w08-tut-ans
TRANSCRIPT
-
7/27/2019 w08-tut-ans
1/6
COMP247 Data Communications
Tutorial SheetWeek 8 (Week 7 lectures)
QUESTION 1
What are the differences and similarities between a Layer 3 Switch and a router?
ANSWERRouter versus Layer 3 switch
Layer 3 switches are routers with fast forwarding done via hardware.
The key difference between Layer 3 switches and routers lies in the hardware technology
used to build the unit. The hardware inside a Layer 3 switch merges that of traditionalswitches and routers, replacing some of a router's software logic with hardware to offer
better performance in some situations. IP forwarding typically involves a route lookup,decrementing the Time To Live (TTL) count and recalculating the checksum, andforwarding the frame with the appropriate MAC header to the correct output port.
Lookups can be done in hardware, as can the decrementing of the TTL and the
recalculation of the checksum.Layer 3 switches often cost less than traditional routers.
The major difference between the packet switching operation of a router and a Layer 3
switch is the physical implementation. In general-purpose routers, packet switching takes
place using a microprocessor, whereas a Layer 3 switch performs this using application
specific integrated circuit (ASIC) hardware.Similarity
A Layer 3 switch can support the same routing protocols as network routers do. Bothinspect incoming packets and make dynamic routing decisions based on the source and
destination addresses inside. Both types of boxes share a similar appearance.
QUESTION 2
What are the key advantages and disadvantages of:
bridged backbones
routed backbones
collapsed backbones?
ANSWER
Advantages Disadvantages
Bridged
backbones Since bridges tend to be less
expensive than routers, they are
often cheaper.
Bridges are usually simpler to install
because the network manager does
Bridged backbones pay a penalty for
the broadcast paradigm and are
slower than routed backbones. Sincebridged backbone and all networks
connected to them are part of the
-
7/27/2019 w08-tut-ans
2/6
not need to worry about building
many different subnets and assigninga whole variety of different subnet
masks and addresses in each part of
the network
same subnet, broadcast messages
(e.g., address requests) must bepermitted to travel everywhere in the
backbone. This means, for example,
that a computer in one LAN
attempting to find the data link layeraddress of a server in the same LAN
will issue a broadcast message thatwill travel to every computer on
every LAN attached to the
backbone. (In contrast, on a routed
backbone such messages wouldnever leave the LAN in which they
originated.)
Overhead or utility messages add to
the broadcast paradigm penalty.
There are many different types ofbroadcast messages other thanaddress requests (e.g., a printer
reporting it is out of paper, a server
about to be shut down). Thesebroadcast messages quickly use up
network capacity in a large bridged
network. The result is slower
response times for the user. In asmall network, the problems are not
as great, because there are fewer
computers to issue such broadcastmessages.
Since the backbone and all attached
networks are considered part of the
same subnet, it is more difficult topermit different individuals to
manage different parts of the
network (e.g., LANs); a change inone part of the network has the
potential to significantly affect all
other parts.
It is possible to run out of IPaddresses if the entire network has
many computers.
Routed
backbones Clear segmentation of parts of the
network connected to the backbone as
each network has a subnet address
and can be managed separately.
Slower performance as routing takes
more time than bridging or switching.
Management and/or software
overhead costs due to need toestablish subnet addressing and
-
7/27/2019 w08-tut-ans
3/6
provide reconfiguration when
computers are moved (or supportdynamic addressing).
Collapsed
backbones Performance is improved. With the
traditional backbone network, the
backbone circuit was shared amongmany LANs; each had to take turnssending messages. With the
collapsed backbone, each connection
into the switch is a separate point-to-
point circuit. The switch enablessimultaneous access, so that several
LANs can send messages to other
LANs at the same time. Throughputis increased significantly, often by
200% to 600%, depending upon the
number of attached LANs and thetraffic pattern.
Since there are far fewer networking
devices in the network, this reduces
costs and greatly simplifies networkmanagement. All the key backbone
devices are in the same physical
location, and all traffic must flow
through the switch. If somethinggoes wrong or if new cabling is
needed, it can all be done in one
place. Software reconfiguration replaces
hardware reconfiguration.
Because data link layer addresses are
used to move packets, there is more
broadcast traffic flowing through thenetwork and it is harder to isolate andseparately manage the individually
attached LANs. Layer 3 switches can
use the network layer address, so
future collapsed backbones built withlayer 3 will not suffer from this
problem.
Collapsed backbones use more cable,
and the cable must be run longerdistances, which often means that
fiber optic cables must be used. If the switch fails, so does the entire
backbone network. If the reliability of
the switch has the same reliability as
the reliability of the routers, then thereis less chance of an failure (because
there are fewer devices to fail).
For most organizations, the relatively
minor disadvantages of cablerequirements and impacts of potential
switch failure are outweighed by the
benefits offered by collapsed backbones.
Question 3
Why are broadcast messages important for backbone network design?
ANSWERSome application software packages and network operating system modules written for
use on LANs broadcast status messages to all computers on the LAN (but not necessarilyall computers served by a BN). For example, broadcast messages inform users when
printers are out of paper, or when the network manager is about to shut down the server.These types of messages require filtering in a backbone network if their broadcast scopeshould be restricted to a particular LAN or segment.
Broadcast messages are the main difference between bridged backbones and routed
backbones. A broadcast message is not passed by a router. This means that broadcastmessages are kept out of the backbone when a routed backbone is used. For large
networks, the broadcast traffic generated can become a significant portion of the overall
-
7/27/2019 w08-tut-ans
4/6
traffic if it is distributed throughout the entire network. However, limiting the range of
broadcast messages complicates network management.
Question 4
Identify two methods of identifying the VLAN membership.
ANSWERThe two methods are as follows:1. Parse the frame and apply the membership rules: This is sometimes referred to as
implicit tagging. A frames VLAN association can always be inferred by inspecting
the frame contents and applying the complete set of VLAN association rules for the
network. In this case, the VLAN association may be a function of:
Data Link Source Address.
Protocol type.
Higher layer network identifiers.(IP address, Subnet mask)
Application specific fields (port numbers) and so on.Typically this form of VLAN determination is made by an edge switch (Directlyconnected to a VLAN unaware end station). The forwarding behaviour of the switch
is, in part, determined by the resulting VLAN association of the frame.
2. Provide an explicit VLAN identifier within the frame itself: This is known as explicittagging (or sometimes just tagging). A VLAN aware end station or switch can declare
the VLAN association through the use of a predefined tag field carried within the
frame. In this case, the explicit tag is a predefined field in a frame that carries (at aminimum) the VLAN identifier for that frame.
Question 5
Explain the following VLAN types: MAC based
IP based
Protocol based
Why does it make sense to have a 1:1 mapping between a VLAN and an IP subnet?
ANSWER1) MAC based VLAN Mapping
Here, membership in a VLAN is based on the MAC address of the workstation. The
switch tracks the MAC addresses which belong to each VLAN. Since MAC addresses
form a part of the workstation's network interface card, when a workstation is moved, noreconfiguration is needed to allow the workstation to remain in the same VLAN. This is
unlike Layer 1 VLAN's where membership tables must be reconfigured.
The main problem with this method is that, VLAN membership must be assigned
initially. In networks with thousands of users, this is no easy task. Also, in environmentswhere notebook PC's are used, the MAC address is associated with the docking station
and not with the notebook PC.
Consequently, when a notebook PC is moved to a different docking station, its VLANmembership must be reconfigured.
-
7/27/2019 w08-tut-ans
5/6
2) IP Subnet Based VLAN Mapping
Membership is based on the Layer 3 header. The network IP subnet address can be used
to classify VLAN membership.Although VLAN membership is based on Layer 3 information, this has nothing to do
with network routing and should not be confused with router functions. In this method, IP
addresses are used only as a mapping to determine membership in VLAN's. No otherprocessing of IP addresses is done.
In Layer 3 VLAN's; users can move their workstations without reconfiguring their
network addresses.The only problem is that, it generally takes longer to forward packets using Layer 3
information than using MAC addresses
3) Protocol Based VLAN Mapping
It is a VLAN mapping scheme that associates a set of processes within stations to aVLAN rather than the stations themselves. Each device may have an IP Protocol stack, an
AppleTalk protocol stack and an IPX protocol stack. The VLAN aware switches are
configured such that they can associate a frame with a VLAN based on a combination of
the stations MAC source address and the protocol stack in use thereby creating separateVLANs for each set of protocol specific applications.
VLAN and IP Subnet
With VLANs and IP, best practices dictate a one to one relationship between VLANs and
IP subnets. To begin with, recall that VLAN is essentially a broadcast domain similar to
an IP subnet. A station in a VLAN cannot communicate directly with another station in adifferent VLAN they require a L3 device to forward packets between these separate
VLAN broadcast domains; a property that holds true for an IP subnet as well. So it is a
good design practice to have a 1:1 mapping between an IP subnet and a VLAN. Having
said this, there are situations where you are required to put multiple subnets in a VLANor alternatively use one subnet to host multiple VLANs.Question 6
In order to provide VLAN capabilities, VLAN association rules are usually applied
at the edge switches while the end stations remain VLAN unaware. By making end
systems VLAN aware a number of advantages can be gained. Identify and describe
some advantages of this scheme.
ANSWER VLANs can be used for highly application specific functions. Besides just using
VLANs for workgroup traffic isolation or station mobility, particular applications
within the end stations can use VLANs for narrow purposes. or example, a set of
stations may negotiate a dynamically created VLAN for the purpose of carryingon a short term audio or video conference; the conferencing application in the end
station can tag the frames for that particular conference with a unique VLAN
identifier. No complex parsing of application protocols is need to achieve thedesired functionality.
A VLAN aware end station can use a single physical LAN interface as multiple,
independent logical interfaces. Different protocol suites or applications within a
station can have unique logical connectivities; the world view of the network for
-
7/27/2019 w08-tut-ans
6/6
each application within the station can be different. Each can be a member of its
own VLAN; the frames it sends will propagate only to the members of the same
VLAN. . Each VLAN may even use different source address for the samephysical interface.
In the extreme case, if all frames carry VLAN tags, there is no need for edge
switch VLAN functionality. All switches can make their decisions solely on theVLAN tag information. This solution simplifies the implementation of high
performance switches.
Note: Poll the students to see if they can identify any disadvantages with VLAN awareend system scheme.
Question 7
What should happen if a switch using any address-based VLAN mapping receives a
frame from an unknown source address?
ANSWER
Since the switch uses the source address to determine the VLAN membership, it will notbe able to figure out the VLAN to which this frame belongs. Should it forward the frame
to the intended destination(s) or not? This decision reflects a trade-off between ease ofconnectivity and VLAN security. Strict enforcement of the VLAN rule mandates that the
frame should not be forwarded; such action protects the integrity of the VLAN.
However, based on my experience, I have seen many commercial products (that includessome old Cisco gear in our lab) are not so strict in their operation; they usually forward
traffic from unknown sources to the port determined by the destination address including
flooding traffic to all ports in the case of an unknown or multicast destination.
Question 8
In what situations would it be useful to combine an address based VLAN mapping
with port based mapping?
ANSWERSometimes a switch may need to enforce a complex rule. For example, we may definethe rules to permit access to a given VLAN by unknown source addresses (discussed in
the previous question), but only from specific ports. This could allow guest access to
limited resources (a guest VLAN) only from specific locations (e.g., a guest center).
Guest users cannot access VLANs reserved for other purposes, nor could they defeatsecurity by finding an empty office and connecting a portable computer.