Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4-1 Ethernet Switching and Virtual LANs
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
4-1
Ethernet Switching and Virtual LANs
© 2008 Juniper Networks, Inc. All rights reserved. 2
Overview of Ethernet
Ethernet defined:•Family of LAN specifications, standardized in IEEE
802.3 Examples include:• 10Base-T (802.3i)—10 Mbps• 100Base-TX (802.3u)—100 Mbps• 1000Base-T (802.3ab)—1000 Mbps
•Uses data link layer technology to create LANs• Shared medium—a single broadcast and collision
domain• Uniquely identifies all nodes on the LAN with 48-bit MAC
address•Uses CSMA/CD to avoid and manage frame
collisions
© 2008 Juniper Networks, Inc. All rights reserved. 3
Ethernet LANs (1 of 2)
Characteristics:•Shared medium•Single collision domain•Nodes can transmit
simultaneously
Problems:1. Traffic is seen by everyone 2. Collisions can occur3. Unwanted resource consumption
Sharedmedium
Collisiondomain
Nodes can transmit
simultaneously
© 2008 Juniper Networks, Inc. All rights reserved. 4
Ethernet LANs (2 of 2)
As the network grows, the likelihood of collisions increases•As collisions increase, overall LAN efficiency
decreases
© 2008 Juniper Networks, Inc. All rights reserved. 5
Overview of Bridging
Bridging: •Is defined in the IEEE 802.1D-2004 standard•Segments a single collision domain•Isolates the physical layer•Learns and maintains a forwarding table (bridge
table)•Performs intelligent forwarding decisions based on
the bridge table
© 2008 Juniper Networks, Inc. All rights reserved. 6
Bridging: How Does it Work?
Transparent bridging builds and maintains bridge tables using the following mechanisms:•Learning:
• Learns MAC address and associated port•Forwarding:
• Forwards packets out proper egress interface towards destination
•Flooding: • Replicates packets out other ports for unknown destination
MAC addresses; also used when passing multicast and broadcast traffic
•Filtering: • Limits traffic to its associated network segment
•Aging: • Ensures bridge table entries are current
© 2008 Juniper Networks, Inc. All rights reserved. 7
MAC Address Learning
MAC Address Table
0140.5501.1111
0140.5501.2222
ge-0/0/0
ge-0/0/0: 0140.5501.1111ge-0/0/0: 0140.5501.2222ge-0/0/1: 0140.5501.3333ge-0/0/1: 0140.5501.4444
Pre TypeDA SA FCSData
B2
ge-0/0/1
A1
A2
B1
0140.5501.3333
0140.5501.4444 = Hub
Source MAC addresses are learned for all incoming Ethernet frames
Each MAC address is associated with the frame’s incoming interface
© 2008 Juniper Networks, Inc. All rights reserved. 8
Forwarding: Known Unicast Frames (1 of 2)
MAC Address Table
ge-0/0/0: 0140.5501.1111
ge-0/0/0: 0140.5501.2222
ge-0/0/1: 0140.5501.3333
ge-0/0/1: 0140.5501.4444
0140.5501.1111
0140.5501.2222
ge-0/0/0
B2
ge-0/0/1
A1
A2
B1
0140.5501.3333
0140.5501.4444 = Hub
A1 sends a frame to
B2
Switch checks forwarding
table
Switch forwards frame from A1 to
B2
A2 receives and
discards the frame from A1
© 2008 Juniper Networks, Inc. All rights reserved. 9
Forwarding: Known Unicast Frames (2 of 2)
MAC Address Table
ge-0/0/0: 0140.5501.1111
ge-0/0/0: 0140.5501.2222
ge-0/0/1: 0140.5501.3333
ge-0/0/1: 0140.5501.4444
0140.5501.1111
0140.5501.2222
ge-0/0/0
B2
ge-0/0/1
A1
A2
B1
0140.5501.3333
0140.5501.4444 = Hub
A1 sends a frame to
A2
Switch checks forwarding
table
Switch filters frame from A1 to
A2
A2 processes the frame from
A1
© 2008 Juniper Networks, Inc. All rights reserved. 10
Flooding: Broadcast, Multicast, or Unknown Unicast Frames
0140.5501.1111
MAC Address Table
0140.5501.2222
ge-0/0/0
ge-0/0/0: 0140.5501.1111
ge-0/0/0: 0140.5501.2222
ge-0/0/1: 0140.5501.3333
ge-0/0/1: 0140.5501.4444
B2
ge-0/0/1
A1
A2
B1
0140.5501.3333
0140.5501.4444 = Hub
Switch floods frame out all ports associated with the LAN
(except the port on which it was received)
A1 sends broadcast frame
on to LAN (DA:
FFFF.FFFF.FFFF)
© 2008 Juniper Networks, Inc. All rights reserved. 11
Viewing the MAC Address Table
Use the show ethernet-switching table command to view MAC address table entries
user@switch> show ethernet-switching table Ethernet-switching table: 6 entries, 3 learned VLAN MAC address Type Age Interfaces blue * Flood - All-members blue 00:19:e2:50:7c:0b Learn 48 ge-0/0/10.0 orange * Flood - All-members orange 00:19:e2:50:3f:ee Learn 42 ge-0/0/13.0 purple * Flood - All-members purple 00:19:e2:50:77:b1 Learn 38 ge-0/0/16.0
Entries are organized based on associated
VLAN
Each VLAN maintains an entry used for
flooding
© 2008 Juniper Networks, Inc. All rights reserved. 12
Clearing the MAC Address Table
Use the clear ethernet-switching table command to clear MAC address table contentsuser@switch> clear ethernet-switching table ?
Possible completions: <[Enter]> Execute this command interface Clear MAC table for specified interface | Pipe through a command
Clear all entries in table or only the entries for a
specific interface
© 2008 Juniper Networks, Inc. All rights reserved. 13
Overview of VLANs
VLANs:•Segment a single broadcast domain into multiple
broadcast domains•Allow for grouping users based on business needs,
regardless of physical location
VLAN Orange
VLAN Orange
VLA
N O
ran
ge VLAN Blue
VLAN Blue
VLA
N B
lue
© 2008 Juniper Networks, Inc. All rights reserved. 14
Default and Management VLANs
All network ports belong to the default VLAN in the factory-default configuration
The mgmt VLAN allows redundant management connections to the vme interface (EX 4200 switches only)
user@switch> show vlans default Name Tag Interfacesdefault ge-0/0/0.0*, ge-0/0/1.0*, ge-0/0/2.0, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0*, ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0*, ge-0/0/11.0*, ge-0/0/12.0*, ge-0/0/13.0*, ge-0/0/14.0*, ge-0/0/15.0*, ge-0/0/16.0*, ge-0/0/17.0*, ge-0/0/18.0*, ge-0/0/19.0, ge-0/1/0.0, ge-0/1/1.0, ge-0/1/2.0, ge-0/1/3.0
user@switch> show vlans mgmt Name Tag Interfacesmgmt me0.0*
© 2008 Juniper Networks, Inc. All rights reserved. 15
Switch Port Modes
Switch ports operate in either access or trunk mode•Access mode:
• Connects to network devices (desktop, IP phones, printers, and so forth)
• Typically transmit untagged Ethernet frames for a single VLAN; the exception is when the voice VLAN feature is being used
• Default mode for all ports•Trunk mode:
• Connects to other switches or a router• Typically transmits tagged Ethernet frames for multiple
VLANs; the exception is when the native VLAN option is configured or control traffic is sent
• Must be explicitly configured
© 2008 Juniper Networks, Inc. All rights reserved. 16
802.1Q—Ethernet Frame
4-byte tag inserted into Ethernet frame (max 1522 bytes)•Tag Protocol Identifier (TPID): 16 bits, default
0x8100•Priority: 3 bits, 802.1p•Canonical Format Indicator (CFI): 1 bit, default 0•Unique VLAN identifier (VID): 12 bits
TPIDTPIDPriorityPriority CFICFI VIDVID
DestinationMAC Data FCSSource
MACType/
LengthTAG
© 2008 Juniper Networks, Inc. All rights reserved. 17
802.1Q—Trunk Links
A trunk is a single Ethernet link that can carry traffic for multiple VLANs
VLAN Orange
VLAN Orange
VLA
N O
ran
ge
VLAN Blue
VLAN Blue
VLA
N B
lue
VLAN Orange
VLAN Orange
VLA
N O
ran
ge
VLAN Blue
VLAN Blue
VLA
N B
lue
© 2008 Juniper Networks, Inc. All rights reserved. 18
[edit]user@switch# show interfaces …ge-0/0/13 { unit 0 { family ethernet-switching { port-mode access; vlan { members orange; } } }}…[edit]user@switch# show vlans …orange { vlan-id 101;}
VLAN Configuration Example
VLAN Blue
VLAN Purple
VLAN Orange
VLAN Defined
VLAN Referenced
Port-Based Assignment
© 2008 Juniper Networks, Inc. All rights reserved. 19
user@switch> show vlans Name Tag Interfacesblue 100 ge-0/0/10.0*default ge-0/0/0.0, ge-0/0/5.0*orange 101 ge-0/0/13.0*purple 102 ge-0/0/16.0*mgmt me0.0*
user@switch> show vlans orange detail VLAN: orange, 802.1Q Tag: 101, Admin state: EnabledNumber of interfaces: 1 (Active = 1) Untagged interfaces: ge-0/0/13.0*
Monitoring VLAN Assignments
© 2008 Juniper Networks, Inc. All rights reserved. 20
802.1Q Trunk Configuration Example
[edit]user@switch# show interfaces ...ge-0/0/18 { unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ orange blue ]; } } }}
[edit]user@switch# show vlans blue { vlan-id 100;}orange { vlan-id 101;}
Single physical link carries traffic for multiple VLANs
© 2008 Juniper Networks, Inc. All rights reserved. 21
Interface belongs to
both VLANs
Monitoring 802.1Q Trunks
user@switch> show vlans orange detail VLAN: orange, 802.1Q Tag: 101, Admin state: EnabledNumber of interfaces: 2 (Active = 2) Untagged interfaces: ge-0/0/13.0* Tagged interfaces: ge-0/0/18.0*
user@switch> show ethernet-switching interfaces Interface State VLAN members Blocking ge-0/0/10.0 up blue unblockedge-0/0/13.0 up orange unblockedge-0/0/18.0 up blue unblocked orange unblockedme0.0 up mgmt unblocked
Interface is 802.1Q trunk for
both VLANs
© 2008 Juniper Networks, Inc. All rights reserved. 22
Routed VLAN Interface
Logical Layer 3 VLAN interface used for inter-VLAN routing
VLAN Blue
VLAN Purple
VLAN Orange
© 2008 Juniper Networks, Inc. All rights reserved. 23
RVI Configuration Example
[edit]user@switch# show interfaces ge-0/0/13 { unit 0 { family ethernet-switching { port-mode access; vlan { members orange; } } }}…vlan { unit 101 { family inet { address 10.1.2.1/24; } }}…
[edit]user@switch# show vlans blue { vlan-id 100; l3-interface vlan.100;}orange { vlan-id 101; l3-interface vlan.101;}purple { vlan-id 102; l3-interface vlan.102;}
This example facilitates routing through all interfaces associated with the blue, orange, and purple VLANs
© 2008 Juniper Networks, Inc. All rights reserved. 24
user@switch> show interfaces terse vlan Interface Admin Link Proto Local Remotevlan up up vlan.100 up up inet 10.1.1.1/24 vlan.101 up up inet 10.1.2.1/24 vlan.102 up up inet 10.1.3.1/24
user@switch> show vlans orange extensive VLAN: orange, Created at: Thu Apr 17 22:31:43 2008802.1Q Tag: 101, Internal index: 17, Admin state: Enabled, Origin: StaticProtocol: Port-based, Layer 3 interface: vlan.101 (UP)IP addresses: 10.1.2.1/24Number of interfaces: Tagged 1 (Active = 1), Untagged 1 (Active = 1) ge-0/0/18.0*, tagged, trunk ge-0/0/13.0*, untagged, access
Monitoring an RVI
RVI state and IP address details
At least one port must be active for RVI state to
be up