

Bridging Review u Connects Separate shared Networks u Frame Translation/ Encapsulation (Token Ring to Ethernet) u Reduces Unicast Traffic u Switches: Allow for multiple conversations

Bridging Background u Bridges work at layer 2 of the OSI Model u Their primary function is to relay frames

Filtering Database Review u One database contains MAC addresses, which port they’re on, and if they’re active or disabled u Duplicate MAC addresses not allowed (the second one would replace the first)

802.1Q - Standard for VLANs u Defines a method of establishing VLANs u Establishes the Tagged Frame u Provides a way to maintain priority information across LANs

Reasons For Standardizing VLANs u Old implementations could only be defined in one switch u To connect a VLAN to another network, each VLAN needed a router port u The only multi-switch VLANs were proprietary: –Cisco: ISL –Bay: Lattisspan –3Com: VLT –Cabletron: SecureFast

Standards Based VLANs u Includes definition for a new GARP application called GVRP (GARP VLAN Registration Protocol) –Propagate VLAN registration across the net u Associate incoming frames with a VLAN ID u De-associate outgoing frames if necessary u Transmit associated frames between VLAN 802.1Q compliant switches

What are VLANs - Virtual Local Area Networks ? u Divides switch into two or more “virtual” switches with separate broadcast domains u Achieved by manual configuration through the switches’ management interface u Only that switch will be segmented

Multiple VLANs in One Switch u Multiple VLANs can be defined on the same switch

Why VLANs? u Lots of broadcast traffic wastes bandwidth –VLANs create separate broadcast domains »Microsoft Networking »Novell Networking »NetBEUI »IP RIP »Multicast (sometimes acts like broadcast) u VLANs can span multiple switches and therefore create separate broadcast domains that span multiple switches

More Reasons... u Link Multiplexing –slower speed technologies share the high-bandwidth uplink –multiple IP subnets on one physical link with layer 3 switching (such as to connect Morse, Leavitt and Ocean if we were switched instead of routed)

And One More Reason... u Security –Traffic is only seen by who it is intended for »example: Two separate VLANs, one for accounting and one for sales. Sensitive accounting data transmitted over the network will only be seen by devices in the accounting VLAN.

Basic VLAN Concepts u Port-based VLANs –Each port on a switch is in one and only one VLAN (except trunk links) u Tagged Frames –VLAN ID and Priority info is inserted (4 bytes) u Trunk Links –Allow for multiple VLANs to cross one link u Access Links –The edge of the network, where legacy devices attach u Hybrid Links –Combo of Trunk and Access Links u VID –VLAN Indentifier

Tagged Frames u 4 Bytes inserted after Destination and Source Address u Tagged Protocol Identifier (TPID) = 2 Bytes (x8100) –length/type field u Tagged Control Information (TCI) = 2 Bytes –contains VID

Trunk Link u Attaches two VLAN switches - carries Tagged frames ONLY.

Access Links u Access Links are Untagged for VLAN unaware devices - the VLAN switch adds Tags to received frames, and removes Tags when transmitting frames.

Hybrid Links u Hybrid Links - ALL VLAN-unaware devices are in the same VLAN

So Far So Good... u So one might ask: “how does the Filtering Database handle VLANs?” u Two answers: –multiple (distinct) tables: one for each VLAN –one table, with a VLAN column u They sound similar, but it turns out they are VERY different

Multiple Tables u Called MFD (multiple Filtering Databases) or it might also be called Independent Learning u Each VLAN learns MAC addresses independently, so duplicate MAC addresses are OK as long as they are in different VLANs. Each Table is for One VLAN

One (Big) Table u Called SFD (Single Filtering Database) or Shared Learning u No duplicate MAC addresses u Asymmetric VLAN possible

Independent Learning I u Legacy router learns MAC addresses from both VLANs u Requires 2 physical links

Independent Learning II u VLAN-aware router only needs one physical link

Problems u Can’t combine SFD and MFD switches in one network u Some switches only do one or the other, and can’t be changed u Hybrids of SFD and MFD makes this tricky

Future Additions u Layer 3 based VLANs –IP traffic on a different VLAN than IPX u Multiple Spanning Trees (one per VLAN) –allows for using the disabled links u ATM to IEEE VLAN mapping –Emulated LANs

GARP (yeah, I know, “the world according to”… that’s a new one!) u Generic Attribute Registration Protocol u Standard Defines: –method to declare attributes to other GARP participants –frame type to convey GARP messages: Protocol Data Unit (PDU) –rules and timers for registering/de-registering attributes

GARP - how? u A device wants to declare a certain attribute u It sends a declaration u The bridge receives it and propagates it throughout the network.

GARP - two devices u A second device wants to declare a certain attribute u Now a “path” has been formed.

GMRP u GARP Multicast Registration Protocol u Defines a GARP Application (instance of the generic framework) u Allows devices to declare membership in a multicast group

GMRP - multiple devices u Devices declare membership in a multicast group u All multicast frames for that group propagate only to the proper devices.

GMRP - Pros & Cons u Pros: –provides multicasting that isn’t broadcasting –works “through” legacy bridges –allows asymmetric pruning u Cons: –end stations must support 802.1p –no interface between IGMP and GMRP (yet)

GVRP - GARP VLAN Registration Protocol u Disadvantages to Static VLANs –Static VLANs are created via management –Must be maintained by a network admin –Static VLANs must be reconfigured for every network topology change

GVRP Simplifies All This! u GVRP creates dynamic VLANs –No manual configuration needed –GVRP is maintained by the devices themselves –Topology change? No problem, GVRP recreates the dynamic VLAN automatically

What can GVRP do for you? u Allows the creation of VLANs with a specific VID and a specific port, based on updates from GVRP-enabled devices. u Advertises manually configured VLANs to other GVRP-enabled device. As a result of this the GVRP-enable devices in the core of the network need no manual configuration in order to inter- operate.

GVRP Info u GVRP is a GARP application that registers attributes for dynamic VLANs u GVRP deals only with the management of dynamic VLANs u Everything that you have learned about static VLAN packet format and transmission applies

VLAN Data Frame Format Review u GVRP handles data in the same way as Static VLANs do. –Header, inserted after the destination and source addresses, that contains Protocol Identifier and VID

How GVRP does all this: u The method of advertisement used by GVRP-enabled devices consists of sending Protocol Data Units (PDUs), similar to Spanning Tree BPDUs, to a known multicast MAC address (01 80 C ) to which all GVRP-enabled devices listen to for updates. GVRP advertisement follows the definition of GARP.

What do these PDUs contain? u A single PDU may contain several different messages telling the GVRP-enabled device to perform a specific action. –Join: register the port for the specified VLAN –Leave: de-register the port for the specified VLAN »LeaveAll: de-register all VLAN registrations on that port –Empty: request to re-advertise dynamically and statically configured VLANs

u Industry Implementation Example –3Com manufactures Network Interface Cards that take advantage of GVRP –Accessed via the Control Panel (DynamicAccess ® ) –Extremely easy to configure Windows screenshot —> Vendors (current): Cisco Systems, 3Com and Hewlett Packard Several others are developing working implementations also.

Example: GARP/GVRP S SSEERED GREEN EE