Bridging Protocols Overview

1
Bridging Protocols Overview

• Bridge Functions Consortium

2
Bridging Protocols

• Filtering Database (802.1Q/802.1D)
• Spanning Tree Protocol (802.1D clauses 8 9)
• VLANs (802.1Q)
• GARP/GVRP (802.1D clause 12/802.1Q clause 11)
• GARP/GMRP (802.1D clause 10 12)
• Link Aggregation (802.3ad)

3
Bridging History

• Back in the days before Ethernet was the clear
  winning technology on the LAN, Token Ring and
  FDDI were popular
• This meant two different methods of bridging
• Source Route Bridging
• Used by Token Ring and FDDI
• Transparent Bridging
• Used by Ethernet

4
Source Route Bridging

• Source Route Bridging allows load balancing to
  avoid congestion. This is done by routing
  packets over two or more routes to a destination.

Destination LAN
Switch 2
Server
Switch 1
Source LAN
Switch 3
5
Transparent Bridging

• The transparent bridging method follows the plug
  and play philosophy.
• Each bridge contains one (or more) Filtering
  Databases that learn and remember MAC addresses
  on its networks.
• Forwarding decisions are then made with
  consultation of the Filtering Database. If a
  destination MAC address has been learned, the
  packet is then forwarded out of that port.
• These addresses then will be cleared from the
  Filtering Database if they are not active for a
  specific amount of time. This range is defined
  by Aging Time, which can be set in the management.

6
Filtering Database

• One database contains MAC addresses, which port
  theyre on, and if theyre active or disabled
• Duplicate MAC addresses not allowed (the second
  one would replace the first)

7
Learning of Addresses

• The Filtering Database learns a stations
  location from the source address on an incoming
  frame

Switch
Port 1
Port 4
8
Multicast Frames

• Multicast Frames originate from one source and
  have the possibility of going to more than one
  destination. An example of this is the Spanning
  Tree BPDU.

Switch 4
Switch 3
Switch 2
Shared LAN
Switch 1
9
The Permanent Database

• Upon Bridge Initialization, a reserved block of
  Multicast Addresses is transferred to the
  Filtering Database

• Currently only 3 of these multicast addresses are
  standardized. The rest are reserved for future
  use. Frames containing these addresses in the
  source are never learned or forwarded.

10
Basic/Extended Filtering Services

• Bridges that support Basic Filtering Services can
  dynamically learn all MAC addresses except those
  from the Permanent Database
• These addresses can also be statically configured
  so that they do not age out
• Switches filtering frames from the Permanent
  Database are said to support Basic Filtering
  Services
• Extended Filtering Services are implemented by
  devices that support advanced features like GARP

11
Aging Time

• Aging time is defined as a range of 10 to one
  million seconds
• One million seconds 11 days 13 hrs 46 min and
  40 sec
• The default time is 300 seconds
• The Filtering Database starts aging time when an
  address is learned and resets it whenever another
  frame arrives on that port
• Why is aging time important?
• When aging time expires, the address and port are
  discarded from the Filtering Database.

12
Filtering Database Review

• Every bridge has a table called a Filtering
  Database
• Entries in this table are updated upon receipt of
  frames, the source addresses and the ports they
  arrive on are learned
• Once a MAC address is associated with a port,
  frames containing that destination address are
  only forwarded out of that port

13
Filtering Database Review (cont.)

• In real switches these tables vary in size, most
  have the capability of holding several thousand
  MAC addresses. Ive seen one that has the
  capacity to learn more than 150,000 addresses
  (3Com9100).

14
Spanning Tree Protocol (STP)

• An algorithm,, used to prevent logic loops in a
  bridged network by creating a spanning tree
  When multiple paths exist,, STA lets a bridge
  use only the most efficient one. If that path
  fails, STA automatically reconfigures the network
  to make another path become active, sustaining
  network operations
• Definition of Spanning Tree Algorithm from
  Newtons Telecom Dictionary.

15
The Spanning Tree Poem

• I think that I shall never see
• A graph more lovely than a tree.
• A tree whose crucial property
• Is loop-free connectivity.
• A tree that must be sure to span
• So packets can reach every LAN.
• First, the root must be selected.
• By ID, it is elected.
• Least-cost paths from root are traced.
• In the tree, these paths are placed.
• A mesh is made by folks like me,
• Then bridges find a spanning tree.
• -Radia Perlman

16
What is a Spanning Tree?

• Only one active path exists between any two
  devices.
• Resembles a family tree. (problems arise in both
  when loops occur)

17
Why Spanning Tree?

• The purpose of Spanning Tree is to have bridges
  dynamically discover a subset of the topology
  that is loop-free and yet has just enough
  connectivity so that there is a path between
  every pair of nodes in the LAN.

18
How does Spanning Tree work?

• The basic idea behind the Spanning Tree Protocol
  is that bridges transmit special messages to each
  other that allow them to calculate a spanning
  tree
• Configuration Bridge Protocol Data Units (BPDUs)
• Sometimes referred to a Config. BPDUs

19
STP Example
Root
20
Port States

• Bridge ports operate the Spanning Tree Algorithm
  using the following states
• Blocking incoming frames are discarded
• Listening incoming frames are discarded, but
  the port is in the process of transitioning to
  Learning
• Learning incoming frames are discarded, but
  their source addresses and ports are placed in
  the Filtering Database
• Forwarding incoming frames are forwarded,
  source addresses are learned
• Disabled the port is disabled by management

21
Configuration BPDUs

• The Configuration BPDU contains enough info so
  that bridges can do the following
• Elect a single bridge to be Root Bridge
• Calculate the distance of the shortest path from
  themselves to the Root Bridge
• Elect a Designated Bridge for each LAN segment,
  which is the bridge in the LAN segment closest to
  the Root Bridge, to forward packets from that LAN
  segment toward the Root Bridge.
• Choose the port, called the root port, that gives
  the best path from themselves to the Root Bridge.
• Select ports to be included in the spanning tree.
  These include only root ports and designated
  ports.

22
Inside Config BPDUs

• Destination MAC Address 01 80 C2 00 00 00
• Special Multicast address for Spanning Tree
• Root ID
• ID of the bridge assumed to be root
• Bridge ID
• ID of the bridge transmitting BPDU
• Cost
• Cost of least-cost path to the root from the
  transmitting bridge (at least the best path of
  which the transmitting bridge is currently aware
  of)

23
Inside Config BPDUs

• Protocol ID 0x0000
• Protocol Version ID and BPDU Type 0x00
• If transmitting bridge is Root, Message Age
  Zero, otherwise it is set to the value of the
  Root Ports Message Age timer plus an increment
  of one

24
Path Cost

• Path costs are designed to be associated with the
  speed of the link

25
Bridge Initialization

• Root ID set to Bridge ID
• Root Path Cost set to zero
• All ports on bridge become designated ports
• Configuration BPDU transmitted on each designated
  port
• Hello Timer is started

26
How this all works together

• A bridge continuously receives Configuration
  BPDUs on each of its ports and saves the best
  configuration message from each port. The bridge
  determines the best configuration message by
  comparing not only the Configuration BPDUs
  received on a particular port, but also the
  configuration message that the bridge would
  transmit on that port.

27
How is best determined?

• Given two Configuration BPDUsC1 and C2C1 is the
  best if
• the root ID in C1 is numerically lower then the
  root ID in C2
• If the root IDs are equal, then if the cost in C1
  is numerically lower than the cost in C2
• If the root IDs and cost are equal, then if the
  Bridge ID in C1 is numerically lower than the
  Bridge ID in C2
• The final tiebreaker is the port ID. Each port
  on a switch has a port ID. Useful if two ports
  from the same switch are on one LAN segment.

28
Transmitting BPDUs

• If Hold Timer is active the Configuration BPDU
  will be transmitted upon expiration.
• Ensures no more than one Configuration BPDU is
  transmitted per Hold Time period
• Transmit only if Message Age lt Max Age
• After transmission Hold Timer is reset

29
BPDU Processing

• Received Configuration BPDU is checked against
  stored BPDU
• If the received BPDU is better or the same but
  with a smaller age, then stored BPDU is
  overwritten
• Bridge then recalculates root, root path cost,
  and root port

30
Message Age

• Each Configuration BPDU contains a message age
  field
• Incremented after every unit of time
• If message age max age then the BDPU is
  discarded

31
Root or Path to Root Fails

• Bridge will no longer receive fresh BPDUs
• Gradually increases message age on currently
  stored Configuration BPDU
• When max age occurs bridge will recalculate root,
  root path cost, and root port

32
Hello Time/Root BPDU Propagation

• The Root Bridge periodically transmits
  Configuration BPDUs every hello time
• When the Root Bridge generates a Configuration
  BPDU the message age field is set to 0
• Upon receipt, Bridge will transmit Configuration
  BPDU on each port for which it is the Designated
  Bridge, and increment the message age by at least
  one

33
Designated Bridge
34
Topology Change?
35
Stopping Loops during Topology Change

• Use two substates Listening and Learning
• Data received while in these states is not
  forwarded
• Received Configuration BPDUs are stored
• Root, root path cost, and root port are calculated

36
Topology Change Procedure

1. Bridge notices that the Spanning Tree algorithm
   has caused it to transition a port into or out of
   the blocking state
2. Bridge periodically transmits a Topology Change
   Notification BPDU with same period as hello time.
   It continues this until the Root bridge
   acknowledges by setting the topology change bit
   in its Configuration BPDUs.

37
Topology Change Procedure (cont.)

• A bridge that receives a Topology Change
  Notification BPDU on a port for which it is the
  Designated Bridge does two things
• Performs step 2 from previous slide (notifies the
  root bridge of topology change)
• Sets the topology change acknowledgement flag in
  the next Configuration BPDU it transmits on the
  LAN from which the Topology Change Notification
  BPDU was received

38
Topology Change Procedure (cont.)

• Root Bridge sets the topology change flag in its
  Configuration BPDUs for a period equal to the sum
  of forward delay and max age, if the Root Bridge
• Notices a topology change because one of its
  ports has changed state, or
• Receives a topology change notification message

39
Topology Change Procedure (cont.)

1. A bridge that is receiving Configuration BPDUs
   with the topology change flag set (or the Root
   Bridge that is setting the topology change flag
   in its Configuration BPDUs) uses the forward
   delay timer until it starts receiving
   Configuration BPDUs without the topology change
   flag set

40
Networkwide Parameters

• For correct operation some parameters need to be
  uniform throughout the Spanning Tree. The Root
  Bridge includes the following values in its
  Configuration BPDUs
• Max age time after which Configuration BPDUs are
  discarded
• Hello time interval, used by the Root Bridge,
  between issuing Configuration BPDUs
• Forward Delay amount of time in learning and
  listening states (half the time of transition
  from blocking to forwarding)

41
Management Parameters

• Bridge priority a 2-octet value that allows the
  network admin. to influence the choice of the
  Root Bridge and the Designated Bridge
• Port Priority a 1-octet value that allows the
  network admin. to influence the choice of port
  when a bridge has two ports connected to the same
  LAN segment

42
Why eliminate Loops?

• Loops cause traffic to build up in a network
  until the network no longer function due to full
  bandwidth usage

LAN Connection
A
B
43
Performance Issues

• Two properties make bridge performance crucial
• Lack of receipt of BPDUs causes bridges to add
  connectivity. If a bridge does not receive any
  Configuration BPDUs on some port it will take
  over as the Designated Bridge on that port.
• Extra connectivity will cause loops

44
What affects Bridge Performance?

• Network Congestion
• Bridge will discard packets before looking at
  them if CPU cant keep up
• Bridge must be able to transmit BPDUs no matter
  how congested the network is
• This involves being able to move BPDUs to the
  front of the queue

45
VLANs (Virtual Local Area Network)

• A means by which LAN users on different physical
  LAN segments are afforded priority access
  privileges across the LAN backbone in order that
  they appear to be on the same physical segment on
  an enterprise-level logical LAN. VLAN solutions,
  which are priority in nature, are implemented in
  LAN switches, and VLAN membership is defined by
  the LAN administrator on the basis of either port
  address or MAC address.
• Definition of VLAN from Newtons Telecom
  Dictionary.

46
How VLANs work

• LAN Bridge receives tagged data from workstation
• Bridge reads current tag, and forwards data with
  a VLAN ID (tag) corresponding to the VLAN the
  data came from (explicit tagging)
• OR

1. LAN Bridge receives untagged data from
   workstation
2. Bridge determines the VLAN membership of data by
   noting the port on which it arrives (implicit
   tagging)

47
Basic VLAN Concepts

• Port-based VLANs
• Each port on a switch is in one and only one VLAN
  (except trunk links)
• Tagged Frames
• VLAN ID and Priority info is inserted (4 bytes)
• Trunk Links
• Allow for multiple VLANs to cross one link
• Access Links
• The edge of the network, where legacy devices
  attach
• Hybrid Links
• Combo of Trunk and Access Links

48
Basic VLAN Concepts (cont.)

• Priority-tagged frame
• tag header carries priority info., but no VLAN ID
• VLAN-tagged frame
• tag header carries both VLAN ID and priority
  info.
• Port VLAN ID (PVID)
• provides the VID for untagged and priority-tagged
  frames received on that Port

49
Trunk Link

• Attaches two VLAN-aware switches
• Carries Tagged frames ONLY.

50
Access Links

• Access Links are Untagged for VLAN unaware
  devices
• The VLAN switch adds Tags to received frames, and
  removes Tags when transmitting frames.

51
VLAN ID (Tag)

• 4 Bytes inserted after Destination and Source
  Address
• Length/Type Field
• VLANs 0x8100

• Priority Bit
• Range 0-7
• VLAN ID
• Range 0-4094

52
Tagging Conversions
53
Port VLAN ID

• Each port has a VLAN ID configured on it
• Indicates which VLAN untagged data should be
  associated with
• Does not constrain the port to a specific VLAN,
  nor does it mean that only untagged data can be
  processed

54
Sample VLANs
55
Traffic Segregation
56
Workgroups Physically Defined

• A mobile user from workgroup C, in building 2,
  needs to do work in building 1. By physically
  changing buildings he must change the workgroup
  section of the LAN which he/she is in.

57
VLANs Logically Defined

• With VLANs he/she can physically change
  buildings, but remain in the same workgroup.

58
Broadcast Domains (Layer 2)

• broadcast domain a network (or portion of a
  network) that will receive a broadcast packet
  from any node located within that network
• broadcast packet an Ethernet packet sent to the
  broadcast address (FFFFFFFFFFFF) which
  designates the packet as destined for all nodes
  in the broadcast domain

59
Constricting Broadcast Domains

• What defines the edge of a layer 2 broadcast
  domain?
• Router does not forward layer 2 broadcast frames
• Filtering Database by configuring the broadcast
  address to be not forwarded
• VLANs broadcast packets are tagged so they do
  not leave the configured topology of the VLAN

60
Security

• Data is contained in the VLANs topology
• By allotting sensitive data its own VLAN, only
  those nodes in the VLAN will see it.

61
GARP/GVRP

• Generic Attribute Registration Protocol
• GARP VLAN Registration Protocol

62
How does GARP work?

• Devices declare their desire for a given
  attribute by making a declaration
• Done by issuing a Join event
• Declarations can be withdrawn by issuing a Leave
  event
• Devices enter a registration for an attribute on
  a given port when they hear a declaration for the
  attribute on that port

63
GARP

• General-purpose protocol that supports a specific
  class of applications within bridges
• Defines a subset of the spanning tree that
  contains devices interested in a given network
  commodity
• Referred to as an attribute

64
GVRP - GARP VLAN Registration Protocol

• Disadvantages to Static VLANs
• Static VLANs are created via management
• Must be maintained by a network admin
• Static VLANs must be reconfigured for every
  network topology change

65
GVRP Simplifies All This!

• GVRP creates dynamic VLANs
• No manual configuration needed
• GVRP is maintained by the devices themselves
• Topology change? No problem, GVRP recreates the
  dynamic VLAN automatically

66
What can GVRP do for you?

• Allows the creation of VLANs with a specific VID
  and a specific port, based on updates from
  GVRP-enabled devices.
• Advertises manually configured VLANs to other
  GVRP-enabled device. As a result of this the
  GVRP-enable devices in the core of the network
  need no manual configuration in order to
  inter-operate.

67
GVRP Info

• GVRP is a GARP application that registers
  attributes for dynamic VLANs
• GVRP deals only with the management of dynamic
  VLANs
• Everything that you have learned about static
  VLAN packet format and transmission applies

68
How GVRP does all this

• The method of advertisement used by GVRP-enabled
  devices consists of sending Protocol Data Units
  (PDUs), similar to Spanning Tree BPDUs, to a
  known multicast MAC address (01 80 C2 00 00 21)
  to which all GVRP-enabled devices listen to for
  updates. GVRP advertisement follows the
  definition of GARP.

69
What do these PDUs contain?

• A single PDU may contain several different
  messages telling the GVRP-enabled device to
  perform a specific action.
• Join register the port for the specified VLAN
• Leave de-register the port for the specified
  VLAN
• LeaveAll de-register all VLAN registrations on
  that port
• Empty request to re-advertise dynamically and
  statically configured VLANs

70
Windows screenshot gt
Vendors (current) Cisco Systems, 3Com and
Hewlett Packard Several others are developing
working implementations also.

• Industry Implementation Example
• 3Com manufactures Network Interface Cards that
  take advantage of GVRP
• Accessed via the Control Panel (DynamicAccess)
• Extremely easy to configure

71
Example GARP/GVRP
S
72
THE END

• Any Questions?