Tải bản đầy đủ - 0 (trang)
Chapter 3. Introducing Switching, Routing, and Address Translation

Chapter 3. Introducing Switching, Routing, and Address Translation

Tải bản đầy đủ - 0trang

packetsaretranslatedbyNAT-capabledevices.



InChapter2,"ExploringtheNetworkLayers,"youlearnedhow

TCPsegments,IPpackets,andEthernetframesaregenerated,

encapsulated,andtransmittedontoanetworkbyTCP/IP

devices.InthisChapter,youwilllearnhowtodesignanetwork

toefficientlytranslate,route,andswitchtheTCPsegments,IP

packets,andEthernetframesthatflowthroughyournetwork.

ThefollowingtopicsarediscussedinthisChapter:

FrameSwitchingandVirtualLANsSwitchingTCP/IP

involvesforwardingLayer2EthernetframeswithinVLANs.

IPRoutingStaticanddynamicroutingprotocolsdefinethe

paththattraffictakesfromoneendsystemtotheother.

PacketSwitchingPacketsareswitchedwithinrouters

usingprocessswitching,fastswitching,orCiscoExpress

Forwarding(CEF)

NetworkAddressTranslationPackets'IPaddressfields

arerewrittentoconserveIPaddresses,andhideinternalIP

addressingschemesandloadbalancingrequestsacross

groupsofservers.







ExploringEthernetFrameSwitching

LANswitchesbuildtablesofMediaAccessControl(MAC)

addressesandassociatedswitchportsassignedtoTCP/IP

deviceswithinthenetworkthatarevisibletotheswitchat

Layer2.TheswitchesbuildtheirMACtablesbyinspecting

AddressResolutionProtocol(ARP)requeststhataretraveling

throughtheswitchfromTCP/IPdevices,suchasfirewalls,

routers,clients,andoriginservers.Figure3-1illustratesthe

processofMAClearninginasmallnetwork,usingtheARP

request-responseexamplediscussedpreviouslyinFigure2-16

fromChapter2.



Figure3-1.BasicMACAddressLearningUsing

TransparentSwitching



[Viewfullsizeimage]



InFigure3-1,SwitchBreceivestheARPframeatLayer2from

ClientBonPort2andcreatestheentry[0050.ba28.0f6bvia

Port2]initsMACtable.TheentrycontainstheMACaddressof

ClientB,andtheportnumberwheretherequestwasreceived.

BecauseSwitchBisunawareofthelocationoftherouterinthe

network,itbroadcaststheframe,unmodified,toallports

(excepttheporttherequestwasreceivedonPort2).Whenthe

frameisreceivedbySwitchAfromSwitchB,theentry

[0050.ba28.0f6bviaPort2]iscreatedandstoredinitsMAC

table.SwitchAisunawareofthelocalporttowhichtherouter

isconnectedandbroadcaststheframeoutallports,exceptPort

2.TherouterreceivestheARPrequestandrespondswithan

ARPresponse,directlybacktoClientB.WhenSwitchAreceives



theARPresponseframe,itcreatestheentry[0030.4a3f.1f3a

viaPort4]containingtherouterMACandconnectedport.

SwitchAthensendstheARPresponseoutPort2,basedonits

existingentryforClientB.

EventhoughClientBisconnectedthroughanintermediary

Layer2switch(SwitchB),therouterMACentryisstilllocated

inSwitchB'slocalMACtable[0050.ba28.0f6bviaPort2]andis

pointingtotheportconnectedtothe"next-hop"switch(Port2).

Thereasonforthisisthattheswitchesareinthesame

broadcastdomainandthusreceivetheARPrequest-response

Ethernetframeswithoutmodificationfromboththeclientand

router.

WiththeMACtablespopulated,ClientBsendsanapplication

requesttotheInternetserverwithIP209.165.200.226viaits

defaultrouter10.1.1.1.Theswitchestransparentlyswitchthe

frameaccordingtotheMACentriesfortherouter.Additionally,

thereturntrafficfromtheInternetserverisswitchedbythe

LANswitchesusingtheMACentriesforClientB.



Note

Withsomeoperatingsystems,workstations

broadcastgratuitousARP(GARP)framestotheLAN

whenitbootstoadvertiseitsIP-to-MACassociation.

MostWindows-basedclientsandserversusethis

facilitytoavoidduplicateIPaddressesonthe

network.Thisfacilityisalsobeneficialforpopulating

switchMACforwardingtables.



Figure3-1illustratesabasicswitchednetwork;however,

withoutfault-toleranceatLayer2,ifanysinglecomponentfails,

suchasaswitchorindividualuplink,yourentirenetworkwillbe



unusable.ToprovideresiliencytoaLayer2network,youshould

considerenablingthefollowingfeaturesinyourswitched

network:

SpanningTreeProtocolWhentwoormoreswitchesare

combinedinanetwork,Layer2forwardingloopsmayoccur.

Todealwiththenegativeimpactofforwardingloops,enable

theIEEE802.1DSpanningTreeProtocol(STP)onyour

Layer2switches.STPprovidespathfaulttoleranceand

redundancywithinasegment,bytakingadvantageof

backuppathscreatedfromLayer2forwardingloops.When

morethanonepathisavailable,theSTPselectivelyblocks

someandleavestheothersactive,therebyavoiding

potentialloopsandcreatingbackupsfortheactivepaths.

EtherChannelorIEEE802.3adLinkAggregationCisco

EtherChannelloadbalancesframesovermultipleredundant

Layer2links.Oneoftheavailablelinksisselectedforeach

framebyhashingthesourceanddestinationMACaddresses

together.Theresultofthehashistheindexofthepreferred

linkfortheframe.Theconceptofhashingwillbediscussed

inChapter10,"ExploringServerLoadBalancing."







ConfiguringVirtualLANs

VirtualLANs(VLANs)provideyouaflexiblemeanstologically

separatedevicesthatarephysicallyattachedtothesameLayer

2switchoracrossdifferentswitches.Broadcasttraffic

originatingonaVLANisnotpropagatedtootherVLANs.You

needaLayer3devicecapableofinter-VLANrouting,suchasa

routerormultilayerswitch,toroutetrafficbetweenVLANs.

Withmultilayerswitches,suchastheCatalyst3550and

Catalyst6500,alogicalVLANinterfaceservesasthedefault

gatewayforalldevicesattachedtotheswitchportsthatare

assignedtothatparticularVLAN.Thatis,theVLANinterfaceIP

addressisthedefaultgatewayfordevicesintheVLAN.Clients

indifferentVLANswillhaveadifferentdefaultgateway.For

example,ifthreeVLANsareconfiguredonaLayer3switch,

therewillbethreedefaultgatewaysforyourclients.Traffic

destinedtodifferentVLANsisroutedbythemultilayerswitching

enginebetweenVLANinterfaces.

Example3-1showsyouhowaVLANinterfaceandtheswitch

portsthatresideintheVLANareconfiguredonaCiscoCatalyst

3550Layer3switch.



Example3-1.ConfiguringVLANInterfacesand

SwitchPorts



Router1#configureterminal

Router1(config)#interfacevlan100

Router1(config)#ipaddress10.1.1.1255.255.255.0

Router1(config)#noshut

Router1(config)#

Router1(config)#interfacefastethernet3/1

Router1(config)#switchportaccessvlan100

Router1(config)#

Router1(config)#interfacefastethernet3/2

Router1(config)#switchportaccessvlan100



Router1(config)#Ctrl-Z

Router1#



ConfiguringVLANTrunking

VLANtrunkingenablesmultipleVLANstotraverseasinglelink,

thusprovidingmultiplelogicallinks.EithertheCisco-developed

Inter-SwitchLink(ISL)orthestandardIEEE802.1Qisavailable

toyouforconfiguringtrunks.Youcanconfiguretrunksbetween

Ciscoswitchesor,inordertoperforminter-VLANrouting,

betweenCiscoswitchesandrouters.WithbothISLand802.1Q,

anadditionalVLANidentificationfieldisinsertedintoEthernet

frames,whichindicatestheVLANthattheframebelongsto.

Figure3-2showswherethe802.1QVLANtagisaddedtothe

802.3frame.



Figure3-2.802.3FrameFormatwith802.1Q

Tagging



[Viewfullsizeimage]



Table3-1definesthefieldsinthe802.1Qtagfield.

Table3-1.Fieldsin802.1QTagField



Field



Description



ProtocolIdentifier



Thetaggingprotocolused.Thisfieldissettoavalue

of0x8100toidentifytheframeasanIEEE802.1Q

taggedframe.



802.1PPriority



Thepriorityfieldusedforclassofservice(CoS)

priorityassignments.



CanonicalFormat

Indicator(CFI)



IndicatesthecanonicalformoftheMACaddressin

theframe.Ifthevalueiszero,theMACaddressis

storedincanonicalformat.Ifthevalueofthisfieldis

one,theMACaddressisinnon-canonicalformat.



VLANID



TheVLANnumber.



Example3-2showshowaswitchportisconfiguredwithan

802.1QtrunkonaCiscoCatalyst3550switch.



Example3-2.ConfiguringanISLTrunkonaPort



Router1#configureterminal

Router1(config)#interfaceGigabitEthernet4/1

Router1(config)#switchportmodetrunk

Router1(config)#switchporttrunkencapsulationdot1q

Router1(config)#switchporttrunkvlanadd100

Router1(config)#switchporttrunkvlanadd200

Router1(config)#Ctrl-Z

Router1#



ExploringMACLearningwithMultipleVLANs

Figure3-3illustrateshowMAClearningisperformedafter

segmentingthenetworkfromFigure3-1intotwodifferent



VLANs.



Figure3-3.MACLearningwithTwoVLANsand

Inter-VLANRouting



[Viewfullsizeimage]



VLAN10isconfiguredonallportsofSwitchAandPort1of

SwitchB.VLAN20isconfiguredonPort2SwitchB.SwitchBis

configuredwithaVLANinterfaceforVLAN10andanotherfor

VLAN20inordertoroutebetweenthetwoVLANs.



Note

FormoreinformationonIProuting,seethesection

"UnderstandingIPRouting"laterinthisChapter.



BecauseSwitchBisaLayer3switch,itmaintainsitsownARP

cacheinadditiontoaLayer2MACtableandservesasthe

defaultgatewayforClientB.Forexample,ClientBsendsan

ARPrequestforSwitchB'sIPaddress,insteadofRouterA'sIP

addressasshownpreviouslyinFigure3-1.Therefore,SwitchB

originatesanARPrequestfortheIPaddressofrouterAinorder

todeterminewheretoroutetheclient'supcomingapplication

requesttotheInternet.NoticehowtheresultingMACtablefor

SwitchAisslightlyadjustedinFigure3-3fromFigure3-1.

SwitchAnolongerhasanentryforClientBbutinsteadhasthe

entry[0030.4a3e.4d13viaPort2]fortheVLAN10interfaceof

SwitchB.



VLANTrunkingProtocol

VLANtrunkingprotocol(VTP)isusedtomanagethecreation,

removal,andavailabilityofVLANsinaswitchednetwork.You

canconfigureyourswitcheswithVTPbyassigningthemas

servers,clients,ortransparent.Youcancreate,change,and

deleteVLANinformationonaVTPserver,includingtheVLAN

numberandname.TheVLANinformationispermanentlystored

inaVTPdatabasewithinnon-volatileRAM(NVRAM)oftheVTP

server.VLANsarenotcreatedonVTPclientsVTPservers

advertisetheVLANinformationtotheVTPclientsovertrunk

links,intheformofVTPmessages.TheVTPclientsstorethe

informationdynamicallyinRAMandinturnforwardtheVTP

messageoutallVLANtrunks,exceptthetrunkthattheVTP



messagewasreceivedon.

YoumustaddVLANstotheVTPserverbeforeassigningthe

VLANstoportsoneitherVTPserversorclients.However,

switchesassignedasVTPtransparentdonotparticipateinVTP

butwillrelaytheVTPupdatestootherswitchesinthedomain.

YoumustcreateandremoveVLANslocallyontransparent

switches.TheVLANsarestoredinNVRAMontheVTP

transparentswitch,buttheyarenotadvertisedtotheVTP

domain.Figure3-4illustrateshowVLANinformationis

advertisedoverVLANtrunksusingVTP.



Figure3-4.ASimpleVTPDomainwithaVTP

ServerSendingUpdatestoVTPClients



Inthisexample,anewVLANisaddedtotheVTPserverforthe

humanresourcesdepartment.Theupdateissentoutonall

VLANtrunkports,toallswitchesinthedomain.Thetransparent

switchsimplyforwardstheupdatetoitsdownstreamneighbor.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 3. Introducing Switching, Routing, and Address Translation

Tải bản đầy đủ ngay(0 tr)

×