Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Links: VLANs and Tunneling

Published byAidan Hodges Modified over 10 years ago

Similar presentations

Presentation on theme: "Virtual Links: VLANs and Tunneling"— Presentation transcript:

1 Virtual Links: VLANs and Tunneling
CS 4251: Computer Networking II Nick Feamster Spring 2008

2 Why VLANs? Layer 2: devices on one VLAN cannot communicate with users on another VLAN without the use of routers and network layer addresses Advantages Help control broadcasts (primarily MAC-layer broadcasts) Switch table entry scaling Improve network security Help logically group network users Key feature: Divorced from physical network topology

3 VLAN basics VLAN configuration issues:
A switch creates a broadcast domain VLANs help manage broadcast domains VLANs can be defined on port groups, users or protocols LAN switches and network management software provide a mechanism to create VLANs VLANs help control the size of broadcast domains and localize traffic. VLANs are associated with individual networks. Devices in different VLANs cannot directly communicate without the intervention of a Layer 3 routing device.

4 VLAN Trunking Protocol
VLAN trunking: many VLANs throughout an organization by adding special tags to frames to identify the VLAN to which they belong. This tagging allows many VLANs to be carried across a common backbone, or trunk. IEEE 802.1Q trunking protocol is the standard, widely implemented trunking protocol

5 Trunking: History An example of this in a communications network is a backbone link between an MDF and an IDF A backbone is composed of a number of trunks.

6 VLAN Trunking Conserve ports when creating a link between two devices implementing VLANs Trunking will bundle multiple virtual links over one physical link by allowing the traffic for several VLANs to travel over a single cable between the switches.

7 Trunking Operation Manages the transfer of frames from different VLANs on a single physical line Trunking protocols establish agreement for the distribution of frames to the associated ports at both ends of the trunk Two mechanisms frame filtering frame tagging

8 Frame Filtering

9 Frame Tagging A frame tagging mechanism assigns an identifier, VLAN ID, to the frames Easier management Faster delivery of frames

10 Frame Tagging Each frame sent on the link is tagged to identify which VLAN it belongs to. Different tagging schemes exist Two common schemes for Ethernet frames 802.1Q: IEEE standard Encapsulates packet in an additional 4-byte header ISL – Cisco proprietary Inter-Switch Link protocol Tagging occurs within the frame itself

11 VLANs and trunking VLAN frame tagging is an approach that has been specifically developed for switched communications. Frame tagging places a unique identifier in the header of each frame as it is forwarded throughout the network backbone. The identifier is understood and examined by each switch before any broadcasts or transmissions are made to other switches, routers, or end-station devices. When the frame exits the network backbone, the switch removes the identifier before the frame is transmitted to the target end station. Frame tagging functions at Layer 2 and requires little processing or administrative overhead.

12 Inter-VLAN Routing If a VLAN spans across multiple devices a trunk is used to interconnect the devices. A trunk carries traffic for multiple VLANs. For example, a trunk can connect a switch to another switch, a switch to the inter-VLAN router, or a switch to a server with a special NIC installed that supports trunking. Remember that when a host on one VLAN wants to communicate with a host on another, a router must be involved.

13 Inter-VLAN Issues and Solutions
Hosts on different VLANs must communicate Logical connectivity: a single connection, or trunk, from the switch to the router That trunk can support multiple VLANs This topology is called a router on a stick because there is a single connection to the router

14 Physical and logical interfaces
The primary advantage of using a trunk link is a reduction in the number of router and switch ports used. Not only can this save money, it can also reduce configuration complexity. Consequently, the trunk-connected router approach can scale to a much larger number of VLANs than a one-link-per-VLAN design.

15 Why Tunnel? Security Flexibility Bypassing local network engineers
E.g., VPNs Flexibility Topology Protocol Bypassing local network engineers Oppressive regimes: China, Pakistan, TS… Compatibility/Interoperability Dispersion/Logical grouping/Organization Reliability Fast Reroute, Resilient Overlay Networks (Akamai SureRoute) Stability (“path pinning”) E.g., for performance guarantees

16 MPLS Overview Main idea: Virtual circuit
Packets forwarded based only on circuit identifier Source 1 Destination Source 2 Router can forward traffic to the same destination on different interfaces/paths.

17 Circuit Abstraction: Label Swapping
D A 2 1 Tag Out New 3 A 2 D Label-switched paths (LSPs): Paths are “named” by the label at the path’s entry point At each hop, label determines: Outgoing interface New label to attach Label distribution protocol: responsible for disseminating signalling information

18 Layer 3 Virtual Private Networks
Private communications over a public network A set of sites that are allowed to communicate with each other Defined by a set of administrative policies determine both connectivity and QoS among sites established by VPN customers One way to implement: BGP/MPLS VPN mechanisms (RFC 2547)

19 Building Private Networks
Separate physical network Good security properties Expensive! Secure VPNs Encryption of entire network stack between endpoints Layer 2 Tunneling Protocol (L2TP) “PPP over IP” No encryption Layer 3 VPNs Privacy and interconnectivity (not confidentiality, integrity, etc.)

20 Layer 2 vs. Layer 3 VPNs Layer 2 VPNs can carry traffic for many different protocols, whereas Layer 3 is “IP only” More complicated to provision a Layer 2 VPN Layer 3 VPNs: potentially more flexibility, fewer configuration headaches

21 Layer 3 BGP/MPLS VPNs VPN A/Site 1 VPN A/Site 2 VPN A/Site 3 VPN B/Site 2 VPN B/Site 1 VPN B/Site 3 CEA1 CEB3 CEA3 CEB2 CEA2 CE1B1 CE2B1 PE1 PE2 PE3 P1 P2 P3 10.1/16 10.2/16 10.3/16 10.4/16 BGP to exchange routes MPLS to forward traffic Isolation: Multiple logical networks over a single, shared physical infrastructure Tunneling: Keeping routes out of the core

22 High-Level Overview of Operation
IP packets arrive at PE Destination IP address is looked up in forwarding table Datagram sent to customer’s network using tunneling (i.e., an MPLS label-switched path)

23 BGP/MPLS VPN key components
Forwarding in the core: MPLS Distributing routes between PEs: BGP Isolation: Keeping different VPNs from routing traffic over one another Constrained distribution of routing information Multiple “virtual” forwarding tables Unique addresses: VPN-IP4 Address extension

24 Virtual Routing and Forwarding
Separate tables per customer at each router Customer 1 /24 /24 RD: Green Customer 1 Customer 2 /24 Customer 2 /24 RD: Blue

25 Routing: Constraining Distribution
Performed by Service Provider using route filtering based on BGP Extended Community attribute BGP Community is attached by ingress PE route filtering based on BGP Community is performed by egress PE Site 2 BGP Static route, RIP, etc. RD: /24 Route target: Green Next-hop: A Site 1 A /24 Site 3

26 Forwarding PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops Two-Label Stack is used for packet forwarding Top label indicates Next-Hop (interior label) Second level label indicates outgoing interface or VRF (exterior label) Corresponds to LSP of BGP next-hop (PE) Corresponds to VRF/interface at exit Layer 2 Header Label 1 Label 2 IP Datagram

27 Forwarding in BGP/MPLS VPNs
Step 1: Packet arrives at incoming interface Site VRF determines BGP next-hop and Label #2 Label 2 IP Datagram Step 2: BGP next-hop lookup, add corresponding LSP (also at site VRF) Label 1 Label 2 IP Datagram

Download ppt "Virtual Links: VLANs and Tunneling"

Similar presentations

Virtual Trunk Protocol

Virtual Trunk Protocol
APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing the MPLS VPN Routing Model.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing MPLS VPN Architecture.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing MPLS VPN Architecture.
LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer
CS 672 1 Summer 2003 Lecture 14. CS 672 2 Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.

VLANs (Virtual LANs) CS 158B Elaine Lim Allison Nham.
VLANs Semester 3, Chapter 3 Allan Johnson Website:

VLANs Semester 3, Chapter 3 Allan Johnson Website:
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt.

Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,

MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap 16-20 Due April 6 Individual Project Presentations.

COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.

Similar presentations

Ads by Google