You are on page 1of 6

COMP247 Data Communications

Tutorial Sheet
Week 8 (Week 7 lectures)
QUESTION 1 What are the differences and similarities between a Layer 3 Switch and a router? ANSWER Router versus Layer 3 switch Layer 3 switches are routers with fast forwarding done via hardware. The key difference between Layer 3 switches and routers lies in the hardware technology used to build the unit. The hardware inside a Layer 3 switch merges that of traditional switches and routers, replacing some of a router's software logic with hardware to offer better performance in some situations. IP forwarding typically involves a route lookup, decrementing the Time To Live (TTL) count and recalculating the checksum, and forwarding the frame with the appropriate MAC header to the correct output port. Lookups can be done in hardware, as can the decrementing of the TTL and the recalculation of the checksum. Layer 3 switches often cost less than traditional routers. The major difference between the packet switching operation of a router and a Layer 3 switch is the physical implementation. In general-purpose routers, packet switching takes place using a microprocessor, whereas a Layer 3 switch performs this using application specific integrated circuit (ASIC) hardware. Similarity A Layer 3 switch can support the same routing protocols as network routers do. Both inspect incoming packets and make dynamic routing decisions based on the source and destination addresses inside. Both types of boxes share a similar appearance. QUESTION 2 What are the key advantages and disadvantages of: bridged backbones routed backbones collapsed backbones? ANSWER Advantages Disadvantages Bridged Since bridges tend to be less Bridged backbones pay a penalty for backbones expensive than routers, they are the broadcast paradigm and are often cheaper. slower than routed backbones. Since bridged backbone and all networks Bridges are usually simpler to install connected to them are part of the because the network manager does

not need to worry about building many different subnets and assigning a whole variety of different subnet masks and addresses in each part of the network

Routed backbones Clear segmentation of parts of the network connected to the backbone as each network has a subnet address and can be managed separately.

same subnet, broadcast messages (e.g., address requests) must be permitted to travel everywhere in the backbone. This means, for example, that a computer in one LAN attempting to find the data link layer address of a server in the same LAN will issue a broadcast message that will travel to every computer on every LAN attached to the backbone. (In contrast, on a routed backbone such messages would never leave the LAN in which they originated.) Overhead or utility messages add to the broadcast paradigm penalty. There are many different types of broadcast messages other than address requests (e.g., a printer reporting it is out of paper, a server about to be shut down). These broadcast messages quickly use up network capacity in a large bridged network. The result is slower response times for the user. In a small network, the problems are not as great, because there are fewer computers to issue such broadcast messages. Since the backbone and all attached networks are considered part of the same subnet, it is more difficult to permit different individuals to manage different parts of the network (e.g., LANs); a change in one part of the network has the potential to significantly affect all other parts. It is possible to run out of IP addresses if the entire network has many computers. Slower performance as routing takes more time than bridging or switching. Management and/or software overhead costs due to need to establish subnet addressing and

Collapsed backbones

Performance is improved. With the traditional backbone network, the backbone circuit was shared among many LANs; each had to take turns sending messages. With the collapsed backbone, each connection into the switch is a separate point-topoint circuit. The switch enables simultaneous access, so that several LANs can send messages to other LANs at the same time. Throughput is increased significantly, often by 200% to 600%, depending upon the number of attached LANs and the traffic pattern. Since there are far fewer networking devices in the network, this reduces costs and greatly simplifies network management. All the key backbone devices are in the same physical location, and all traffic must flow through the switch. If something goes wrong or if new cabling is needed, it can all be done in one place. Software reconfiguration replaces hardware reconfiguration.

provide reconfiguration when computers are moved (or support dynamic addressing). Because data link layer addresses are used to move packets, there is more broadcast traffic flowing through the network and it is harder to isolate and separately manage the individually attached LANs. Layer 3 switches can use the network layer address, so future collapsed backbones built with layer 3 will not suffer from this problem. Collapsed backbones use more cable, and the cable must be run longer distances, which often means that fiber optic cables must be used. If the switch fails, so does the entire backbone network. If the reliability of the switch has the same reliability as the reliability of the routers, then there is less chance of an failure (because there are fewer devices to fail). For most organizations, the relatively minor disadvantages of cable requirements and impacts of potential switch failure are outweighed by the benefits offered by collapsed backbones.

Question 3 Why are broadcast messages important for backbone network design? ANSWER Some application software packages and network operating system modules written for use on LANs broadcast status messages to all computers on the LAN (but not necessarily all computers served by a BN). For example, broadcast messages inform users when printers are out of paper, or when the network manager is about to shut down the server. These types of messages require filtering in a backbone network if their broadcast scope should be restricted to a particular LAN or segment. Broadcast messages are the main difference between bridged backbones and routed backbones. A broadcast message is not passed by a router. This means that broadcast messages are kept out of the backbone when a routed backbone is used. For large networks, the broadcast traffic generated can become a significant portion of the overall

traffic if it is distributed throughout the entire network. However, limiting the range of broadcast messages complicates network management. Question 4 Identify two methods of identifying the VLAN membership. ANSWER The two methods are as follows: 1. Parse the frame and apply the membership rules: This is sometimes referred to as implicit tagging. A frames VLAN association can always be inferred by inspecting the frame contents and applying the complete set of VLAN association rules for the network. In this case, the VLAN association may be a function of: Data Link Source Address. Protocol type. Higher layer network identifiers.(IP address, Subnet mask) Application specific fields (port numbers) and so on. Typically this form of VLAN determination is made by an edge switch (Directly connected to a VLAN unaware end station). The forwarding behaviour of the switch is, in part, determined by the resulting VLAN association of the frame. 2. Provide an explicit VLAN identifier within the frame itself: This is known as explicit tagging (or sometimes just tagging). A VLAN aware end station or switch can declare the VLAN association through the use of a predefined tag field carried within the frame. In this case, the explicit tag is a predefined field in a frame that carries (at a minimum) the VLAN identifier for that frame. Question 5 Explain the following VLAN types: MAC based IP based Protocol based Why does it make sense to have a 1:1 mapping between a VLAN and an IP subnet? ANSWER 1) MAC based VLAN Mapping Here, membership in a VLAN is based on the MAC address of the workstation. The switch tracks the MAC addresses which belong to each VLAN. Since MAC addresses form a part of the workstation's network interface card, when a workstation is moved, no reconfiguration is needed to allow the workstation to remain in the same VLAN. This is unlike Layer 1 VLAN's where membership tables must be reconfigured. The main problem with this method is that, VLAN membership must be assigned initially. In networks with thousands of users, this is no easy task. Also, in environments where notebook PC's are used, the MAC address is associated with the docking station and not with the notebook PC. Consequently, when a notebook PC is moved to a different docking station, its VLAN membership must be reconfigured.

2) IP Subnet Based VLAN Mapping Membership is based on the Layer 3 header. The network IP subnet address can be used to classify VLAN membership. Although VLAN membership is based on Layer 3 information, this has nothing to do with network routing and should not be confused with router functions. In this method, IP addresses are used only as a mapping to determine membership in VLAN's. No other processing of IP addresses is done. In Layer 3 VLAN's; users can move their workstations without reconfiguring their network addresses. The only problem is that, it generally takes longer to forward packets using Layer 3 information than using MAC addresses 3) Protocol Based VLAN Mapping It is a VLAN mapping scheme that associates a set of processes within stations to a VLAN rather than the stations themselves. Each device may have an IP Protocol stack, an AppleTalk protocol stack and an IPX protocol stack. The VLAN aware switches are configured such that they can associate a frame with a VLAN based on a combination of the stations MAC source address and the protocol stack in use thereby creating separate VLANs for each set of protocol specific applications. VLAN and IP Subnet With VLANs and IP, best practices dictate a one to one relationship between VLANs and IP subnets. To begin with, recall that VLAN is essentially a broadcast domain similar to an IP subnet. A station in a VLAN cannot communicate directly with another station in a different VLAN they require a L3 device to forward packets between these separate VLAN broadcast domains; a property that holds true for an IP subnet as well. So it is a good design practice to have a 1:1 mapping between an IP subnet and a VLAN. Having said this, there are situations where you are required to put multiple subnets in a VLAN or alternatively use one subnet to host multiple VLANs. Question 6 In order to provide VLAN capabilities, VLAN association rules are usually applied at the edge switches while the end stations remain VLAN unaware. By making end systems VLAN aware a number of advantages can be gained. Identify and describe some advantages of this scheme. ANSWER VLANs can be used for highly application specific functions. Besides just using VLANs for workgroup traffic isolation or station mobility, particular applications within the end stations can use VLANs for narrow purposes. or example, a set of stations may negotiate a dynamically created VLAN for the purpose of carrying on a short term audio or video conference; the conferencing application in the end station can tag the frames for that particular conference with a unique VLAN identifier. No complex parsing of application protocols is need to achieve the desired functionality. A VLAN aware end station can use a single physical LAN interface as multiple, independent logical interfaces. Different protocol suites or applications within a station can have unique logical connectivities; the world view of the network for

each application within the station can be different. Each can be a member of its own VLAN; the frames it sends will propagate only to the members of the same VLAN. . Each VLAN may even use different source address for the same physical interface. In the extreme case, if all frames carry VLAN tags, there is no need for edge switch VLAN functionality. All switches can make their decisions solely on the VLAN tag information. This solution simplifies the implementation of high performance switches. Note: Poll the students to see if they can identify any disadvantages with VLAN aware end system scheme. Question 7 What should happen if a switch using any address-based VLAN mapping receives a frame from an unknown source address? ANSWER Since the switch uses the source address to determine the VLAN membership, it will not be able to figure out the VLAN to which this frame belongs. Should it forward the frame to the intended destination(s) or not? This decision reflects a trade-off between ease of connectivity and VLAN security. Strict enforcement of the VLAN rule mandates that the frame should not be forwarded; such action protects the integrity of the VLAN. However, based on my experience, I have seen many commercial products (that includes some old Cisco gear in our lab) are not so strict in their operation; they usually forward traffic from unknown sources to the port determined by the destination address including flooding traffic to all ports in the case of an unknown or multicast destination. Question 8 In what situations would it be useful to combine an address based VLAN mapping with port based mapping? ANSWER Sometimes a switch may need to enforce a complex rule. For example, we may define the rules to permit access to a given VLAN by unknown source addresses (discussed in the previous question), but only from specific ports. This could allow guest access to limited resources (a guest VLAN) only from specific locations (e.g., a guest center). Guest users cannot access VLANs reserved for other purposes, nor could they defeat security by finding an empty office and connecting a portable computer.