VLANs and GVRP

Curtis Simonson
Bridge Functions Consortium
InterOperability Lab
July, 2000
Presentation Overview
 Standards Involved
 Bridging Background
 802.1Q/1D:
– the problem
– the solution
» GVRP
» Tagging Frames
 Testing It
The ISO OSI Model
 Standards Involved
 IEEE Standard
 The Bridge
Standards
(802.1)
 Most widely
used with the
802.3 MAC
(who doesn’t
use Ethernet?)
 Bridging is
MAC
independent
Quick Review - Shared Medium
 All machines “share”
the network
 Only one machine can
talk at any one time
 Distance limitations
 Total throughput limit
 Collision likelihood
increased
 Shared Medium (Repeated Network)
 All machines “share” Repeaters
the network
5m
 Only one machine can
talk at any one time
 Distance limitations 100m
– At most 205m.
 Total throughput limit
 Collision likelihood
increased
End Stations
 Bridging Review
 Connects Separate
shared Networks
 Frame Translation/
Encapsulation (Token
Ring to Ethernet)
 Reduces Unicast
Traffic
 Switches: Allow for
multiple conversations
Bridging Background

 Bridges work at
layer 2 of the OSI
Model
 Their primary
function is to
relay frames
Filtering Database Review
 One database contains Entry MAC Addr Port active
MAC addresses, 1 0800900A2580 1 yes
2 002034987AB1 1 yes
which port they’re on, 3 00000C987C00 2 yes
4 00503222A001 2 yes
and if they’re active 5
6
or disabled 7
8
 Duplicate MAC 9
10
addresses not allowed 11
(the second one would replace the 12
first)
802.1Q - Standard for VLANs
 Defines a method of
establishing VLANs
 Establishes the Tagged
Frame
 Provides a way to
maintain priority
information across
LANs
Reasons For Standardizing VLANs
 Old implementations could only be defined in
one switch
 To connect a VLAN to another network, each
VLAN needed a router port
 The only multi-switch VLANs were proprietary:
– Cisco: ISL
– Bay: Lattisspan
– 3Com: VLT
– Cabletron: SecureFast
Standards Based VLANs
 Includes definition for a new GARP
application called GVRP (GARP VLAN
Registration Protocol)
– Propagate VLAN registration across the net
 Associate incoming frames with a VLAN ID
 De-associate outgoing frames if necessary
 Transmit associated frames between VLAN
802.1Q compliant switches
 What are VLANs - Virtual Local Area Networks?
 Divides switch into two or
more “virtual” switches
with separate broadcast
domains
 Achieved by manual
configuration through the
switches’ management
interface
 Only that switch will be
segmented
Multiple VLANs in One Switch

 Multiple VLANs can be defined on the same switch

Why VLANs?
 Lots of broadcast traffic wastes bandwidth
– VLANs create separate broadcast domains
» Microsoft Networking
» Novell Networking
» NetBEUI
» IP RIP
» Multicast (sometimes acts like broadcast)
 VLANs can span multiple switches and
therefore create separate broadcast domains
that span multiple switches
 More Reasons...
 Link Multiplexing
– slower speed
technologies share the
high-bandwidth uplink
– multiple IP subnets on
one physical link with
layer 3 switching (such
as to connect Morse,
Leavitt and Ocean if
we were switched
instead of routed)
And One More Reason...
 Security
– Traffic is only seen by who it is intended for
» example: Two separate VLANs, one for accounting
and one for sales. Sensitive accounting data
transmitted over the network will only be seen by
devices in the accounting VLAN.
Basic VLAN Concepts
 Port-based VLANs
– Each port on a switch is in one and only one VLAN (except trunk
links)
 Tagged Frames
– VLAN ID and Priority info is inserted (4 bytes)
 Trunk Links
– Allow for multiple VLANs to cross one link
 Access Links
– The edge of the network, where legacy devices attach
 Hybrid Links
– Combo of Trunk and Access Links
 VID
– VLAN Indentifier
 Tagged Frames
4 Bytes inserted
after Destination
and Source
Address
 Tagged Protocol
Identifier (TPID)
= 2 Bytes (x8100)
– length/type field
 Tagged Control
Information
(TCI) = 2 Bytes
– contains VID
Trunk Link

 Attaches two VLAN switches - carries

Tagged frames ONLY.
Access Links

 Access Links are Untagged for VLAN

unaware devices - the VLAN switch adds
Tags to received frames, and removes Tags
when transmitting frames.
Hybrid Links

 Hybrid Links - ALL VLAN-unaware devices

are in the same VLAN
So Far So Good...
 Soone might ask: “how does the Filtering
Database handle VLANs?”
 Two answers:
– multiple (distinct) tables: one for each VLAN
– one table, with a VLAN column
 They
sound similar, but it turns out they are
VERY different
Multiple Tables Each Table is
for One VLAN
 Called MFD (multiple
Entry MAC Addr Port active
Filtering Databases) or Entry MAC Addr
1 0800900A2580
Entry
Port active
MAC Addr 1 Port yesactive
1 0800900A2580
Entry MAC Addr 1 Port yes
active
it might also be called 2 002034987AB1
1 0800900A2580 1 1 yes yes
2 002034987AB1
1 0800900A2580 1 1 yes yes
3 0500A1987C00
2 002034987AB1 2 1 yes yes
Independent Learning 3 0500A1987C00
2 002034987AB1 2 1 yes yes
4 00503222A001
3 0500A1987C002 2 yes yes
4 00503222A001
0500A1987C002 2 yes yes
5 4 300503222A001 2 yes
 Each VLAN learns 5 4 00503222A001
6 5 2 yes
6
7 65
MAC addresses 7
8 76
8
independently, so 9 87
9
10 9 8
duplicate MAC 10
11 10 9
11
12 1110
addresses are OK as 12 11
12
long as they are in 12

different VLANs.
One (Big) Table
Entry MAC Addr Port active VLAN
 Called SFD (Single 1 0800900A2580 1 yes 2
2 002034987AB1 1 yes 2
Filtering Database) or 3 0500A1987C00 2 yes 2
Shared Learning 4 00503222A001 2 yes 2
5 080034090478 3 yes 1
 No duplicate MAC 6 049874987AB1 5 yes 1
7 0555A1945600 5 yes 3
addresses 8 00503222A023 5 yes 2
9
 Asymmetric VLAN 10
possible 11
12
 Independent Learning I

 Legacy router
learns MAC
addresses from
both VLANs
 Requires 2 physical
links
Independent Learning II

 VLAN-aware router only needs one physical link

Problems
 Can’t combine SFD and MFD switches in
one network
 Some switches only do one or the other, and
can’t be changed
 Hybrids of SFD and MFD makes this tricky
Future Additions
 Layer 3 based VLANs
– IP traffic on a different VLAN than IPX
 Multiple Spanning Trees (one per VLAN)
– allows for using the disabled links
 ATM to IEEE VLAN mapping
– Emulated LANs
GARP (yeah, I know, “the world according to”… that’s a new one!)
 Generic Attribute Registration Protocol
 Standard Defines:
– method to declare attributes to other GARP
participants
– frame type to convey GARP messages:
Protocol Data Unit (PDU)
– rules and timers for registering/de-registering
attributes
GARP - how?
 A device wants
to declare a
certain attribute
 It sends a
declaration
 The bridge
receives it and
propagates it
throughout the
network.
GARP - two devices
 A second
device wants to
declare a
certain
attribute
 Now a “path”
has been
formed.
GMRP
 GARP Multicast Registration Protocol
 Defines a GARP Application (instance of
the generic framework)
 Allows devices to declare membership in a
multicast group
 GMRP - multiple devices
 Devices declare
membership in a
multicast group
 All multicast
frames for that
group propagate
only to the proper
devices.
GMRP - Pros & Cons
 Pros:  Cons:
– provides multicasting – end stations must
that isn’t broadcasting support 802.1p
– works “through” – no interface between
legacy bridges IGMP and GMRP (yet)
– allows asymmetric
pruning
GVRP - GARP VLAN Registration Protocol
 Disadvantages to Static VLANs
– Static VLANs are created via management
– Must be maintained by a network admin
– Static VLANs must be reconfigured for every
network topology change
GVRP Simplifies All This!
 GVRP creates dynamic VLANs
– No manual configuration needed
– GVRP is maintained by the devices themselves
– Topology change? No problem, GVRP
recreates the dynamic VLAN automatically
What can GVRP do for you?
 Allows the creation of VLANs with a specific
VID and a specific port, based on updates from
GVRP-enabled devices.
 Advertises manually configured VLANs to other
GVRP-enabled device. As a result of this the
GVRP-enable devices in the core of the network
need no manual configuration in order to inter-
operate.
GVRP Info
 GVRP is a GARP application that registers
attributes for dynamic VLANs
 GVRP deals only with the management of
dynamic VLANs
 Everything that you have learned about
static VLAN packet format and
transmission applies
VLAN Data Frame Format Review

 GVRP handles data in the same way as Static

VLANs do.
– Header, inserted after the destination and source
addresses, that contains Protocol Identifier and VID
How GVRP does all this:
 The method of advertisement used by
GVRP-enabled devices consists of sending
Protocol Data Units (PDUs), similar to
Spanning Tree BPDUs, to a known
multicast MAC address (01 80 C2 00 00 21)
to which all GVRP-enabled devices listen to
for updates. GVRP advertisement follows
the definition of GARP.
What do these PDUs contain?
 A single PDU may contain several different
messages telling the GVRP-enabled device
to perform a specific action.
– Join: register the port for the specified VLAN
– Leave: de-register the port for the specified
VLAN
» LeaveAll: de-register all VLAN registrations on
that port
– Empty: request to re-advertise dynamically
and statically configured VLANs
Windows screenshot —>

Vendors (current):
Cisco Systems, 3Com
and Hewlett Packard
Several others are
developing working
implementations also.

 Industry Implementation Example

– 3Com manufactures Network Interface Cards that take
advantage of GVRP
– Accessed via the Control Panel (DynamicAccess )
®

– Extremely easy to configure

Example: GARP/GVRP

E E

S S

RED E E GREEN