7/29/2019 UNH-IOL BFC Knowledgebase Bridging
1/72
Bridging Protocols Overview
Bridge Functions Consortium
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
2/72
Bridging Protocols
Filtering Database (802.1Q/802.1D)
Spanning Tree Protocol (802.1D clauses 8 & 9)VLANs (802.1Q)
GARP/GVRP (802.1D clause 12/802.1Q clause 11)
GARP/GMRP (802.1D clause 10 & 12)
Link Aggregation (802.3ad)
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
3/72
Bridging History Back in the days before Ethernet was the
clear winning technology on the LAN,
Token Ring and FDDI were popular
This meant two different methods ofbridging
1) Source Route Bridginga. Used by Token Ring and FDDI
2) Transparent Bridging
a. Used by Ethernet
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
4/72
Source Route Bridging Source Route Bridging allows load balancing to
avoid congestion. This is done by routing packets
over two or more routes to a destination.
Switch 3
Switch 1
Switch 2Source LAN
Server
Destination
LAN
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
5/72
Transparent Bridging The transparent bridging method follows the plug and
play philosophy.
Each bridge contains one (or more) Filtering Databasesthat learn and remember MAC addresses on its networks.
Forwarding decisions are then made with consultation ofthe Filtering Database. If a destination MAC address hasbeen learned, the packet is then forwarded out of that
port. These addresses then will be cleared from the Filtering
Database if they are not active for a specific amount oftime. This range is defined by Aging Time, which can beset in the management.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
6/72
Filtering Database One database
contains MAC
addresses, whichport theyre on, andif theyre active ordisabled
Duplicate MACaddresses notallowed (the second onewould replace the first)
Entry MAC Addr Port active
1 0800900A2580 1 yes
2 002034987AB1 1 yes
3 00000C987C00 2 yes
4 00503222A001 2 yes5
6
7
8
9
1011
12
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
7/72
Learning of Addresses The Filtering Database learns a stations location
from the source address on an incoming frame
Switch
Frame with destination address
00 22 22 33 33 44 is received
on Port 4.
Port 1
Port 4
Frames with the destination
address 00 22 22 33 33 44 are
only forwarded on port 1
Frame with destination address
00 22 22 33 33 44 is received
on Port 4.
Frame with source address
00 22 22 33 33 44 is
received on Port 1.
This source address islearned by the filtering
database. All future frames
destined for this MAC address
will be forwarded ONLY out ofthis Port.
Destination address not yet learned.
Packet is forwarded out all ports.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
8/72
Multicast Frames Multicast Frames originate from one source and
have the possibility of going to more than one
destination. An example of this is the SpanningTree BPDU.
Switch 4
Switch 1
Shared LAN
Switch 3Switch 2
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
9/72
The Permanent Database Upon Bridge Initialization, a reserved block of Multicast
Addresses is transferred to the Filtering Database
Currently only 3 of these multicast addresses arestandardized. The rest are reserved for future use.Frames containing these addresses in the source are never
learned or forwarded.
Assignment ValueBridge Group Address (Span. Tree) 01 80 C2 00 00 00
IEEE Std. 802.3, Full Duplex Pause Operation 01 80 C2 00 00 01
Slow Protocols Multicast Address 01 80 C2 00 00 02
Reserved for future standardization 01 80 C2 00 00 03
To
01 80 C2 00 00 0F
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
10/72
Basic/Extended Filtering Services Bridges that support Basic Filtering Services
can dynamically learn all MAC addressesexcept those from the Permanent Database
These addresses can also be staticallyconfigured so that they do not age out
Switches filtering frames from the Permanent
Database are said to support Basic FilteringServices
Extended Filtering Services are implementedby devices that support advanced features
like GARP
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
11/72
Aging Time Aging time is defined as a range of 10 to one million
seconds
One million seconds = 11 days 13 hrs 46 min and 40 sec The default time is 300 seconds
The Filtering Database starts aging time when an address islearned and resets it whenever another frame arrives on
that port Why is aging time important?
When aging time expires, the address and port are discarded fromthe Filtering Database.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
12/72
Filtering Database Review Every bridge has a table called a Filtering
Database
Entries in this table are updated upon receiptof frames, the source addresses and theports they arrive on are learned
Once a MAC address is associated with aport, frames containing that destinationaddress are only forwarded out of that port
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
13/72
Filtering Database Review(cont.)
In real switches these tables vary insize, most have the capability of holding
several thousand MAC addresses. Iveseen one that has the capacity to learnmore than 150,000 addresses
(3Com9100).
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
14/72
Spanning Tree Protocol (STP) An algorithm,, used to prevent logic loops in
a bridged network by creating a spanning tree
When multiple paths exist,, STA lets a bridgeuse only the most efficient one. If that pathfails, STA automatically reconfigures thenetwork to make another path become active,
sustaining network operationsDefinition ofSpanning Tree Algorithm from Newtons Telecom Dictionary.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
15/72
The Spanning Tree PoemI think that I shall never see
A graph more lovely than a tree.
A tree whose crucial property
Is loop-free connectivity.
A tree that must be sure to span
So packets can reach every LAN.
First, the root must be selected.
By ID, it is elected.
Least-cost paths from root are traced.
In the tree, these paths are placed.
Amesh is made by folks like me,
Then bridges find a spanning tree.
-Radia Perlman
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
16/72
What is a Spanning Tree? Only one active path
exists between any
two devices.
Resembles a familytree. (problems arise in bothwhen loops occur)
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
17/72
Why Spanning Tree? The purpose of Spanning Tree is to
have bridges dynamically discover a
subset of the topology that is loop-freeand yet has just enough connectivity sothat there is a path between every pair
of nodes in the LAN.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
18/72
How does Spanning Tree work? The basic idea behind the Spanning
Tree Protocol is that bridges transmit
special messages to each other thatallow them to calculate a spanning tree
Configuration Bridge Protocol Data
Units (BPDUs) Sometimes referred to a Config. BPDUs
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
19/72
STP ExampleRoot
BA
D EC F
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
20/72
Port States Bridge ports operate the Spanning Tree
Algorithm using the following states: Blocking incoming frames are discarded
Listening incoming frames are discarded, but theport is in the process of transitioning to Learning
Learning incoming frames are discarded, buttheir source addresses and ports are placed in the
Filtering Database Forwarding incoming frames are forwarded,
source addresses are learned
Disabled the port is disabled by management
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
21/72
Configuration BPDUs The Configuration BPDU contains enough info so
that bridges can do the following:1) Elect a single bridge to be Root Bridge
2) Calculate the distance of the shortest path fromthemselves to the Root Bridge
3) Elect a Designated Bridge for each LAN segment,which is the bridge in the LAN segment closest to the
Root Bridge, to forward packets from that LANsegment toward the Root Bridge.
4) Choose the port, called the root port, that gives thebest path from themselves to the Root Bridge.
5) Select ports to be included in the spanning tree.These include only root ports and designated ports.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
22/72
Inside Config BPDUs Destination MAC Address: 01 80 C2 00 00 00
Special Multicast address for Spanning
Tree Root ID
ID of the bridge assumed to be root
Bridge ID
ID of the bridge transmitting BPDU Cost
Cost of least-cost path to the root fromthe transmitting bridge (at least the bestpath of which the transmitting bridge iscurrently aware of)
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
23/72
Inside Config BPDUs Protocol ID = 0x0000
Protocol Version ID and BPDUType = 0x00
If transmitting bridge is Root,Message Age = Zero, otherwiseit is set to the value of the RootPorts Message Age timer plusan increment of one*
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
24/72
Path Cost Path costs are designed to be
associated with the speed of the link
Link Speed Recommended
value
Recommended
range
Range
4 Mb/s 250 1001000 165 535
10 Mb/s 100 50600 165 535
16 Mb/s 62 40400 165 535
100 Mb/s 19 1060 165 535
1 Gb/s 4 310 165 535
10 Gb/s 2 15 165 535
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
25/72
Bridge Initialization Root ID set to Bridge ID
Root Path Cost set to zero
All ports on bridge become designatedports
Configuration BPDU transmitted on eachdesignated port
Hello Timer is started
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
26/72
How this all works togetherA bridge continuously receives
Configuration BPDUs on each of its ports
and saves the best configurationmessage from each port. The bridgedetermines the best configurationmessage by comparing not only the
Configuration BPDUs received on aparticular port, but also the configurationmessage that the bridge would transmiton that port.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
27/72
How is best determined? Given two Configuration BPDUsC1 and C2
C1 is the best if:
the root ID in C1 is numerically lower then the rootID in C2
If the root IDs are equal, then if the cost in C1 isnumerically lower than the cost in C2
If the root IDs and cost are equal, then if the Bridge
ID in C1 is numerically lower than the Bridge ID inC2
The final tiebreaker is the port ID. Each porton a switch has a port ID. Useful if two ports
from the same switch are on one LAN segment.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
28/72
Transmitting BPDUs If Hold Timer is active the Configuration
BPDU will be transmitted upon
expiration. Ensures no more than one
Configuration BPDU is transmitted perHold Time period
Transmit only if Message Age < MaxAge
After transmission Hold Timer is reset
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
29/72
BPDU Processing Received Configuration BPDU is
checked against stored BPDU
If the received BPDU is better or thesame but with a smaller age, thenstored BPDU is overwritten
Bridge then recalculates root, root pathcost, and root port
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
30/72
Message Age Each Configuration BPDU contains a
message agefield
Incremented after every unit of time
Ifmessage age= max agethen theBDPU is discarded
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
31/72
Root or Path to Root Fails Bridge will no longer receive fresh BPDUs
Gradually increases message age on
currently stored Configuration BPDU
When max age occurs bridge will recalculateroot, root path cost, and root port
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
32/72
Hello Time/Root BPDU Propagation The Root Bridge periodically transmits
Configuration BPDUs every hello time
When the Root Bridge generates aConfiguration BPDU the message age field isset to 0
Upon receipt, Bridge will transmitConfiguration BPDU on each port for which itis the Designated Bridge, and increment themessage age by at least one*
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
33/72
Designated Bridge
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
34/72
Topology Change?
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
35/72
Stopping Loops during Topology Change
Use two substates: Listening and Learning
Data received while in these states is notforwarded
Received Configuration BPDUs are stored
Root, root path cost, and root port arecalculated
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
36/72
Topology Change Procedure1) Bridge notices that the Spanning Tree
algorithm has caused it to transition a port
into or out of the blocking state2) Bridge periodically transmits a Topology
Change Notification BPDU with same periodas hello time. It continues this until theRoot bridge acknowledges by setting thetopology change bit in its ConfigurationBPDUs.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
37/72
Topology Change Procedure(cont.)
3) A bridge that receives a Topology ChangeNotification BPDU on a port for which it is the
Designated Bridge does two things:1) Performs step 2 from previous slide (notifies the
root bridge of topology change)
2) Sets the topology change acknowledgement flag
in the next Configuration BPDU it transmits on theLAN from which the Topology Change NotificationBPDU was received
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
38/72
4) Root Bridge sets the topology changeflag in its Configuration BPDUs for a
period equal to the sum of forwarddelay and max age, if the Root Bridge
a. Notices a topology change because one
of its ports has changed state, orb. Receives a topology change notification
message
Topology Change Procedure(cont.)
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
39/72
5) A bridge that is receivingConfiguration BPDUs with the
topology change flag set (or the RootBridge that is setting the topologychange flag in its ConfigurationBPDUs) uses the forward delay timer
until it starts receiving ConfigurationBPDUs without the topology changeflag set
Topology Change Procedure(cont.)
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
40/72
Networkwide Parameters For correct operation some parameters need
to be uniform throughout the SpanningTree. The Root Bridge includes thefollowing values in its Configuration BPDUs:
1) Max age: time after which Configuration BPDUsare discarded
2) Hello time: interval, used by the Root Bridge,
between issuing Configuration BPDUs3) Forward Delay: amount of time in learning and
listening states (half the time of transition fromblocking to forwarding)
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
41/72
Management Parameters Bridge priority: a 2-octet value that
allows the network admin. to influence
the choice of the Root Bridge and theDesignated Bridge
Port Priority: a 1-octet value that allowsthe network admin. to influence the
choice of port when a bridge has twoports connected to the same LANsegment
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
42/72
Why eliminate Loops? Loops cause traffic to build up in a
network until the network no longer
function due to full bandwidth usage
A BLAN Connection
Incoming broadcast
frame
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
43/72
Performance Issues Two properties make bridge
performance crucial:
1) Lack of receipt of BPDUs causes bridgesto add connectivity. If a bridge does notreceive any Configuration BPDUs onsome port it will take over as theDesignated Bridge on that port.
2) Extra connectivity will cause loops
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
44/72
What affects Bridge Performance? Network Congestion
Bridge will discard packets before looking
at them if CPU cant keep up
Bridge must be able to transmit BPDUsno matter how congested the network is
This involves being able to move BPDUs tothe front of the queue
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
45/72
VLANs (Virtual Local Area Network) A means by which LAN users on different
physical LAN segments are afforded priorityaccess privilegesacross the LAN backbone in
order that they appear to be on the samephysical segment on an enterprise-level logicalLAN. VLAN solutions, which are priority innature, are implemented in LAN switches, and
VLAN membership is defined by the LANadministrator on the basis of either port addressor MAC address.
Definition ofVLAN from Newtons Telecom Dictionary.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
46/72
How VLANs work:1) LAN Bridge receives tagged data from workstation
2) Bridge reads current tag, and forwards data with a VLANID (tag) corresponding to the VLAN the data came from
(explicit tagging) OR
1) LAN Bridge receives untagged data from workstation
2) Bridge determines the VLAN membership of data by
noting the port on which it arrives (implicit tagging)
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
47/72
Basic VLAN Concepts Port-based VLANs
Each port on a switch is in one and only one VLAN(except trunk links)
Tagged Frames VLAN ID and Priority info is inserted (4 bytes)
Trunk Links
Allow for multiple VLANs to cross one link Access Links
The edge of the network, where legacy devices attach
Hybrid Links Combo of Trunk and Access Links
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
48/72
Basic VLAN Concepts(cont.)
Priority-tagged frame tag header carries priority info., but no
VLAN IDVLAN-tagged frame
tag header carries both VLAN ID andpriority info.
Port VLAN ID (PVID) provides the VID for untagged and priority-
tagged frames received on that Port
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
49/72
Trunk Link
Attaches two VLAN-aware switches
Carries Tagged frames ONLY.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
50/72
Access Links
Access Links are Untagged for VLAN unawaredevices
The VLAN switch adds Tags to receivedframes, and removes Tags when transmitting
frames.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
51/72
VLAN ID (Tag)
4 Bytes inserted afterDestination and SourceAddress
Length/Type Field
VLANs = 0x8100
Priority Bit
Range: 0-7
VLAN ID
Range: 0-4094
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
52/72
Tagging Conversions
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
53/72
Port VLAN ID Each port has a VLAN ID configured on it
Indicates which VLAN untagged data
should be associated with
Does not constrain the port to a specificVLAN, nor does it mean that only
untagged data can be processed
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
54/72
Sample VLANs
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
55/72
Traffic Segregation
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
56/72
Workgroups: Physically Defined A mobile user from
workgroup C, in
building 2, needs todo work in building 1.By physically changingbuildings he must
change the workgroupsection of the LANwhich he/she is in.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
57/72
VLANs: Logically Defined
With VLANs he/shecan physically
change buildings,but remain in thesame workgroup.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
58/72
Broadcast Domains (Layer 2)
broadcast domain: a network (or portion of anetwork) that will receive a broadcast packet
from any node located within that network broadcast packet: an Ethernet packet sent to
the broadcast address (FF:FF:FF:FF:FF:FF)which designates the packet as destined for
all nodes in the broadcast domain
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
59/72
Constricting Broadcast Domains
What defines the edge of a layer 2broadcast domain?
Router: does not forward layer 2 broadcastframes
Filtering Database: by configuring thebroadcast address to be not forwarded
VLANs: broadcast packets are tagged sothey do not leave the configured topologyof the VLAN
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
60/72
Security
Data is contained in the VLANs topology
By allotting sensitive data its own VLAN,
only those nodes in the VLAN will see it.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
61/72
GARP/GVRP
GenericAttribute Registration Protocol
GARPVLAN Registration Protocol
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
62/72
How does GARP work?
Devices declare their desire for a givenattribute by making a declaration
Done by issuing a Joinevent Declarations can be withdrawn by issuing
a Leaveevent
Devices enter a registration for anattribute on a given port when they hear adeclaration for the attribute on that port
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
63/72
GARP
General-purpose protocol that supportsa specific class of applications within
bridges Defines a subset of the spanning tree
that contains devices interested in a
given network commodity Referred to as an attribute
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
64/72
GVRP - GARP VLAN Registration Protocol
Disadvantages to Static VLANs
Static VLANs are created via management
Must be maintained by a network admin Static VLANs must be reconfigured for
every network topology change
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
65/72
GVRP Simplifies All This!
GVRP creates dynamic VLANs
No manual configuration needed
GVRP is maintained by the devicesthemselves
Topology change? No problem, GVRPrecreates the dynamic VLAN automatically
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
66/72
What can GVRP do for you?
Allows the creation of VLANs with a specificVID and a specific port, based on updates
from GVRP-enabled devices. Advertises manually configured VLANs to
other GVRP-enabled device. As a result ofthis the GVRP-enable devices in the core of
the network need no manual configuration inorder to inter-operate.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
67/72
GVRP Info
GVRP is a GARP application thatregisters attributes for dynamic VLANs
GVRP deals only with the managementof dynamic VLANs
Everything that you have learned about
static VLAN packet format andtransmission applies
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
68/72
How GVRP does all this:
The method of advertisement used byGVRP-enabled devices consists of
sending Protocol Data Units (PDUs),similar to Spanning Tree BPDUs, to aknown multicast MAC address (01 80 C2
00 00 21) to which all GVRP-enableddevices listen to for updates. GVRPadvertisement follows the definition ofGARP.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
69/72
What do these PDUs contain?
A single PDU may contain several differentmessages telling the GVRP-enabled device to
perform a specific action. Join: register the port for the specified VLAN
Leave: de-register the port for the specified VLAN
LeaveAll: de-register all VLAN registrations on that port
Empty: request to re-advertise dynamically andstatically configured VLANs
Windows screenshot >
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
70/72
Industry Implementation Example 3Com manufactures Network Interface Cards that take
advantage of GVRP
Accessed via the Control Panel (DynamicAccess
)
Extremely easy to configure
Windows screenshot>
Vendors (current):
Cisco Systems, 3Com
and Hewlett Packard
Several others are
developing working
implementations also.
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
71/72
Example: GARP/GVRP
S
SS
E ERED GOLD
EE
7/29/2019 UNH-IOL BFC Knowledgebase Bridging
72/72
THE END
Any Questions?