Switching

advertisement
Switching
Topic 4
Inter-VLAN routing
Agenda
• Routing process
• Routing VLANs
– Traditional model
– Router-on-a-stick
– Multilayer switches
• EtherChannel
VLAN characteristics
• Each VLAN is a unique broadcast domain
• Each VLAN is a unique IP network or subnet
on the network
• Hosts are configured with an IP address and a
subnet mask within the VLAN IP network
• Hosts on separate VLANs are not able to
communicate unless routed
• A routing device is required to forward
packets between VLANs
Routing process
• Source host compares its network address and subnet mask to the
destination IP
– determines whether the destination is local or remote
• If remote, the source host sends an ARP request for the MAC address of the
gateway (the router IP)
– switch broadcasts the ARP request through all ports except the originating port
• Router responds by sending an ARP reply returns to source host
– the source device puts the gateway’s MAC address in the destination MAC
address field of the frame
• frame is transmitted
• Switch forwards the frame as a unicast to the gateway
– router strips the frame header and trailer and examines IP header in the
packet
– routing lookup for the network of the destination IP determines the exit
interface
– router moves packet to exit interface and reframes the packet
– destination MAC address is retrieved from cache or an ARP request is
broadcast if unknown
• Frame is forwarded to destination host
Inter-VLAN routing
• Inter-VLAN routing is the process of forwarding
network traffic from one VLAN to another VLAN using
a routing process
– Each VLAN is a unique subnet on the network
– A routing process is necessary for messages to move
between VLANs
– The routing device must be connected to all VLANs
– The routing device has the gateway addresses for each
VLAN
Inter-VLAN routing methods
• Traditional Inter-VLAN routing
• ‘Router-on-a-stick’
• Multilayer switching
Traditional Inter-VLAN routing features
• Requires multiple physical interfaces on both the router and
the switch
– Router needs an interface for each VLAN and the switch needs a
switchport for each VLAN to be routed
– Switchports connecting to router are in ACCESS mode for the VLAN
travelling up the link
• Routers have a limited number of physical interfaces
• Switches require a switchport for each VLAN as well
– Uses up available switchports on the switch
– More links makes the cabling more complex
• Each VLAN has a dedicated link to the router
– As the link is not shared with multiple VLANs throughput is better and
performance is better
Traditional Inter-VLAN routing
topology
Traditional Inter-VLAN routing process
Switch bit
•
•
•
Frame from source host is associated with PVID as it arrives at the switchport of the first switch
Frame may travel down trunk links to reach the switchport of the link to the router if so it is tagged
Tag is removed from the frame as it is placed on the access link to gateway (router)
Router bit
•
•
•
•
Router strips the frame header and trailer and examines IP header in the packet
Routing lookup for the network of the destination IP determines the interface of the destination VLAN
Router moves packet to exit interface
Destination MAC address is retrieved from cache or an ARP request is broadcast if unknown
Switch bit
•
Switch broadcasts an ARP request through all switchports in the destination VLAN
Router bit
•
Router reframes the packet with the MAC in the ARP reply and sends to host via the switch
Switch bit
•
•
•
Switchport receives the frame
If the frame needs to cross trunk links to reach the switchport of the destination host the switch tags the
frame with the PVID of the receiving port which is in the destination VLAN
VLAN tags are removed before the last switchport sends the frame on the access link to the dest host
Traditional Inter-VLAN
configuration
• Router interface
(config)#interface fa0/0
(config-if)# ip address 192.168.1.1 255.255.255.0
(config-if)# no shutdown
(config)#interface fa0/1
(config-if)# ip address 192.168.2.1 255.255.255.0
(config-if)# no shutdown
• Switch interface
(config)#interface fa0/0
(config-if)# switchport access VLAN 10
(config)#interface fa0/1
(config-if)# switchport access VLAN 20
‘Router-on-a-stick’ topology
• A single physical interface is used to route all VLANs
• The physical interface is divided into subinterfaces
–
–
–
–
Each VLAN is assigned to a separate subinterface
Each subinterface is configured to trunk using dot1q
Switchport (to router) is configured as a trunk link
Messages from all VLANs are tagged and trunked to the
router
• Only one physical interface is used on router and one
trunk port is used on the switch
• All VLANs use the single trunk so there is potential for a
bottleneck resulting in reduced performance
What are subinterfaces?
• Subinterfaces are virtual interfaces which are
associated with one physical interface
– Each subinterface has an IP and a VLAN
– Each subinterface is the gateway for the VLAN
– Each subinterface retags the VLAN traffic with
the destination VLAN ID as the traffic enters the
trunk
‘Router-on-a-stick’ topology
Switch bit
•
•
•
‘Router-on-a-stick’ topology
Frame arrives at the switch and is associated with the PVID of the switchport
Frame may travel down trunk links to reach the switchport of the link to the router and if so is tagged
Tag is NOT removed as it enters the trunk link and the frame is sent to gateway (router)
Router bit
•
•
•
•
Router subinterface strips the frame header and trailer and examines IP header in the packet
Routing lookup for the network of the destination IP determines the sub-interface of the destination VLAN
Router moves packet to exit sub-interface and reframes the packet
Destination MAC address is retrieved from cache or an ARP request is broadcast if unknown
Switch bit
•
Switch broadcasts ARP request through all switchports in the destination VLAN
Router bit
•
Router reframes the packet and retags the frame with the VID of the destination subinterface and sends
frame to the destination host via the switch
Switch bit
•
•
•
Switchport receives the frame from a trunk link
If the frame needs to cross trunk links to reach the switchport of the destination host the switch tags the
frame with the VID of the destination VLAN
VLAN tags are removed before the last switchport sends the frame on the access link to the dest host
‘Router-on-a-stick’ configuration
• Router interface
(config)#interface fa0/0
(config-if)# no shutdown
(config)#interface fa0/0.10
(config-subif)#encapsulation dot1q 10
(config-subif)# ip address 192.168.1.1 255.255.255.0
(config)#interface fa0/0.20
(config-subif)#encapsulation dot1q 20
(config-subif)# ip address 192.168.2.1 255.255.255.0
• Switch interface
(config)#interface fa0/0
(config-if)# switchport mode trunk
Multilayer switching features
• Multilayer switches or layer 3 switches can perform
inter-VLAN routing
• Switch has routing capability (Cisco® 3550) or has a
routing module installed on the chassis
• IP routing must be enabled
• VLAN interfaces are configured with the VLAN gateway
IP address
• The switch receives a packet, determines the destination
VLAN and moves the packet to the appropriate port on
the other VLAN
• No extra interfaces required, no extra links
• Routing at switch speeds
Multilayer switching topology
Multilayer switching process
Host bit
•
Source host sends an ARP request for the MAC address of the VLAN gateway on the MLS, receives ARP
reply and completes the frame and transmits to switchport
MLS bit
•
•
•
•
•
Frame is tagged with the VID of its host’s switchport as it travels the trunk links to the MLS
Multi-layer switch strips the frame header and trailer and examines IP header in the packet
Multi-layer switch does a routing lookup for the network of the destination IP and determines the VLAN
interface of the destination network
Multi-layer switch moves packet to VLAN interface of the destination network
Destination MAC address is retrieved from cache or an ARP request is broadcast if unknown
Access switch bit
•
Switch broadcasts ARP request through all switchports in the destination VLAN
MLS bit
•
Multi-layer switch reframes the packet and checks the VLAN list for the switchport location of
destination MAC and TAGS the frame with the destination VID, sends frame on trunk
Access switch bit
•
•
Frame arrives at switch, switch does MAC address table lookup for switchport of the destination host
VLAN tags are removed before the last switchport sends the frame to the destination host
Multilayer switching configuration
• Multi-layer switch
(config)#interface gig0/0
(config-if)# switchport trunk encapsulation dot1q
(config-if)# no ip address
(config)#interface VLAN 10
(config-if)# ip address 192.168.1.1 255.255.255.0
(config)#interface VLAN 20
(config-if)# ip address 192.168.2.1 255.255.255.0
• Layer 2 switch interface
(config)#interface gig0/0
(config-if)# switchport mode trunk
EtherChannel
• EtherChannel provides fault-tolerant high-speed
links between switches, routers and servers
• FastEthernet or Gigabit links are bundled
together to create one logical link
• The speed of each link is aggregated
– Up to 8 fa links = 800Mbps
– Up to 8 gig links = 8 Gbps
– All links must be the same speed
• If a link fails the load is redistributed over the
remaining links, EtherChannel is fault tolerant
Pros and cons
Issues
• Native VLAN mismatches
• Switchport mode mismatches
• Incorrect VLAN numbers and gateway
addresses
Note: subinterface numbers and VLAN
numbers are not required to match for
‘router-on-a-stick’.
Agenda
• Routing process
• Routing VLANs
– Traditional model
– Router-on-a-stick
– Multilayer switches
• EtherChannel
Switching
Topic 4
Inter-VLAN routing
Download