Sunteți pe pagina 1din 72

Bridging Protocols Overview

Bridge Functions Consortium

Bridging Protocols

Filtering Database (802.1Q/802.1D) Spanning Tree Protocol (802.1D clauses 8 & 9) VLANs (802.1Q) GARP/GVRP (802.1D clause 12/802.1Q clause 11) GARP/GMRP (802.1D clause 10 & 12) Link Aggregation
(802.3ad)

Bridging History

Back in the days before Ethernet was the clear winning technology on the LAN, Token Ring and FDDI were popular This meant two different methods of bridging
1)

Source Route Bridging


a.

Used by Token Ring and FDDI


Used by Ethernet

2)

Transparent Bridging
a.

Source Route Bridging

Source Route Bridging allows load balancing to avoid congestion. This is done by routing packets over two or more routes to a destination.
Destination LAN Server

Source LAN
Switch 1

Switch 2

Switch 3

Transparent Bridging

The transparent bridging method follows the plug and play philosophy. Each bridge contains one (or more) Filtering Databases that learn and remember MAC addresses on its networks. Forwarding decisions are then made with consultation of the Filtering Database. If a destination MAC address has been learned, the packet is then forwarded out of that port. These addresses then will be cleared from the Filtering Database if they are not active for a specific amount of time. This range is defined by Aging Time, which can be set in the management.

Filtering Database

One database contains MAC addresses, which port theyre on, and if theyre active or disabled Duplicate MAC addresses not allowed (the second one
would replace the first)

Entry 1 2 3 4 5 6 7 8 9 10 11 12

MAC Addr 0800900A2580 002034987AB1 00000C987C00 00503222A001

Port 1 1 2 2

active yes yes yes yes

Learning of Addresses

The Filtering Database learns a stations location from the source address on an incoming frame

Frame with source address 00 22 22 33 33the destination Frames with 44 is received on Port22 33 33 44 are address 00 22 1. Destination address on port 1 only forwarded not yet learned. This is forwarded is Packetsource addressout all ports. learned by the filtering database. All future frames Frame with destination address destined for this MAC address 00 22 22 33 33 44 is received will be forwarded ONLY out of on Port 4. this Port.

Port 1

Switch
Port 4

Multicast Frames

Multicast Frames originate from one source and have the possibility of going to more than one destination. An example of this is the Spanning Tree BPDU.
Switch 2 Switch 3 Switch 4

Shared LAN

Switch 1

The Permanent Database

Upon Bridge Initialization, a reserved block of Multicast Addresses is transferred to the Filtering Database
Assignment Bridge Group Address (Span. Tree) IEEE Std. 802.3, Full Duplex Pause Operation Slow Protocols Multicast Address Reserved for future standardization 01 01 01 01 01 Value 80 C2 00 00 80 C2 00 00 80 C2 00 00 80 C2 00 00 To 80 C2 00 00 00 01 02 03 0F

Currently only 3 of these multicast addresses are standardized. The rest are reserved for future use. Frames containing these addresses in the source are never learned or forwarded.

Basic/Extended Filtering Services

Bridges that support Basic Filtering Services can dynamically learn all MAC addresses except those from the Permanent Database These addresses can also be statically configured so that they do not age out Switches filtering frames from the Permanent Database are said to support Basic Filtering Services Extended Filtering Services are implemented by devices that support advanced features like GARP

Aging Time

Aging time is defined as a range of 10 to one million seconds One million seconds = 11 days 13 hrs 46 min and 40 sec The default time is 300 seconds The Filtering Database starts aging time when an address is learned and resets it whenever another frame arrives on that port Why is aging time important?

When aging time expires, the address and port are discarded from the Filtering Database.

Filtering Database Review

Every bridge has a table called a Filtering Database Entries in this table are updated upon receipt of frames, the source addresses and the ports they arrive on are learned Once a MAC address is associated with a port, frames containing that destination address are only forwarded out of that port

Filtering Database Review

(cont.)

In real switches these tables vary in size, most have the capability of holding several thousand MAC addresses. Ive seen one that has the capacity to learn more than 150,000 addresses (3Com9100).

Spanning Tree Protocol (STP)

An algorithm,, used to prevent logic loops in a bridged network by creating a spanning tree When multiple paths exist,, STA lets a bridge use only the most efficient one. If that path fails, STA automatically reconfigures the network to make another path become active, sustaining network operations
Definition of Spanning Tree Algorithm from Newtons Telecom Dictionary.

The Spanning Tree Poem


I think that I shall never see A graph more lovely than a tree. A tree whose crucial property Is loop-free connectivity. A tree that must be sure to span So packets can reach every LAN. First, the root must be selected. By ID, it is elected. Least-cost paths from root are traced. In the tree, these paths are placed. A mesh is made by folks like me, Then bridges find a spanning tree.

-Radia Perlman

What is a Spanning Tree?

Only one active path exists between any two devices. Resembles a family tree. (problems arise in both
when loops occur)

Why Spanning Tree?

The purpose of Spanning Tree is to have bridges dynamically discover a subset of the topology that is loop-free and yet has just enough connectivity so that there is a path between every pair of nodes in the LAN.

How does Spanning Tree work?

The basic idea behind the Spanning Tree Protocol is that bridges transmit special messages to each other that allow them to calculate a spanning tree Configuration Bridge Protocol Data Units (BPDUs) Sometimes referred to a Config. BPDUs

STP Example
Root

Port States

Bridge ports operate the Spanning Tree Algorithm using the following states:

Blocking incoming frames are discarded Listening incoming frames are discarded, but the port is in the process of transitioning to Learning Learning incoming frames are discarded, but their source addresses and ports are placed in the Filtering Database Forwarding incoming frames are forwarded, source addresses are learned Disabled the port is disabled by management

Configuration BPDUs

The Configuration BPDU contains enough info so that bridges can do the following:
1) 2) 3)

4) 5)

Elect a single bridge to be Root Bridge Calculate the distance of the shortest path from themselves to the Root Bridge Elect a Designated Bridge for each LAN segment, which is the bridge in the LAN segment closest to the Root Bridge, to forward packets from that LAN segment toward the Root Bridge. Choose the port, called the root port, that gives the best path from themselves to the Root Bridge. Select ports to be included in the spanning tree. These include only root ports and designated ports.

Inside Config BPDUs

Destination MAC Address: 01 80 C2 00 00 00 Special Multicast address for Spanning Tree Root ID ID of the bridge assumed to be root Bridge ID ID of the bridge transmitting BPDU Cost Cost of least-cost path to the root from the transmitting bridge (at least the best path of which the transmitting bridge is currently aware of)

Inside Config BPDUs


Protocol ID = 0x0000 Protocol Version ID and BPDU Type = 0x00 If transmitting bridge is Root, Message Age = Zero, otherwise it is set to the value of the Root Ports Message Age timer plus an increment of one*

Path Cost

Path costs are designed to be associated with the speed of the link
Link Speed 4 Mb/s 10 Mb/s 16 Mb/s 100 Mb/s 1 Gb/s Recommended value 250 100 62 19 4 Recommended range 1001000 50600 40400 1060 310 Range 165 535 165 535 165 535 165 535 165 535

10 Gb/s

15

165 535

Bridge Initialization

Root ID set to Bridge ID Root Path Cost set to zero All ports on bridge become designated ports Configuration BPDU transmitted on each designated port Hello Timer is started

How this all works together

A bridge continuously receives Configuration BPDUs on each of its ports and saves the best configuration message from each port. The bridge determines the best configuration message by comparing not only the Configuration BPDUs received on a particular port, but also the configuration message that the bridge would transmit on that port.

How is best determined?

Given two Configuration BPDUsC1 and C2 C1 is the best if:

the root ID in C1 is numerically lower then the root ID in C2 If the root IDs are equal, then if the cost in C1 is numerically lower than the cost in C2 If the root IDs and cost are equal, then if the Bridge ID in C1 is numerically lower than the Bridge ID in C2

The final tiebreaker is the port ID. Each port on a switch has a port ID. Useful if two ports from the same switch are on one LAN segment.

Transmitting BPDUs

If Hold Timer is active the Configuration BPDU will be transmitted upon expiration. Ensures no more than one Configuration BPDU is transmitted per Hold Time period Transmit only if Message Age < Max Age After transmission Hold Timer is reset

BPDU Processing

Received Configuration BPDU is checked against stored BPDU If the received BPDU is better or the same but with a smaller age, then stored BPDU is overwritten Bridge then recalculates root, root path cost, and root port

Message Age

Each Configuration BPDU contains a message age field Incremented after every unit of time If message age = max age then the BDPU is discarded

Root or Path to Root Fails


Bridge will no longer receive fresh BPDUs Gradually increases message age on currently stored Configuration BPDU When max age occurs bridge will recalculate root, root path cost, and root port

Hello Time/Root BPDU Propagation

The Root Bridge periodically transmits Configuration BPDUs every hello time When the Root Bridge generates a Configuration BPDU the message age field is set to 0 Upon receipt, Bridge will transmit Configuration BPDU on each port for which it is the Designated Bridge, and increment the message age by at least one*

Designated Bridge

Topology Change?

Stopping Loops during Topology Change


Use two substates: Listening and Learning Data received while in these states is not forwarded Received Configuration BPDUs are stored Root, root path cost, and root port are calculated

Topology Change Procedure


1)

2)

Bridge notices that the Spanning Tree algorithm has caused it to transition a port into or out of the blocking state Bridge periodically transmits a Topology Change Notification BPDU with same period as hello time. It continues this until the Root bridge acknowledges by setting the topology change bit in its Configuration BPDUs.

Topology Change Procedure


3)

(cont.)

A bridge that receives a Topology Change Notification BPDU on a port for which it is the Designated Bridge does two things:
1)

2)

Performs step 2 from previous slide (notifies the root bridge of topology change) Sets the topology change acknowledgement flag in the next Configuration BPDU it transmits on the LAN from which the Topology Change Notification BPDU was received

Topology Change Procedure


4)

(cont.)

Root Bridge sets the topology change flag in its Configuration BPDUs for a period equal to the sum of forward delay and max age, if the Root Bridge
a.

b.

Notices a topology change because one of its ports has changed state, or Receives a topology change notification message

Topology Change Procedure


5)

(cont.)

A bridge that is receiving Configuration BPDUs with the topology change flag set (or the Root Bridge that is setting the topology change flag in its Configuration BPDUs) uses the forward delay timer until it starts receiving Configuration BPDUs without the topology change flag set

Networkwide Parameters

For correct operation some parameters need to be uniform throughout the Spanning Tree. The Root Bridge includes the following values in its Configuration BPDUs:
1)

Max age: time after which Configuration BPDUs


are discarded Hello time: interval, used by the Root Bridge, between issuing Configuration BPDUs Forward Delay: amount of time in learning and listening states (half the time of transition from blocking to forwarding)

2)

3)

Management Parameters

Bridge priority: a 2-octet value that allows the network admin. to influence the choice of the Root Bridge and the Designated Bridge Port Priority: a 1-octet value that allows the network admin. to influence the choice of port when a bridge has two ports connected to the same LAN segment

Why eliminate Loops?

Loops cause traffic to build up in a network until the network no longer function due to full bandwidth usage

LAN Connection
A Incoming broadcast frame B

Performance Issues

Two properties make bridge performance crucial:


1)

2)

Lack of receipt of BPDUs causes bridges to add connectivity. If a bridge does not receive any Configuration BPDUs on some port it will take over as the Designated Bridge on that port. Extra connectivity will cause loops

What affects Bridge Performance?


Network Congestion Bridge will discard packets before looking at them if CPU cant keep up Bridge must be able to transmit BPDUs no matter how congested the network is

This involves being able to move BPDUs to the front of the queue

VLANs (Virtual Local Area Network)

A means by which LAN users on different physical LAN segments are afforded priority access privileges across the LAN backbone in order that they appear to be on the same physical segment on an enterprise-level logical LAN. VLAN solutions, which are priority in nature, are implemented in LAN switches, and VLAN membership is defined by the LAN administrator on the basis of either port address or MAC address.
Definition of VLAN from Newtons Telecom Dictionary.

How VLANs work:


1)

2)

LAN Bridge receives tagged data from workstation Bridge reads current tag, and forwards data with a VLAN ID (tag) corresponding to the VLAN the data came from (explicit tagging)

OR

1) 2)

LAN Bridge receives untagged data from workstation Bridge determines the VLAN membership of data by noting the port on which it arrives (implicit tagging)

Basic VLAN Concepts

Port-based VLANs

Each port on a switch is in one and only one VLAN (except trunk links)

Tagged Frames

VLAN ID and Priority info is inserted (4 bytes)


Allow for multiple VLANs to cross one link The edge of the network, where legacy devices attach Combo of Trunk and Access Links

Trunk Links

Access Links

Hybrid Links

Basic VLAN Concepts

(cont.)

Priority-tagged frame

tag header carries priority info., but no VLAN ID tag header carries both VLAN ID and priority info.

VLAN-tagged frame

Port VLAN ID (PVID)

provides the VID for untagged and prioritytagged frames received on that Port

Trunk Link

Attaches two VLAN-aware switches Carries Tagged frames ONLY.

Access Links

Access Links are Untagged for VLAN unaware devices The VLAN switch adds Tags to received frames, and removes Tags when transmitting frames.

VLAN ID (Tag)

4 Bytes inserted after Destination and Source Address Length/Type Field

Priority Bit

Range: 0-7 Range: 0-4094

VLAN ID

VLANs = 0x8100

Tagging Conversions

Port VLAN ID

Each port has a VLAN ID configured on it Indicates which VLAN untagged data should be associated with Does not constrain the port to a specific VLAN, nor does it mean that only untagged data can be processed

Sample VLANs

Traffic Segregation

Workgroups: Physically Defined

A mobile user from workgroup C, in building 2, needs to do work in building 1. By physically changing buildings he must change the workgroup section of the LAN which he/she is in.

VLANs: Logically Defined

With VLANs he/she can physically change buildings, but remain in the same workgroup.

Broadcast Domains (Layer 2)

broadcast domain: a network (or portion of a


network) that will receive a broadcast packet from any node located within that network broadcast packet: an Ethernet packet sent to the broadcast address (FF:FF:FF:FF:FF:FF) which designates the packet as destined for all nodes in the broadcast domain

Constricting Broadcast Domains

What defines the edge of a layer 2 broadcast domain?

Router: does not forward layer 2 broadcast frames Filtering Database: by configuring the broadcast address to be not forwarded VLANs: broadcast packets are tagged so they do not leave the configured topology of the VLAN

Security

Data is contained in the VLANs topology By allotting sensitive data its own VLAN, only those nodes in the VLAN will see it.

GARP/GVRP

Generic Attribute Registration Protocol GARP VLAN Registration Protocol

How does GARP work?

Devices declare their desire for a given attribute by making a declaration Done by issuing a Join event Declarations can be withdrawn by issuing a Leave event Devices enter a registration for an attribute on a given port when they hear a declaration for the attribute on that port

GARP

General-purpose protocol that supports a specific class of applications within bridges Defines a subset of the spanning tree that contains devices interested in a given network commodity Referred to as an attribute

GVRP

GARP VLAN Registration Protocol

Disadvantages to Static VLANs


Static VLANs are created via management Must be maintained by a network admin Static VLANs must be reconfigured for every network topology change

GVRP Simplifies All This!

GVRP creates dynamic VLANs


No manual configuration needed GVRP is maintained by the devices themselves Topology change? No problem, GVRP recreates the dynamic VLAN automatically

What can GVRP do for you?

Allows the creation of VLANs with a specific VID and a specific port, based on updates from GVRP-enabled devices. Advertises manually configured VLANs to other GVRP-enabled device. As a result of this the GVRP-enable devices in the core of the network need no manual configuration in order to inter-operate.

GVRP Info

GVRP is a GARP application that registers attributes for dynamic VLANs GVRP deals only with the management of dynamic VLANs Everything that you have learned about static VLAN packet format and transmission applies

How GVRP does all this:

The method of advertisement used by GVRP-enabled devices consists of sending Protocol Data Units (PDUs), similar to Spanning Tree BPDUs, to a known multicast MAC address (01 80 C2 00 00 21) to which all GVRP-enabled devices listen to for updates. GVRP advertisement follows the definition of GARP.

What do these PDUs contain?

A single PDU may contain several different messages telling the GVRP-enabled device to perform a specific action.

Join: register the port for the specified VLAN Leave: de-register the port for the specified VLAN

LeaveAll: de-register all VLAN registrations on that port

Empty: request to re-advertise dynamically and statically configured VLANs

Windows screenshot >

Vendors (current): Cisco Systems, 3Com and Hewlett Packard


Several others are developing working implementations also.

Industry Implementation Example

3Com manufactures Network Interface Cards that take advantage of GVRP Accessed via the Control Panel (DynamicAccess ) Extremely easy to configure

Example: GARP/GVRP
S E S S

RED

GOLD

THE END
Any Questions?