Switching Topic 4 Inter-VLAN routing Agenda • Routing process • Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches • EtherChannel VLAN characteristics • Each VLAN is a unique broadcast domain • Each VLAN is a unique IP network or subnet on the network • Hosts are configured with an IP address and a subnet mask within the VLAN IP network • Hosts on separate VLANs are not able to communicate unless routed • A routing device is required to forward packets between VLANs Routing process • Source host compares its network address and subnet mask to the destination IP – determines whether the destination is local or remote • If remote, the source host sends an ARP request for the MAC address of the gateway (the router IP) – switch broadcasts the ARP request through all ports except the originating port • Router responds by sending an ARP reply returns to source host – the source device puts the gateway’s MAC address in the destination MAC address field of the frame • frame is transmitted • Switch forwards the frame as a unicast to the gateway – router strips the frame header and trailer and examines IP header in the packet – routing lookup for the network of the destination IP determines the exit interface – router moves packet to exit interface and reframes the packet – destination MAC address is retrieved from cache or an ARP request is broadcast if unknown • Frame is forwarded to destination host Inter-VLAN routing • Inter-VLAN routing is the process of forwarding network traffic from one VLAN to another VLAN using a routing process – Each VLAN is a unique subnet on the network – A routing process is necessary for messages to move between VLANs – The routing device must be connected to all VLANs – The routing device has the gateway addresses for each VLAN Inter-VLAN routing methods • Traditional Inter-VLAN routing • ‘Router-on-a-stick’ • Multilayer switching Traditional Inter-VLAN routing features • Requires multiple physical interfaces on both the router and the switch – Router needs an interface for each VLAN and the switch needs a switchport for each VLAN to be routed – Switchports connecting to router are in ACCESS mode for the VLAN travelling up the link • Routers have a limited number of physical interfaces • Switches require a switchport for each VLAN as well – Uses up available switchports on the switch – More links makes the cabling more complex • Each VLAN has a dedicated link to the router – As the link is not shared with multiple VLANs throughput is better and performance is better Traditional Inter-VLAN routing topology Traditional Inter-VLAN routing process Switch bit • • • Frame from source host is associated with PVID as it arrives at the switchport of the first switch Frame may travel down trunk links to reach the switchport of the link to the router if so it is tagged Tag is removed from the frame as it is placed on the access link to gateway (router) Router bit • • • • Router strips the frame header and trailer and examines IP header in the packet Routing lookup for the network of the destination IP determines the interface of the destination VLAN Router moves packet to exit interface Destination MAC address is retrieved from cache or an ARP request is broadcast if unknown Switch bit • Switch broadcasts an ARP request through all switchports in the destination VLAN Router bit • Router reframes the packet with the MAC in the ARP reply and sends to host via the switch Switch bit • • • Switchport receives the frame If the frame needs to cross trunk links to reach the switchport of the destination host the switch tags the frame with the PVID of the receiving port which is in the destination VLAN VLAN tags are removed before the last switchport sends the frame on the access link to the dest host Traditional Inter-VLAN configuration • Router interface (config)#interface fa0/0 (config-if)# ip address 192.168.1.1 255.255.255.0 (config-if)# no shutdown (config)#interface fa0/1 (config-if)# ip address 192.168.2.1 255.255.255.0 (config-if)# no shutdown • Switch interface (config)#interface fa0/0 (config-if)# switchport access VLAN 10 (config)#interface fa0/1 (config-if)# switchport access VLAN 20 ‘Router-on-a-stick’ topology • A single physical interface is used to route all VLANs • The physical interface is divided into subinterfaces – – – – Each VLAN is assigned to a separate subinterface Each subinterface is configured to trunk using dot1q Switchport (to router) is configured as a trunk link Messages from all VLANs are tagged and trunked to the router • Only one physical interface is used on router and one trunk port is used on the switch • All VLANs use the single trunk so there is potential for a bottleneck resulting in reduced performance What are subinterfaces? • Subinterfaces are virtual interfaces which are associated with one physical interface – Each subinterface has an IP and a VLAN – Each subinterface is the gateway for the VLAN – Each subinterface retags the VLAN traffic with the destination VLAN ID as the traffic enters the trunk ‘Router-on-a-stick’ topology Switch bit • • • ‘Router-on-a-stick’ topology Frame arrives at the switch and is associated with the PVID of the switchport Frame may travel down trunk links to reach the switchport of the link to the router and if so is tagged Tag is NOT removed as it enters the trunk link and the frame is sent to gateway (router) Router bit • • • • Router subinterface strips the frame header and trailer and examines IP header in the packet Routing lookup for the network of the destination IP determines the sub-interface of the destination VLAN Router moves packet to exit sub-interface and reframes the packet Destination MAC address is retrieved from cache or an ARP request is broadcast if unknown Switch bit • Switch broadcasts ARP request through all switchports in the destination VLAN Router bit • Router reframes the packet and retags the frame with the VID of the destination subinterface and sends frame to the destination host via the switch Switch bit • • • Switchport receives the frame from a trunk link If the frame needs to cross trunk links to reach the switchport of the destination host the switch tags the frame with the VID of the destination VLAN VLAN tags are removed before the last switchport sends the frame on the access link to the dest host ‘Router-on-a-stick’ configuration • Router interface (config)#interface fa0/0 (config-if)# no shutdown (config)#interface fa0/0.10 (config-subif)#encapsulation dot1q 10 (config-subif)# ip address 192.168.1.1 255.255.255.0 (config)#interface fa0/0.20 (config-subif)#encapsulation dot1q 20 (config-subif)# ip address 192.168.2.1 255.255.255.0 • Switch interface (config)#interface fa0/0 (config-if)# switchport mode trunk Multilayer switching features • Multilayer switches or layer 3 switches can perform inter-VLAN routing • Switch has routing capability (Cisco® 3550) or has a routing module installed on the chassis • IP routing must be enabled • VLAN interfaces are configured with the VLAN gateway IP address • The switch receives a packet, determines the destination VLAN and moves the packet to the appropriate port on the other VLAN • No extra interfaces required, no extra links • Routing at switch speeds Multilayer switching topology Multilayer switching process Host bit • Source host sends an ARP request for the MAC address of the VLAN gateway on the MLS, receives ARP reply and completes the frame and transmits to switchport MLS bit • • • • • Frame is tagged with the VID of its host’s switchport as it travels the trunk links to the MLS Multi-layer switch strips the frame header and trailer and examines IP header in the packet Multi-layer switch does a routing lookup for the network of the destination IP and determines the VLAN interface of the destination network Multi-layer switch moves packet to VLAN interface of the destination network Destination MAC address is retrieved from cache or an ARP request is broadcast if unknown Access switch bit • Switch broadcasts ARP request through all switchports in the destination VLAN MLS bit • Multi-layer switch reframes the packet and checks the VLAN list for the switchport location of destination MAC and TAGS the frame with the destination VID, sends frame on trunk Access switch bit • • Frame arrives at switch, switch does MAC address table lookup for switchport of the destination host VLAN tags are removed before the last switchport sends the frame to the destination host Multilayer switching configuration • Multi-layer switch (config)#interface gig0/0 (config-if)# switchport trunk encapsulation dot1q (config-if)# no ip address (config)#interface VLAN 10 (config-if)# ip address 192.168.1.1 255.255.255.0 (config)#interface VLAN 20 (config-if)# ip address 192.168.2.1 255.255.255.0 • Layer 2 switch interface (config)#interface gig0/0 (config-if)# switchport mode trunk EtherChannel • EtherChannel provides fault-tolerant high-speed links between switches, routers and servers • FastEthernet or Gigabit links are bundled together to create one logical link • The speed of each link is aggregated – Up to 8 fa links = 800Mbps – Up to 8 gig links = 8 Gbps – All links must be the same speed • If a link fails the load is redistributed over the remaining links, EtherChannel is fault tolerant Pros and cons Issues • Native VLAN mismatches • Switchport mode mismatches • Incorrect VLAN numbers and gateway addresses Note: subinterface numbers and VLAN numbers are not required to match for ‘router-on-a-stick’. Agenda • Routing process • Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches • EtherChannel Switching Topic 4 Inter-VLAN routing