Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

2
About This Chapter
NOTE

VLAN

Describes basic concepts of VLAN, communication fundamentals of VLAN, VLAN aggregation, VLAN stacking, VLAN mapping, VLAN damping, and VLAN applications.
The NE5000E does not support VLAN.

2.1 VLAN Overview Describes the VLAN classification, VLAN frame format, and certain concepts of VLANs. 2.2 Communication Within a VLAN Describes the communication process within a VLAN. 2.3 Communication Between VLANs Describes the communication between VLANs. 2.4 VLAN Aggregation Describes VLAN aggregation. 2.5 VLAN Stacking Describes VLAN stacking. 2.6 VLAN Mapping Describes VLAN mapping. 2.7 VLAN Damping Describes VLAN damping. 2.8 Applications of VLAN Technologies Describes VLAN applications. 2.9 References Provides references related to the VLAN technology.

Issue 01 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-1

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2.1 VLAN Overview

Describes the VLAN classification, VLAN frame format, and certain concepts of VLANs. 2.1.1 Origin of VLAN 2.1.2 VLAN Classification 2.1.3 VLAN Frame Format 2.1.4 Concepts of VLAN

2.1.1 Origin of VLAN

Traditional LAN
As shown in Figure 2-1, the traditional LAN is based on the bus structure. Figure 2-1 Networking diagram of the traditional LAN

The following problems occur in the traditional LAN:

l l

If more than one node tries to send messages at the same time, conflicts occur. The information from any node is sent to all other nodes. A method is required to send a message that is destined for a node or multiple nodes instead of all the nodes. All the hosts share the same transmission channel. Thus, information security cannot be guaranteed.

With the increase of computers on a network, the collision becomes severe and network efficiency becomes lower. As a result, collision areas form in the network. The Ethernet network adopts the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) to detect the collision. The effect of the collision is not completely removed. The Ethernet network is also a broadcast network. If a large number of computers send information at the same time, the broadcast traffic consumes a great deal of bandwidth.
2-2 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-09-22)

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

Therefore, the two problems occur in the traditional network: collision area and broadcast area. In addition, the traditional network cannot ensure information security.

Isolating Collision Areas from Normal Areas

To expand a traditional LAN to accommodate more computers, and to avoid collisions, the following methods are introduced:
l l

Bridge: A bridge connects two areas and isolates a collision area from normal areas. Layer 2 switch: Layer 2 switches originate from the bridge technology, which can isolate multiple collision areas, as shown in Figure 2-2.
NOTE

The switch in this manual refers to the Layer 2 LAN switch.

Figure 2-2 Networking diagram of Layer 2 switch

Bridges and switches forward the information from an incoming interface to an outgoing interface in switching mode, and restrict the collision area to the port level. Thus, the effect of the collision on the shared media is removed. Switches receive all the frames on a network segment. After learning the source MAC addresses in the frames, the switches set up the MAC address tables that store the mappings between the MAC addresses and the ports. For a received frame, if a switch finds the destination MAC address in the address table, the switch forwards the frame based on the specific MAC address. Thus, the collision area is isolated. If the destination MAC address cannot be found in the address table, the switch broadcasts the frame to all the ports except the receiving port. This may lead to a broadcast storm. The introduction of switches into the networking solves the problem of the collision area through the Layer 2 fast switching. This, however, does not ensure information security caused by the broadcast.

Isolating Broadcast Areas

To reduce broadcast, the hosts that are not required to access each other must be isolated from each other. To achieve this, ports on a switch are grouped. Each group forms a broadcast area.
Issue 01 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-3

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

Between groups, information is isolated. Thus, broadcast packets can be transmitted only within a group. Various technologies can isolate a broadcast area from normal areas. routers select the route based on IP addresses. Therefore, using a router to connect two network segments can effectively control the broadcast. routers, however, are costly. In this case, the Virtual Local Area Network (VLAN) is introduced. With the VLAN technology, a LAN is divided into several logical "LANs" (VLANs), with each VLAN being a broadcast area. In each VLAN, The hosts can communicate with each other in the same way as hosts in a LAN; however, VLANs cannot interact with each other directly. Therefore, broadcast packets are restricted to one VLAN. Besides partitioning broadcast areas, VLANs can improve data security. For example, different enterprise clients rent a building and they require developing their own LANs. Hence, the total cost of the LANs is high. If all the clients share a LAN, the information security cannot be guaranteed. Through VLAN, different clients can share a LAN, and information security is also guaranteed. Figure 2-3 Schematic diagram of the VLAN networking

As shown in Figure 2-3, the network is a typical VLAN application. Three switches are placed at different sites. This is more or less the same as different floors in a building. Each switch is connected to three PCs. These PCs belong to three different VLANs, which are enclosed by dashed blocks. Each corresponds to an enterprise client.

2.1.2 VLAN Classification

VLANs can be classified in the following ways:
l

Based on ports The VLAN to which a computer belongs is the VLAN of the network device port connected to the computer.

2-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 01 (2008-09-22)

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access
l

2 VLAN

Based on MAC addresses The VLAN is classified based on MAC addresses of the network interface cards. Based on the network layer protocol For example, hosts running IP belong to a VLAN, and hosts running IPX belong to another VLAN.

l l

Based on the network address Based on the application layer protocol

The 802.1Q standard draft defines the standards of classifying VLANs based on ports and MAC addresses. The NE5000E/80E/40E carries out the VLAN classification based on ports.

2.1.3 VLAN Frame Format

The IEEE 802.1Q standard modifies the Ethernet frame format. It adds a 4-byte 802.1Q tag between the source MAC address and the protocol type fields, as shown in Figure 2-4. Figure 2-4 VLAN frame format based on 802.1Q

The 802.1Q tag contains the following fields:

l

Type: It indicates the frame type. The field occupies two bytes. The value 0x8100 indicates an 802.1Q tag frame, which is discarded by devices that do not support the 802.1Q standard. PRI: It has three bits, indicating the priority of a frame. The value ranges from 0 to 7. The greater the value, the higher is the priority. When a switch is blocked, the packet with high priority is preferentially forwarded. CFI: It is short for Canonical Format Indicator. The field indicates whether a MAC address is canonical. The length of the field is one bit. CFI is used to differentiate Ethernet frames, Fiber Distributed Digital Interface (FDDI) frames, and token ring frames. For Ethernet frames, CFI is 0. VID: It indicates the VLAN to which this frame belongs. The field occupies 12 bits. In the NE5000E/80E/40E, the available ID ranges from 1 to 4094.

2.1.4 Concepts of VLAN

Issue 01 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-5

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

Link Types
The links within a VLAN can be classified into the following types:
l

Access link: It refers to the links that connect hosts and switches. As shown in Figure 2-5, the links that connect PCs and switches are access links. The Ethernet frames that pass through the access links do not carry tags. Trunk link: It refers to the links between switches. As shown in Figure 2-5, the links that connect switches are trunk links. The Ethernet frames that pass through the trunk links carry tags.

Figure 2-5 Schematic diagram of link types

Port Types
After VLAN frames are defined by the 802.1Q standard, the ports of only certain devices can identify VLAN frames. The NE5000E/80E/40E supports the classification of VLANs based on ports. That is, VLANs are classified based on the port numbers of switches. The VLAN to which a computer belongs is the VLAN to which a port that accesses the network device belongs. According to their ability of identifying VLAN frames, the ports can be classified into the following types:
l

Access port Access ports are switch ports that connect hosts. Access ports are connected only with access links. An access port allows frames of only one VLAN to pass through. After a frame is received on an access port, a tag is added to the frame. Before a frame is sent to hosts, the tag is stripped from the frame.

Trunk port
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-09-22)

2-6

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

Trunk ports are switch ports that connect switches. Trunk ports are connected only with trunk links. A trunk port allows tagged frames of different VLANs to pass through. The tags are reserved when the frames are received or sent.
l

Hybrid port Hybrid ports are switch ports that connect hosts and other switches. Hybrid ports can be connected to both access links and trunk links. A hybrid port allows tagged frames of different VLANs to pass through. The tags of certain VLAN frames can be removed when the frames are sent.

QinQ port 802.1Q-in-802.1Q (QinQ) ports are switch ports that connect switches. QinQ ports can process VLAN frames that have double tags. In IEEE 802.1Q, the VLAN tag only has 12 bits. Thus, 4096 VLANs are supported at most. In practice, especially in MANs, a great number of VLANs are needed to separate users from each other. 4096 VLANs cannot meet the requirements. A QinQ port can add double tags to an Ethernet frame. That is, an 802.1Q tag is inserted between the source address field and the existing 802.1Q tag. Thus, up to 4096 x 4096 VLANs are supported. Figure 2-6 shows the format of QinQ frames. Outer tags, also called public network tags, are used to store VLAN IDs of public networks. Inner tags, also called private network tags, are used to store VLAN IDs of private networks. Figure 2-6 Format of QinQ frames

Default VLAN
On a switch, each access, hybrid, or QinQ port can be configured with a default VLAN. For different port types, default VLANs have different meanings, which are described as follows:
l

Default VLANs for access ports and hybrid ports

After receiving frames without tags, access ports and hybrid ports add the tags to the frames, and set the VID fields in the tags to the ID of the default VLAN to which the ports belong. When the frames are sent from the access ports or hybrid ports, the switches that send the frames strip the tag if the VID field is filled with the default VLAN ID. For frames received on QinQ ports, regardless of whether the frames carry tags, the switches add the tags onto the frames, and set the VID fields in the tags to the default ID of VLAN to which the ports belong. For frames sent from QinQ ports, the switches strip the outmost tag if the VID fields in the outermost tags are filled with the default ID of VLAN to which the ports belong.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-7

Default VLAN for QinQ ports

Issue 01 (2008-09-22)

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2.2 Communication Within a VLAN

Describes the communication process within a VLAN. 2.2.1 Communication Principle of VLANs 2.2.2 Communication of Hosts in a VLAN Through Different Switches

2.2.1 Communication Principle of VLANs

All the frames that arrive at a switch have VLAN tags, which can be processed at a time, and thus the processing efficiency is improved. When a frame without a VLAN tag is received on a switch port configured with port VLAN ID (PVID), the frame is labeled with a PVID. If a frame with a VLAN tag is received on a port configured with PVID, the frame is not labeled with the VLAN tag. A PVID stands for the default ID of the VLAN to which a port belongs. Ports of different types process frames in different ways, which are described as follows:

Frame Processing on Access Ports

Access ports process VLAN frames as follows: 1. 2. Receive a Layer 2 frame. Check whether the frame has a VLAN tag.
l l

If no tag is carried, label the frame with the PVID of the access port. If a tag is carried, compare the frame tag with the PVID. If the tags are not consistent, discard the frame. If the tags are consistent, perform the following steps.

3. 4.

The switch determines the port from which the frame is sent after searching the VLAN configuration based on the destination MAC address and VLAN ID in the frame. The switch sends the frame from the outgoing interface.
l l l

On an access port, the switch strips the VLAN tag, and then sends the frame. On a trunk port, the switch sends the frame without any processing. On a hybrid port, the switch check whether the VLAN attribute on this port is Untag or Tag. If the attribute is Untag, the switch strips the VLAN tag and then sends the frame. If the attribute is Tag, the switch sends the frame without processing.

Frame Processing on Trunk Ports

Trunk ports process VLAN frames as follows: 1. 2. Receive a Layer 2 frame. Check whether the frame has a VLAN tag.
l l

If no tag is carried, label the frame with the PVID of the trunk port. If a tag is carried, judge whether the frame of the VLAN is permitted on the port. If frames of the VLAN are denied, the frame is discarded. If frames of the VLAN are permitted, perform the following steps.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-09-22)

2-8

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access
NOTE

2 VLAN

Trunk ports accept frames of certain types and reject frames of other types. For sent frames, there is no restriction.

3. 4.

The Layer 2 switch determines the port from which the frame is sent after searching out the VLAN configuration based on the destination MAC address and VLAN ID in the frame. The switch sends the frame from the outgoing interface.
l l l

On an access port, the switch strips the VLAN tag, and then sent the frame. On a trunk port, the switch sends the packet without processing. On a hybrid port, the switch checks whether the VLAN attribute on this port is Untag or Tag. If the attribute is Untag, the switch strips the VLAN tag and then sends the frame. If the attribute is Tag, the switch sends the frame without any processing.

Frame Processing on Hybrid Ports

Hybrid ports process VLAN frames as follows: 1. 2. Receive a Layer 2 frame. Check whether the frame has a VLAN tag.
l l

If no tag is carried, label the frame with the PVID of the hybrid port. If a tag is carried, judge whether the frame of the VLAN is permitted on the port. If frames of the VLAN are denied, the frame is discarded. If frames of the VLAN are permitted, the hybrid ports perform the following steps.

3. 4.

The Layer 2 switch determines the port from which the frame is sent after searching out the VLAN configuration based on the destination MAC address and VLAN ID in the frame. The switch sends the frame from the outgoing interface.
l l l

On an access port, the switch strips the VLAN tag, and then sends the frame. On a trunk port, the switch sends the packet without processing. On a hybrid port, the switch checks whether the VLAN attribute on this port is Untag or Tag. If the attribute is Untag, the switch strips the VLAN tag and then sends the frame. If the attribute is Tag, the switch sends the frame without any processing.
NOTE

VLAN frames permitted on hybrid ports are divided into untagged frames and tagged frames. Trunk ports can send frames only of certain types but can accept frames of all types. For example, "Untagged VLAN ID : 2,3" indicates that the VLAN tags of the VLAN 2 and VLAN 3 frames are stripped when the frames are sent from the hybrid port. "tagged VLAN ID : 4.5" indicates that the VLAN tags of the VLAN 4 and VLAN 5 frames are reserved when the frames are sent on the hybrid port.

2.2.2 Communication of Hosts in a VLAN Through Different Switches

In certain cases, hosts within a VLAN are located far away from each other, or ports on a switch are not enough to connect all the users. Therefore, the hosts are connected to different switches. When the hosts of a VLAN are connected to different switches, interfaces that connect the switches must be capable of identifying and sending frames of multiple VLANs. Thus, trunk links, which can identify and send frames of multiple VLANs, are introduced. Trunk links have the following functions:
Issue 01 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-9

2 VLAN
l

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

Relay function Trunk links can transparently transmit VLAN frames to the connected switches or routers. Thus, the scale of a VLAN is expanded.

Trunk function A trunk link can transmit frames of multiple VLANs.

Figure 2-7 Schematic diagram of trunk links

In Figure 2-7, to ensure that the link between Router A and Router B supports communication in VLAN 2 and VLAN 3, the interfaces that connect the two routers must belong to two VLANs. That is, Ethernet 0/0/2 of Router A and Ethernet 0/0/1 of Router B must belong to both VLAN 2 and VLAN 3. The process of transmitting a frame from Host A to Host B is as follows: 1. 2. 3. 4. 5. 6. The frame is received on Ethernet 0/0/4 of Router A. Ethernet 0/0/4 adds a tag to the frame and the VID field is filled with the ID number 2, which is the ID of the VLAN to which Ethernet 0/0/4 belongs. Router A sends the frame to all the ports that belong to VLAN 2 except Ethernet 0/0/4. Ethernet 0/0/2 forwards the frame to Router B. Router B identifies that the tag in the frame belongs to VLAN2. Therefore, Router B forwards the frame to all the ports that belong to VLAN 2 except Ethernet 0/0/1. Ethernet 0/0/3 forwards the frame to Host B.

2.3 Communication Between VLANs

Describes the communication between VLANs. After a LAN is divided into VLANs, the PCs in a VLAN cannot directly communicate with the PCs in another VLAN through Layer 2. For communication between VLANs, you need to implement IP routing between VLANs. 2.3.1 Layer 2 Switches + routers
2-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-09-22)

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

2.3.2 Layer 3 Switches

2.3.1 Layer 2 Switches + routers

Usually, Ethernet interfaces of switches (switched Ethernet interfaces) and Ethernet interfaces of routers (routed Ethernet interfaces) are connected to construct a LAN, as shown in Figure 2-8. Figure 2-8 Communication between VLANs through switches and routers

In Figure 2-8, the PCs attached to the switch belong to two VLANs, namely VLAN2 and VLAN3. To realize the communication between VLAN2 and VLAN3, do as follows:
l

Create two sub-interfaces on the Ethernet interface that connects the router and the switch. The two sub-interfaces correspond to VLAN2 and VLAN3 respectively. Encapsulate the sub-interfaces with the 802.1Q protocol and configure IP addresses for the sub-interfaces. Change the type of the Ethernet interface that connects the router and the switch to trunk or Hybrid and allow frames of VLAN2 and VLAN3 to pass through.

The switch + router model has the following problems:

l l

Multiple devices are required and the networking is complicated. Communication between VLANs is realized through routers. routers are costly and work at a low speed.

2.3.2 Layer 3 Switches

The configuration on VLANIF interfaces on a Layer 3 switch can realize the communication between VLANs. As shown in Figure 2-9, the PCs attached to the switch belong to two VLANs, namely VLAN2 and VLAN3. You can create two VLANIF interfaces on the switch, and configure IP addresses and routes for them. The PCs in VLAN2 can then communicate with the PCs in VLAN3.
Issue 01 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-11

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

Figure 2-9 Communication between VLANs through a Layer 3 switch

The introduction of Layer 3 switches solves the problem of the switch + router model. Layer 3 switches can perform fast forwarding at a low cost. Layer 3 switches, however, have the following disadvantages:
l l

Layer 3 switches have a narrow application scope, generally Ethernet networks. Layer 3 switches are suitable only for stable networks.

2.4 VLAN Aggregation

Describes VLAN aggregation. 2.4.1 Background of VLAN Aggregation 2.4.2 Implementation

2.4.1 Background of VLAN Aggregation

VLAN is widely applied to switching networks because of its flexible control of broadcast domains and convenient deployment. On a Layer-3 switch, the interconnection between the broadcast domains is implemented by using one VLAN to correspond to one Layer-3 interface. However, this can waste IP addresses. Figure 2-10 shows the VLAN division in the device.

2-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 01 (2008-09-22)

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

Figure 2-10 Diagram of a common VLAN

Table 2-1 Example of Assigning Host Addresses on a common VLAN VLAN Sub-network Gateway address 1.1.1.1 1.1.1.17 1.1.1.25 Number of available addresses 14 6 2 Number of available hosts 13 5 1 Practical requireme nts 10 5 1

2 3 4

1.1.1.0/28 1.1.1.16/29 1.1.1.24/30

VLAN 2 requires 10 host addresses. The sub network 1.1.1.0/28 with the mask length as 28 bits is assigned for VLAN 2. 1.1.1.0 is the address of the sub network, and 1.1.1.15 is the directed broadcast address. These two addresses cannot serve as the host address. In addition, as the default address of the network gateway of the sub network, 1.1.1.1 cannot be used as the host address. The other 13 addresses ranging from 1.1.1.2 to 1.1.1.14 can be used by the hosts. In this way, although VLAN 2 needs only ten addresses, 13 addresses need to be assigned for it according to the division of the sub network. VLAN 3 requires five host addresses. The sub network 1.1.1.16/29 with the mask length as 29 bits needs to be assigned for VLAN 3. VLAN 4 requires only one address. The sub network 1.1.1.24/30 with the mask length as 30 bits needs to be assigned for VLAN 4. In above, 16 (10+5+1) addresses are needed for all the preceding VLANs. However, 28 (16+8 +4) addresses are needed according to the common VLAN addressing mode even if the optimal scheme is used. Thus, nearly half of the addresses is wasted. In addition, if VLAN 2 is accessed to three hosts instead of ten hosts later, the extra addresses will not be used by other VLANs and thus will be wasted. This division is inconvenient for the later network upgrade and expansion. If VLAN 4 needs addition two hosts and does not want to change the assigned IP addresses, and the addresses
Issue 01 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-13

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

after 1.1.1.24 has been assigned to others, a new sub network with the mask length as 29 bits and a new VLAN need to be assigned for the new customers of VLAN 4. Therefore, the customers of VLAN 4 have only three hosts, but the customers are assigned to two sub networks and are not in the same VLAN. As a result, this is inconvenient for network management. In above, many IP addresses are used as the addresses of sub networks, directional broadcast addresses of sub networks, and default addresses of network gateways of sub networks. Thus, these IP addresses cannot be used as the host addresses in the VLAN. The limit on address assignation reduces the addressing flexibility, so that many idle addresses are wasted. To solve this problem, VLAN aggregation is used.

2.4.2 Implementation
The VLAN aggregation technology, also known as the super-VLAN, provides a mechanism that partitions the broadcast domain by using multiple VLANs in a physical network so that different VLANs can belong to the same subnet. In VLAN aggregation, two concepts are involved, namely, super-VLAN and sub-VLAN.
l

Super-VLAN: It is different from the common VLAN. In the super-VLAN, only Layer 3 interfaces are created and physical ports are not contained. The super-VLAN can be viewed as a logical Layer 3 concept. It is a collection of many sub-VLANs. Sub-VLAN: It is used to isolate broadcast domains. In the sub-VLAN, only physical ports are contained and Layer 3 VLAN interfaces cannot be created. The Layer 3 switching with the external network is implemented through the Layer 3 interface of the super-VLAN.

A super-VLAN can contain one or more sub-VLANs retaining different broadcast domains. The sub-VLAN does not occupy an independent subnet segment. In the same super-VLAN, IP addresses of hosts belong to the subnet segment of the super-VLAN, regardless of the mapping between hosts and sub-VLANs. Thus, the same Layer 3 interface is shared by sub-VLANs. Some subnet IDs, default gateway addresses of the subnet, and directed broadcast addresses of the subnet are saved; meanwhile, different broadcast domains can use the addresses in the same subnet segment. As a result, subnet differences are eliminated, addressing becomes flexible and idle addresses are reduced. Take the previous example to explain the implementation theory. Suppose that user demands are unchanged. In VLAN 2, 10 host addresses are demanded; in VLAN 3, 5 host addresses are demanded; in VLAN 4, 1 host address is demanded. According to the implementation of VLAN aggregation, create VLAN 10 and configure VLAN 10 as a super-VLAN. Then assign a subnet address 1.1.1.0/24 with the mask length being 24 to VLAN 10; 1.1.1.0 is the subnet ID and 1.1.1.1 is the directed broadcast address of the subnet, as shown in Figure 1-2. Address assignment of sub-VLANs (VLAN 2, VLAN 3, and VLAN 4) are shown in Table 2-2.

2-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 01 (2008-09-22)

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

Figure 2-11 Schematic diagram of VLAN aggregation

Table 2-2 Example for assigning Host addresses in VLAN aggregation mode VLAN Subnet Gateway address 1.1.1.1 1.1.1.17 1.1.1.25 Number of available addresses 10 5 1 Number of available hosts 1.1.1.2-1.1.1 .11 1.1.1.12-1.1. 1.16 1.1.1.17 Requireme nts 10 5 1

2 3 4

1.1.1.0/24 1.1.1.0/24 1.1.1.0/24

In VLAN aggregation implementation, sub-VLANs are not divided according to the previous subnet border. Instead, their addresses are flexibly assigned in the subnet corresponding to the super-VLAN according to the required host number. The previous table shows that VLAN 2, VLAN 3, and VLAN 4 share a subnet (1.1.1.0/24), a default gateway address of the subnet (1.1.1.1), and a directed broadcast address of the subnet (1.1.1.255). In this manner, the subnet ID (1.1.1.16, 1.1.1.24), the default gateway of the subnet (1.1.1.17, 1.1.1.25), and the directed broadcast address of the subnet (1.1.1.5, 1.1.1.23, and 1.1.1.24) can be used as IP addresses of hosts. Totally, 16 addresses (10 + 5 + 1 = 16) are required for the three VLANs. In practice, in this subnet, a total of 16 addresses are assigned to the three VLANs (1.1.1.2 to 1.1.1.17). A total of
Issue 01 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-15

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

19 IP addresses are used, that is, the 16 host addresses together with the subnet ID (1.1.1.0), the default gateway of the subnet (1.1.1.1), and the directed broadcast address of the subnet (1.1.1.255). In the network segment, 236 addresses (255 - 19 = 236) are available, which can be used by any host in the sub-VLAN.

2.5 VLAN Stacking

Describes VLAN stacking. The VLAN stacking is a Layer 2 technology that adds the outer VLAN tags according to different VLAN IDs. On a network that hosts access carriers, user requirements are classified according to the user applications, and access sites or devices. VLAN stacking can label user packets with outer tags based on the user tags, IP addresses, or MAC addresses to differentiate users. A port with the VLAN stacking function has the following features:
l

On a port with the VLAN stacking function, multiple external VLAN tags can be configured. The port can add different external tags to different VLAN frames. A port with the VLAN stacking function can add the external tag to the frame that is received on the port and remove the outer tag of the frame to be sent on the port.

2.6 VLAN Mapping

Describes VLAN mapping. VLAN mapping, also called VLAN translation, is a technology that translates user VLAN IDs and carrier VLAN IDs. The translation takes place after a frame is received on a port and before the frame is sent from the outgoing interface. After the mappings of more than two VLAN IDs are configured on a port,
l

When sending a local VLAN frame to the external VLAN, the port replaces the VLAN tag of the frame with the VLAN tag of the external VLAN. When receiving an external VLAN frame, the port replaces the VLAN tag of the frame with the VLAN tag of the local VLAN.

Thus, different VLANs can communicate with each other. As shown in Figure 2-12, GE 1/0/1 is configured with VLAN 2 and VLAN 3 mappings. When GE 1/0/1 sends a VLAN2 frame, the VLAN 2 tag is replaced with VLAN 3 tag. When GE 1/0/1 receives a VLAN 3 frame, the VLAN 3 tag is replaced with VLAN 2 tag. Thus, the hosts in VLAN 2 and VLAN 3 can communicate.

2-16

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 01 (2008-09-22)

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

Figure 2-12 Schematic diagram of VLAN mapping

In addition, the devices in two VLANs can communicate with each other by adopting the VLAN mapping only if the IP addresses of the devices in both the VLANs are on the same network segment.

2.7 VLAN Damping

Describes VLAN damping. An access router has active interfaces and standby interfaces. Active interfaces forward packets and standby interfaces do not forward packets. When an active interface malfunctions, before its standby interface begins to work, the VLANIF interface on the router goes Down. This leads to route flapping in the whole network. After the standby interface works normally, the VLANIF interface restores the Up state, and then the network converges. The process, generally, lasts several seconds. VLAN damping function is introduced to prevent unnecessary route flapping. After the status of all the interfaces changes to Down, the Down status is reported to the VLANIF interfaces after a period, which is called the suppression period (configurable). During the suppression period, if the status of a port changes to Up, the VLANIF interfaces remain in the Up state. Thus, unnecessary route flapping is prevented.

2.8 Applications of VLAN Technologies

Describes VLAN applications. 2.8.1 Application of VLANs Based on Ports 2.8.2 Application of VLAN Trunk 2.8.3 Application of Communication Between VLANs 2.8.4 Application of VLAN Aggregation

Issue 01 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-17

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2.8.1 Application of VLANs Based on Ports

Figure 2-13 Classification of VLANs based on ports

In Figure 2-13, to realize the isolation of service data of different companies, the central switch in a commercial building divides ports of different companies to different VLANs. Each company belongs to a virtual switch and each VLAN is a virtual workgroup.

2.8.2 Application of VLAN Trunk

Figure 2-14 Schematic diagram of VLAN trunk

In Figure 2-14, departments of a company are located in different buildings. After the central switches of different buildings are connected to trunk links, service data of different companies are isolated, and service data of different departments in a company can be exchanged.

2.8.3 Application of Communication Between VLANs

The communication between different companies is the communication between different VLANs. Different VLANs can communicate in the following ways:
2-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 01 (2008-09-22)

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

2 VLAN

Multiple VLANs Attached to a router

Figure 2-15 Multiple VLANs attached to a router

As shown in Figure 2-15, VLAN 2, VLAN 3, and VLAN 4 are attached to Router A. That is, the hosts in VLAN 2, VLAN 3, and VLAN 4 communicate through Router A instead of different switches. After a VLANIF interface is configured for each VLAN on Router A, VLAN 2, VLAN 3, and VLAN 4 can communicate. Router A in Figure 2-15 can also be a Layer 3 switch.

Communication Between Hosts in Multiple VLANs Through Different routers

Figure 2-16 Communication between hosts in multiple VLANs through different routers

As shown in Figure 2-16, hosts in VLAN 2, VLAN 3, and VLAN 4 communicate through different Layer 3 devices. After a virtually routed interface is configured for each VLAN on Router A and Router B, and static routes or routing protocols are configured between Router A and Router B, hosts in different VLANs can communicate through different Layer 3 devices. The routers in Figure 2-16 can also be Layer 3 switches.

2.8.4 Application of VLAN Aggregation

Issue 01 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-19

2 VLAN

Quidway NetEngine5000E/80E/40E Router Feature Description - LAN Access and MAN Access

Figure 2-17 Application of VLAN aggregation

As shown in Figure 2-17, after an IP address is configured for each VLAN on router, the hosts in different VLANs can communicate. To save the IP addresses, aggregate VLAN 1 and VLAN 2 into super-VLAN 1, and aggregate VLAN 3 and VLAN 4 into super-VLAN 2. Thus, a router only needs to allocate an IP address to the super VLAN instead of allocating an IP address to each VLAN. After proxy ARP is configured on the router, the hosts in different sub-VLANs of a super VLAN can communicate.

2.9 References
Provides references related to the VLAN technology. For more information about VLANs, see the following documents. Document RFC 3069 IEEE 802.1Q Description VLAN Aggregation for Efficient IP Address Allocation IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks

2-20

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 01 (2008-09-22)