Shulou(Shulou.com)06/01 Report--

Catalogue

Local area network LAN

Virtual local area network

Principle of VLAN implementation

I. local area network LAN

The figure above shows the most basic LAN layout. If you want to communicate between two devices, you must first know the names of both parties, where MAC is their respective names. If Bob sends a message to Sally, but at first Bob does not know what the MAC of Sally is, so you need to obtain the MAC address of Sally first. There is an ARP protocol in the middle to solve this problem. (Bob first broadcasts and sends a query message asking where the Sally is. All devices connected to the Hub will accept the query message. Sally accepts the query message and sends its own MAC to Bob, and other devices will discard the query message.) At this point, the preparation conditions for communication between devices have been established.

A group of devices connected by Hub belong to the same collision domain and broadcast domain, where the collision domain is the broadcast domain. It is simply understood that in this layout, only one device can send a signal at a time and other devices can accept the signal.

The hub is the physical layer (layer 1) equipment in the relay system, and its main function is to receive, recover, amplify and send the signal. When twisted pair and optical fiber transmit the signal, with the increase of the distance, the signal will weaken and cause distortion. With the help of the hub, the signal can travel a longer distance; at the same time, there are many interfaces on Hub, which can expand the number of terminals and expand the scale of LAN.

However, all devices on the same Hub share bandwidth, if there are too many devices, it will cause link congestion and serious broadcast storms.

The defect of the above layout is to divide a large area into many small areas, which can reduce the scope of the conflict domain and reduce data congestion, and the equipment used in the middle is the switch. For example, in the figure above, the main hub is replaced by a switch, and a port of the switch corresponds to a separate collision domain, so that a large broadcast domain is divided into several small collision domains, and the hub in the figure is just a collision domain that extends the switch port. Note, however, that the entire network is still a broadcast domain.

The layout above is still not good enough to isolate the broadcast domain. Let's imagine that if there is only one broadcast domain, when there are more and more hosts, all devices have to process a broadcast. That would be a lot of overhead. For this reason, we introduce routers to divide the broadcast domain. Note that routers can divide collision domains and broadcast domains.

When the router receives the broadcast, it will be automatically discarded and will not be forwarded to other ports of the router, thus realizing the division of the broadcast domain. And the router also needs a serial interface 0 to connect to the WAN.

As shown in the LAN layout in the figure, there are 6 collision domains (except the serial interface one) and 3 broadcast domains.

II. Virtual local area network

What is VLAN (virtual local area network), we find that everything with V is linked to virtual, since it is virtual, that is, there is no physical entity, so when we understand, we should have a certain logical thinking. VLAN technology is to logically divide a physical LAN into multiple broadcast domains, each of which is a VLAN.

Why use VLAN? we know that the LAN made up of switches can isolate collision domains so that all hosts in the same LAN can send messages at the same time, which is indeed a great improvement over hubs, but when a device sends a broadcast, as the number of hosts in the LAN increases, the number of switches replicating the broadcast increases (because it has to be forwarded to devices every day). Well, if each device sends a broadcast, it is conceivable that the switch will be overwhelmed. So I thought of dividing the broadcast domain.

By default, broadcasts are sent to all hosts under the LAN as shown above, but after dividing the VLAN, the broadcasts will only be sent to all hosts in the same VLAN, not to other hosts in the VLAN.

As shown in the figure above, although these hosts are on the same switch, by doing some special processing to the switch (explained later), a broadcast domain is originally divided into three broadcast domains. Physically, these hosts are on one switch, but logically they have been divided into three switches, so there will be three Lans (only virtual) and three broadcast domains. This is why it is called virtual local area network.

Here is a special point, VLAN1 this virtual LAN number, generally works in the management group, so the ordinary VLAN is numbered from 2, by default, all virtual Lans belong to VALN1, because it is the administrator group.

If you want to add a PC to the VLAN3 in the future, you only need to connect its PC to the VLAN3 interface of the physical switch, instead of like the ordinary LAN (the newly added PC will run to the designated local area network), thus realizing the restriction of adding users anywhere without worrying about their physical location.

In order to facilitate management, and a VLAN is a broadcast domain, a separate subnet number is usually assigned to a VLAN. Now we think of a question: can hosts in the same VLAN communicate with each other, but can hosts with different VLAN communicate with each other? the answer is no. In order to solve this problem, layer 3 devices of OSI such as layer 3 switches (or routers) are introduced to achieve cross-segment communication.

Third, the realization principle of VLAN

Static VLAN

When the VLAN administrator initially configured the correspondence between switch Port and VLAN ID, the correspondence was fixed, that is, the Port can only correspond to this VLAN ID, and cannot be changed later unless the administrator reconfigures it.

When a device is connected to this Port, how to determine that the VLAN ID of the host corresponds to the Port. Here, according to the IP configuration, we know that each VLAN has a subnet number and which Port it corresponds to. If the IP address required by the device does not match the subnet number of the VLAN corresponding to the Port, the connection fails and the device will not be able to communicate normally. So in addition to connecting to the correct Port, the device must also be assigned an IP address that belongs to the VLAN network segment in order to join the VLAN.

Dynamic VLAN

The switch automatically configures Port as the VLAN to which the host belongs. There are three categories: MAC-based, IP-based, and user-based

MAC-based VLAN (e.g. layer 2 switch)

Add the hardware addresses of all hosts to the management database of VALN. For example, when a host is casually connected to the Port of a dynamic VLAN of the switch, the management database will query the host to join VLAN 2 according to the host's MAC address, and then automatically set the Port to VLAN 2. The disadvantage is that when the host has replaced the network card, the management database needs to be reset.

IP-based VLAN (e.g. layer 3 switch)

Unlike based on MAC, this method records the mapping between subnet ID and VLAN ID, and no matter how the host's network card changes, as long as his IP remains unchanged, the switch can automatically set the corresponding VLAN ID according to the host's subnet ID.

User-based VLAN

VLAN is determined according to the login user of the operating system.

Access interface and Trunk interface

In the switch, there are two types of interfaces: access port (Access) and trunk port (Trunk). The Access interface can only be used to connect to the user host and can only belong to one VLAN, so the interface only transmits data from this VLAN.

What I have described above is based on the division of VLAN on one switch. When we want to span two or more switches, it is no longer possible to implement the Access interface. We need to join the Trunk interface to connect the switch.

As shown in the following figure, when VLAN 1 A sends data to B across different switches, it must go through the Trunk interface of the switch, add the VLAN 1-specific tag field in the data frame header, and then send it to another switch over the Trunk link. After the Trunk interface of the other switch recognizes the tag, it removes the tag and forwards it to B.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.