CORPORATE NETWORKING C. Pham Université de Pau et des Pays de l Adour Département Informatique http://www.univ-pau.fr/~cpham Congduc.Pham@univ-pau.fr
Typical example of Ethernet local networks Mostly based on Ethernet: 10, 100, 1000 Mbps Multiple segments are interconnected with layer 2 switches or bridges
Collision domain
Collision domain
Separating collision domain or or Collision domain
Segmentation with a bridge
Switched/Bridged LANs Switched/bridged LANs Are layer 2 devices that are able to forward specifically one incoming frame to any output port, and only this one. Bridge Software based switching engine Store & forward: about 50000 frames/s Switch Hardware based switching fabric (ASIC) Store&forward, cut-through, fragment free: about 500000 frames/s High density of ports Half & Full duplex
Switch/bridge architecture switching unit Shared mem DTE port control processor FIFO FIFO FIFO FIFO control data CD Di Do CD Di Do CD Di Do CD Di Do
Redundant bridging redundancy for reliability (failures) but adds complexity. source L. Toutain
source L. Toutain
Spanning Tree Protocol (STP) Brigdes will exchange messages in the form of: Supposed id of the root (MAC addr.). At initialization, they assume they are the root bridge Supposed cost of the link. For a root bridge, the cost is zero. Id of the sender. Port number on which the msg is sent. Algorithm for each bridge: Search for the best msg (smallest root id first, then lowest cost, then lowest sender s addr, then smalest port) on all ports. If a msg is better than configuration : This path becomes the path to the root. A new configuration is computed. Cost is increased by 1. Ports that are between the best configuration and the newly computed configuration are deactivated. The other ports belongs to the spanning tree This configuration is sent on ports except those that lead to the root bridge If no msg is better that the one sent by a bridge B, B will consider itself as the root. source L. Toutain
Spanning Tree Protocol (STP, IEEE 802.1d) 13,0,13,1 15,0,15,1 best calculated 13,0,13,x best calculated 15,0,15,x 13,0,13,1 best calculated 13,0,13,x 13,1,15,1 best 13,0,13,1 calculated 13,1,15,x 13,0,13,2 15,0,15,2 13,0,13,2 13,1,15,2 (id. root, cost, id. src, port) 13,0,13,1 best calculated 13,0,13,x 13,1,15,1 best 13,0,13,1 calculated 13,1,15,x 13,0,13,2 13,1,15,2 13,0,13,1 < 13,0,13,2 < 13,1,15,x then disable port 2
Spanning tree,, 4 networks 4,0,4,1 2,0,2,1 2,0,2,2 3,0,3,1 1,0,1,1 1,0,1,2 After a new 2nd phase of msg 4,0,4,2 3,0,3,2 1,1,2,1 1,1,2,1 < 1,1,3,2 < 1,2,4,x disable port 2 1,1,3,2
Switched LANs vs Routing Well-known problems of switched/bridged LANs Loops spanning tree protocol High convergence time Broadcast broadcast storm Subnetworking Limit to the smallest MTU of various LANs What routers brings Breaks up broadcast domains Multicast control Optimal path determination, fast convergence Traffic management, redundancy and load balancing Layer 3 addressing and hierarchical addressing Advanced security QoS
LAN in corporates Used the 80/20 rules: 80% of traffic is local, 20% of traffic cross the corporate backbone Network administrators made sure that all resources for the users were contained within their own segment Resources include: network servers, printers, applications 80% 20%
The new 20/80 paradigm Web-based applications, remote servers farms for various network services have created a new communication model where most of the traffic has to cross the corporate backbone This new demand is putting a high load on routers: they must handle an enormous number of packets at wire speed Handling 20/80 traffic model with layer 2 switching has lead to VLAN mechanisms Virtual LAN: create logical groups of users Support user s mobility Limits collision & broadcast domain, but still need router to route between VLANs Each VLAN runs its spanning tree
Segmenting in the old way Location gives the subnetwork Teaching Backbone IBM Compatible Research IBM Compatible IBM Compatible Administration Translated from Gille Rech IBM Compatible
VLAN: Virtual LAN Backbone Research Trunk IBM Compatible Teaching Research IBM Compatible Administration Teaching IBM Compatible IBM Compatible
VLAN: Virtual LAN, on several switches Teaching Research Research IBM Compatible Trunk IBM Compatible Teaching Teaching IBM Compatible Teaching IBM Compatible IBM Compatible Administration IBM Compatible
VLAN by port: segment-based VLAN Multiple VLAN on a single port is difficult to manage http://www.univ.edu.dj/cours/equipements/vlan.htm
VLAN by user-defined value: MAC addresses Multiple VLAN/port is possible, but needs filtering and MAC table exchanges http://www.univ.edu.dj/cours/equipements/vlan.htm
VLAN by protocols Only with routable protocols http://www.univ.edu.dj/cours/equipements/vlan.htm
IEEE 802.1q VLAN Built on 802.1D (transparent bridge) and 802.1p for trunking VLANs Dimensioning the VLAN Broadcast IP < 500 hosts IPX < 300 hosts Appletalk < 200 hosts
The classic 3-layer hierarchical model Core layer, layer 2 switches Each layer with specific functionalities Layers can be logical Distribution layer, layer 3 switches/routers Access layer Layer 2 switches
The core layer Responsible of transporting large amounts of traffic, common to a majority of users The only purpose of the core is to switch traffic as fast as possible: routing is not mandatory (usually not recommended) Fault tolerance is an issue since a single failure could affect a large number of users, if not all Design issues: No acces lists, no VLANs and packet filtering Avoid expanding the core size when the internetwork grows, give preference to upgrades over expansion» Design the core for high reliability: FDDI, ATM, FastEthernet/GigaEth with redundant links Select routing protocols with lower convergence time!
The distribution layer Sometimes referred to as workgroup layer The primary functions are to perform routing, filtering, WAN access and policies for the networks Usually use routers or layer 3 switches Determine how packets access the core if needed The following things should be done: Implements access lists, packet filtering and queuing Implements security and network policies, including address translation and firewalls Route between VLANs and other workgroup functions Define broadcast and multicast domains
The distribution layer with minimal routing Scale well when VLANs are designed so that the majority of resources are available in the VLAN (the 80/20 rule). If not, access to routing in the core is a problem
The distribution layer at low cost Scaled switching is a low-cost and easy-to-install solution for a small network. Note that when VLANs are used, end users in one VLAN cannot communicate with end users in another VLAN unless routers are deployed.
Access layer Continued (from distribution layer) access control and policies Creation of separate collision domains (segmentation) Technologies such as switched Ethernet is frequently seen in the access layer Static routing (instead of dynamic) is seen here as well
Example of core block core core The core will usually not carry multiple subnet per link, the distribution layer will: core is pass-through after routing has been performed
Dual core example core core In this example, the 2 core are not connected, this allow for preventing loops without STP, but need redundant links from distribution layer routers to the core
Layer 2 or layer 3 core? Core blocks are usually realized with layer 2 switches since the core should only forward frames when routing has been done in the distribution layer Layer 3 core may be needed for Fast convergence: in layer 2 core, STP is used to prevent loops (about 50s of convergence). If the core is large, routing protocol have faster convergence time Automatic load-balancing: with routing protocol in the core, multiple equal-cost links could be defined in the core, which is not easy to have with (distribution)layer 3/(core)layer 2 model Elimination of peering problem: since routing is performed in the distribution layer, each distribution layer device must keep reachability information to other distribution layer devices. Having layer 3 devices in the core creates a hierarchy. This scheme is usually realized when there are more than 100 switch blocks
What is the core size? Routing protocols are the main factor in determining the core size: the convergence time of routing protocol in the distribution layer The routing protocol dictates the size of the distribution layer devices that can communicate with the core Routing Protocol Max # of peers # of links to the core Max # of supported blocks OSPF 50 2 25 EIGRP 50 2 25 RIP 30 2 15
Connecting corporates to WAN Used to be leased lines (synchronous serial connection, mostly for short distance connection) Now: RNIS, xdsl, FR, ATM, SONET/SDH Redondant WAN segment Multi-homing RNIS, xdsl, FR, ATM packet switched S1 E0 S0 T1,E1 access distribution
WAN connectors Uses serial transmission on twisted pair, coaxial, optical fiber Typical WAN connections are mainly based on HDLC, PPP, ISDN or Frame Relay data link layer. See http://www.hardwarebook.net/connector/index.html#serial ITU-TSS (CCITT) X.21 ISO 4903 EIA-232D (RS232-D) ITU-TSS (CCITT) V.24/V.28 ISO 2110 DTE ITU-TSS (CCITT) V.35 EIA-449, RS-449 ISO 4902 DCE
Some products Cisco SOHO Ethernet, ADSL Cisco 800 Ethernet, ADSL, RNIS, Serial, VPN Cisco 1700 Ethernet, ADSL, T1/E1, FR, X25 VLAN, VPN CXR CyberConnect CXR IX4100&4200