Advanced Computer Networks

CS ZG525/ CSI ZG525/ ES ZG526/ SS ZG525

Prof. ANIMESH GIRI

BITS Pilani
Pilani Campus [email protected]
Advanced Computer Networks
CS ZG525/ CSI ZG525/ ES ZG526/ SS ZG525
Module 3

Lead Instructor: Prof. ANIMESH GIRI ([email protected])

 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Queue Management
I n th i s Se g m e n t
• Queue management mechanisms
– FIFO
– Fair Queuing
– Priority Queuing
– Weighted Fair Queuing
Qu e u e Ma n a g e m e n t
• Where does queuing occur?
• Congestion occurs when the rate of ingress traffic is greater than what can be
successfully processed and serialized on an egress interface
• Common causes for congestion include:
• The speed of an ingress interface is higher than the egress interface
• The combined traffic of multiple ingress interfaces exceeds the capacity of a single egress
interface
• The switch/router CPU is insufficient to handle the size of the forwarding table
Qu e u e Ma n a g e m e n t Me c h a n i s m s
• Packet scheduler at the output port must choose one packet among those
queued for transmission – how is this done?

• FIFO
• First In First Out
Qu e u e Ma n a g e m e n t Me c h a n i s m s
• Packet scheduler at the output port must choose one packet among those
queued for transmission – how is this done?

• Fair Queuing
• Maintain a separate queue for
each flow currently being handled
by the router
• The router then services these
queues in a round-robin fashion
Qu e u e Ma n a g e m e n t Me c h a n i s m s
• Packet scheduler at the output port must choose one packet among those
queued for transmission – how is this done?

• Priority Queuing
• Mark each packet with a priority, e.g., in the IP TOS field
• Routers implement multiple queues, one for each priority class
• The router always transmits packets out of the highest-priority queue if
that queue is non-empty before moving on to the next priority queue
• Within each priority, packets are managed in a FIFO manner
• Disadvantage – Risk of starvation and packet drops for low priority
queues
Qu e u e Ma n a g e m e n t Me c h a n i s m s
• Packet scheduler at the output port must choose one packet among those
queued for transmission – how is this done?

• Weighted Fair Queuing

• Arriving packets are classified and queued in the appropriate per-class
waiting area
• Each class is assigned a weight wi
• WFQ scheduler will serve classes in a circular manner
• Each class may receive a
differential amount of service in
any interval of time
• Each class of service will
receive a fraction of service
proportional to wi/(Σwj)
Qu e u e Ma n a g e m e n t Me c h a n i s m s
• What happens if there is not enough memory to buffer an incoming packet?
• Easy - Drop the arriving packet

• Drop-tail
• Drop the incoming packet if the buffer is full

• Simplest queuing implementation

• Scheduling discipline: FIFO
• Drop policy: Tail drop
Su m m a ry
• Queue management mechanisms
– FIFO
– Fair Queuing
– Priority Queuing
– Weighted Fair Queuing
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Active Queue Management

I n th i s Se g m e n t
• Tail drop & its limitations
• Active Queue Management mechanisms
– Random Early Detection
– Weighted Random Early Detection
Qu e u e Ma n a g e m e n t Me c h a n i s m s
• What happens if there is not enough memory to buffer an incoming packet?
• Easy - Drop the arriving packet

• Simplest queuing implementation

• Scheduling discipline: FIFO
• Drop policy: Drop the arriving packet (tail-drop)

• Active Queue Management

• Intelligent dropping of packets inside from the router’s buffer, when the buffer becomes full or
gets close to becoming full
• Aim: reduce network congestion
• Tail Drop
• RED
• WRED
Ta i l Dr o p

• Router interfaces experience congestion when the output queue is full:

– Additional incoming packets are dropped
– Dropped packets may cause significant application performance degradation
– Tail drop has significant drawbacks
Ta i l Dr o p L i m i t a t i o n s
• In some situations, simple tail drop should be avoided because it contains
significant flaws:
• Dropping can affect TCP synchronization
• Dropping can cause TCP starvation
• There is no differentiated drop—high-priority traffic is dropped as easily as low-priority traffic

• New terms
• TCP synchronization
• TCP starvation
T CP S y n c h r o n i z a t i o n

• Multiple TCP sessions start at different times

• TCP window sizes are increased
• Tail drops cause many packets of many sessions to be dropped at the same time
• TCP sessions restart at the same time (synchronized)
T CP De l a y, J i t t e r & S t a rv a t i o n

• Constant high buffer usage (long queue) causes delay

• Variable buffer usage causes jitter
• More aggressive flows can cause other flows to starve
• No differentiated dropping

Do we drop packets only when the queue is already full?

Ra n d o m E a r l y De t e c t i o n
• Disadvantages of tail drop

• How can we avoid tail drop?

– Tail drop can be avoided if congestion is prevented

• How can we prevent congestion?

– Drop packets - before – a queue becomes full

• Enter Random Early Detection (RED)

Ra n d o m E a r l y De t e c t i o n
• RED is a mechanism that randomly drops packets before a queue is full

• RED increases drop rate as the average queue size increases

• Impact of RED:
• TCP sessions slow down to the approximate rate of output-link bandwidth
• Average queue size is small (much less than the maximum queue size)
• TCP sessions are desynchronized by random drops
Mo re a b o u t RE D
• Algorithms/techniques for packet-dropping and -marking policies

• How RED works

• A weighted average is maintained for the length of the output queue

• If the average queue length is less than a minimum threshold, minth, when a packet arrives, the
packet is admitted to the queue

• If the queue is full or the average queue length is greater than a maximum threshold, maxth, when
a packet arrives, the packet is marked or dropped

• If the packet arrives to find an average queue length in the interval [minth, maxth], the packet is
marked or dropped with a probability that is typically some function of the average queue length,
minth, and maxth

• MPD – Mark Probability Denominator

Mo re a b o u t RE D
• Min threshold
• When the size of the queue is smaller than the minimum threshold, RED does not drop packets

• Max threshold
• When the size of queue becomes larger than the maximum threshold, all arriving packets are
dropped (tail drop behaviour)

• Mark Probability Denominator (MPD)

• MPD is an integer that dictates to RED to drop 1 of MPD (as many packets as the value of mark
probability denominator), while the size of queue is between the values of minimum and
maximum thresholds
• For example, if the MPD is set to 5, one out of every 5 packets will be dropped. In other
words, the chance of each packet being dropped is 20%
Mo re a b o u t RE D
• How does this help?
• The source is effectively notified RED thresholds on a FIFO queue
by the subsequent timeout or
duplicate ACK

• Designed to be used with TCP

Mo re a b o u t RE D
• What is “Early” in RED?
• The packets are dropped by the router earlier than it would have to
• Helps notify the source that it should decrease its congestion window sooner
than it would normally have

• Why average queue length?

• Bursty nature of internet traffic leading to queues becoming full very quickly
and then empty again
• If a queue is spending most of its time empty, then it may not be correct to
conclude that the router is congested – so the hosts need not slow down
• Thus, the weighted running average calculation tries to detect long-lived
congestion
Drop Probability Function for RED - Example

Question - What happens if the min threshold of RED is too low?

Mo re a b o u t RE D
• Helps alleviate 2 issues caused by drop-tail:
• TCP global synchronization
• Occurs when a large number of TCP packets are dropped simultaneously,
leading to extreme periods of congestion followed by link under-utilization
• TCP starvation
• Non-TCP packets saturating a queue

• However, RED is deprecated because it has no mechanism to differentiate

between traffic flows

• Weighted RED (WRED) provides a mechanism by which packets with a lower IP

Precedence or DSCP value can be dropped more frequently than higher priority
packets
We i g h t e d RE D ( W RE D)
• Differentiates between high and low priority traffic

• Allows setting up a different profile (with a minimum threshold, maximum

threshold, and mark probability denominator) for each traffic priority
• Min threshold
• Minimum number of packets that must be queued, before packets of a specific
IP Precedence or DSCP value will be randomly dropped.
• Max threshold
• Number of packets that must be queued, before all new packets of a specific IP
Precedence or DSCP value are dropped
• Mark Probability Denominator (MPD)
• The number of packets that will be dropped, when the size of the queue is
between the minimum and maximum thresholds, measured as a fraction,
specifically 1/MPD
W RE D - E x a m p l e
W RE D - E x a m p l e
Su m m a ry
• Tail drop & its limitations
– TCP synchronization
– TCP starvation

• Active Queue Management mechanisms

– Random Early Detection [Min threshold, max threshold, MPD]
– Weighted Random Early Detection
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

“The War between Mice and

Elephants”
I n th i s Se g m e n t
• Distinguishing between short flows and long flows
• Preferential treatment for short flows
• RIO (RED with In and Out)
• Reference: “The War between Mice & Elephants”, Lian Guo; Ibrahim Matta
Sh o rt F l o ws v s . L o n g F l o ws
• A feature of Internet traffic:
• Most (e.g. 80%) of the traffic is actually carried by only a small number (20%)
of connections (elephants)
• The remaining large amount (80%) of connections are very small (20%) in size
or lifetime (mice)

• In a fair network environment, short connections expect relatively fast service

than long connections

• However, this behaviour is not always observed – short connections may

experience long delays
Sh o rt F l o ws v s . L o n g F l o ws
• Reasons for World Wide Wait:
• Conservative ramp-up to max transmission rate

• Initial small value of sending window even though the network may be capable
of more

• Short connections having small congestion window may not have enough
packets to activate the duplicate ACK mechanism – retransmissions will be
triggered only on timeout, not duplicate ack

• Inaccurate timeout value calculation in the event of initial packet losses

Pre f e re n t i a l Tre a t m e n t t o S h o r t T CP F l o ws
• For fairness
• Short TCP connections should experience less packet drops to achieve transmission rate
comparable to that of long connections
• Short flows need preferential treatment at the bottleneck link queues

• Proposed Solution
• Preferential treatment to short TCP flows
• Employ an Active Queue Management policy inside the network - can significantly enhance their
transmission time, without degrading long flow performance
• Diffserv-like architecture to classify flows into short and long at the edge of the network
Pro p o s e d S o l u t i o n
• A Diffserv-like scalable active domain management architecture is suggested
where
• Edge routers of an administrative domain perform all the per-flow information
maintenance tasks
• Edge routers classify flows into 2 classes: short flow & long flow
• Core routers only need to actively manage per-class flows – done by employing RIO
queue management policy
Ed g e Ro u t e rs & Co r e Ro u t e rs
• Classification Mechanism:
• Threshold-based approximation mechanism
• For each active flow, maintain a counter that tracks how many packets have been observed so
far
• Once the counter exceeds a certain threshold i.e. L t packets, the flow is considered to be “Long”

• Preferential Treatment to Short Flows

• In (Short) packets not affected by Out (Long) packets
• Long packets have to give up some resources (backoff) when there is persistent backlog from
both classes of packets
RI O – RE D wi t h I n a n d Ou t
• A variation of RED and WRED algorithms

• WRED with 2 priorities for incoming packets – in and out

• In packets: Packets that are in their service allocation profile

• Out packets: Packets that are outside of their service allocation profile

• Assumes that edge routers will mark packets conforming to SLA as in-profile and
offending packets as out-of-profile
RI O – RE D wi t h I n a n d Ou t
• When network is congested, queue management will drop packets marked as
out-of-profile first - Drop “out” packet earlier than “in” packet

• In the network core, the “in” and “out” packets are treated with different drop
priorities

• Since the “in” packets start being dropped only when the queue size crosses a
higher threshold than in the case of “out” packets, they get dropped with a lower
probability than “out” packets
RI O – RE D wi t h I n a n d Ou t
• Look at RIO as having two RED
profiles
– One drops the out packets from
a min threshold queue-fill
percentage to a max threshold,
and then tail drops all the
incoming packets
– The other begins to drop in
packets from this max threshold
queue-fill percentage to 100%
queue occupancy in increasing
probability
 RI O-P S
RIO queue with Preferential treatment to Short Flows
RIO-PS (RIO with
preferential treatment
to short flows)
Short flow  ”in” pkt
Long flow  “out” pkt
Impact of Preferential Treatment— Link utilization under Drop Tail, RED, and RIO-PS
Su m m a ry
• Distinguishing between short flows and long flows
• Preferential treatment for short flows
• RIO (RED with In and Out)
• Reference: “The War between Mice & Elephants”, Lian Guo; Ibrahim Matta
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

QoS on the Internet: A Case Study

I n th i s Se g m e n t
• A case study with DOCSIS networks
– How QoS is configured on the DOCSIS network
HF C (DOCS I S ) Ne t wo rk Ov e rv i e w
HF C (DOCS I S ) Ne t wo rk Ov e rv i e w
Ca b l e Mo d e m ( CM) Re g i s t r a t i o n
• Operator creates CM config file (per the SLA with the customer)

• CM fetches the config file from the TFTP server

• CM sends the contents of the config file to the CMTS during the registration
process

• This is how the CMTS know what the CM (customer) is entitled to

• CMTS has to manage the bandwidth allocation based on the information in the
CM config file
Ca b l e Mo d e m Co n f i g F i l e
• In a cable modem config file you define:
• Service flows
• Classifiers

• Classifiers are used to identify what particular type of data uses which flow
• Specifies one or more packet header attributes, such as source MAC address, destination IP
address, or protocol type
• Also specifies the service flow to be used when a packet matches this particular combination of
headers
• For example, if we want voice traffic to have a higher priority we would create two service flows
one for normal data, and one for voice data
• And then create a classifier that identifies the voice data by port or dest IP address etc.. and have
the modem use the voice service flow for this
• Each cable modem can be configured with multiple packet classifiers
Cl a ss i f i e r s & S e r v i c e F l o ws
• Service Flows
• Similar to IP flows - which specify the priority, bandwidth, scheduling type (for upstream) and a
few other parameters
• Separate classifiers are used for downstream and upstream service flows
• Each cable modem can be configured with multiple service flows

• How Classifiers and Service Flows work together

• Each packet classifier filters (classifies) packets based on the parameters
• Classifier identifies the service flow to be used when a packet matches this particular
combination of headers
• Matched packets are then queued in the associated Service Flow queue
• Each Service Flow has an associated QoS parameter set that defines the treatment of the
packets that traverse the Service Flow for transmission on the coax media
• Each upstream & downstream Service Flow corresponds to separate queues in the cable modem
and CMTS
• Each Service Flow queue is managed independently from other Service Flows present on the
device
CM Co n f i g F i l e

Creating Classifiers
With additional Basic
service flows
CM Co n f i g F i l e

With a defined
QoS
Co n f i g u r i n g S e r v i c e Cl a s s f r o m CMT S
• cable service-class command
• Allows the operator to configure service flows from the CMTS
• Operators provision the modems with the service class name; the implementation of the name is
configured at the CMTS
• The implementation of a service flow can be modified to local circumstances without changing
the CM config file
• For example, some scheduling parameters might need to be set differently for two different
CMTSxs to provide the same service
• Allows higher-layer protocols to create a service flow by its service class name
 Co n f i g u r i n g S e r v i c e Cl a s s f r o m CMT S
“cable service class” command allows configuration of a service class to which a service flow can be associated
class-index Specifies the class ID for the class to be modified. Valid range is 1 to 255.
activity-timeout Specifies the activity timeout (0 to 65,535).
admission- Specifies the admitted timeout (0 to 65,535).
timeout
downstream Specifies that the service class is for the downstream direction (from the CMTS to the CM). (The
default direction is upstream.)
grant-interval Specifies the grant interval (0 to 4,294,967,295 microseconds).
grant-jitter Specifies the grant jitter (0 to 4,294,967,295 microseconds).
grant-size Specifies the grant size (0 to 65,535 bytes).
grants-per- Specifies the grants per interval (0 to 127 grants).
interval
max-burst Specifies the maximum transmission burst (1522 to 4,294,967,295 bytes).
Note The recommended value range is 1600 to 1800 bytes. Using a value of 0 or greater than 1800
bytes can cause latency issues for Voice-over-IP. A value of less than 1522 bytes can prevent the
upstream transmission of large ethernet frames for any CM or CMTS not implementing
fragmentation.
max-buff-size Specifies the maximum buffer size of the upstream service-flow queue (or buffer) on the CM.
The valid range is from 0 to 4294967295 bytes. The default value is 0.
max-concat- Specifies the maximum concatenation burst (0 to 65,535 bytes).
burst
max-latency Specifies the maximum latency allowed (0 to 4,294,967,295 microseconds).
 Co n f i g u r i n g S e r v i c e Cl a s s f r o m CMT S
“cable service class” command parameters
max-rate Specifies the maximum rate (0 to 4,294,967,295 bps).
min-buff-size Specifies the minimum buffer size of the upstream service-flow queue (or buffer) on the CM. The valid range is
from 0 to 4294967295 bytes. The default value is 0.
min-packet-size Specifies the minimum packet size for reserved rate (0 to 65,535 bytes).
min-rate Specifies the minimum rate (0 to 4,294,967,295 bps).
name Specifies the service class name string.
peak-rate Specifies the peak rate (0 to 4,294,967,295 bps). Default value is zero, which represents the line rate.
Note The peak-rate option is not supported on the DOCSIS 1.0 modems.
poll-interval Specifies the poll interval (0 to 4,294,967,295 microseconds).
poll-jitter Specifies the poll jitter (0 to 4,294,967,295 microseconds).
priority Specifies the priority (0 to 7, where 7 is the highest priority).
req-trans-policy Specifies the request transmission policy bit field (0 to FFFFFFF in hexadecimal).
sched-type Specifies the service class schedule type:
2–Best-Effort Schedule Type 3–Non-Real-Time Polling Service Schedule Type (supported only in Cisco 12.2(4)BC
and later releases) 4–Real-Time Polling Service Schedule Type 5–Unsolicited Grant Service with Activity
Detection Schedule Type 6–Unsolicited Grant Service Schedule Type

tar-buff-size Specifies the target or desired size of the upstream service-flow queue (or buffer) on the CM. The valid range is
from 0 to 4294967295 bytes. The default value is 0.
tos-overwrite or- Overwrites the ToS byte by first ANDing the TOS value with the and-mask value and then ORing the result of
mask and-mask that operation with the or-mask value. Both parameters must be specified in hexadecimal. The and-mask value
can range from 0x0 to 0xFF and the or-mask value can range from 0x0 to 0xFF.
 Co n f i g u r i n g S e r v i c e Cl a s s f r o m CMT S
“cable service class” parameters

upstream Specifies that the service class is for the upstream direction (from the CM to
the CMTS). This is the default direction.

downstream Specifies that the service class is for the downstream direction (from the
CMTS to the CM).

n Specifies the bundle identifier.

req-attr-mask Specifies the required attribute mask bit field (0 to FFFFFFF in hexadecimal).

forb-attr-mask Specifies the forbidden attribute mask bit field (0 to FFFFFFF in hexadecimal).
Co n f i g u r i n g S e r v i c e Cl a s s f r o m CMT S

UpstreamServiceFlow

On CM config file
SfReference = 1
SfClassName = "UP_UGS"
SfQosSetType = 7
SfTrafficPriority = 7
SfMaxTrafficRate = 256000
SfSchedulingType= 6
SfRqTxPolicy = 256 • Router(config)# cable service class 1 name UP_UGS
Router(config)# cable service class 1 sched-type 6
Router(config)# cable service class 1 grant-size 100
Router(config)# cable service class 1 grant-interval 20000
On CMTS Router(config)# cable service class 1 grant-jitter 4000
Router(config)# cable service class 1 grants-per-interval 1
Router(config)# cable service class 1 min-packet-size 100
Router(config)# cable service class 1 req-trans-policy 0x1FF
Router(config)# cable service class 1 tos-overwrite 0x1F 0xE0
Router(config)# cable service class 1 activity-timeout 30
Router(config)# cable service class 1 admission-timeout 30
Mo re s u p p o r t ( r o u t e r d e p e n d e n t )
• Dynamic addition/deletion of service flows from CMTS
• Upstream rate limiting per upstream channel
• Configuring percentage overbooking rate per channel
• Service flow admission control to gracefully manage service flow admission
requests when one or more resources are not available to process an incoming
service request
• Provision to define class maps and traffic policies, per interface
• Eg of traffic policy: RED/WRED config, DSCP, BW, drop policy, fair-queuing etc.
 Mo re s u p p o r t ( r o u t e r d e p e n d e n t )
• Router(config)# class-map class1

Creating class-
• Router(config-cmap)# match access-group 101
• Router(config-cmap)# exit

maps
• Router(config)# class-map class2
• Router(config-cmap)# match access-group 102
• Router(config-cmap)# exit

• Router(config)# policy-map policy1

• Router(config-pmap)# class class1 • random-detect exponential-weighting-
Policy-map to class-map

• Router(config-pmap-c)# bandwidth 3000 constant exponent

• Router(config-pmap-c)# queue-limit 30
• fair-queue [queue-limit queue-values]
association

• Router(config-pmap)# exit
• random-detect precedence precedence
• Router(config-pmap)# class class2 min-threshold max-threshold mark-prob-
• Router(config-pmap-c)# bandwidth 2000 denominator
• Router(config-pmap)# exit

• Router(config)# interface fe1/0/0

Associating

with policy-
interface

• Router(config-if)# service output policy1

map

• Router(config-if)# exit
Su m m a ry
• A case study with DOCSIS networks
– Network elements
– Service flows, classifiers
– How QoS is configured on the DOCSIS network
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Introduction to Routing & Switching

I n th i s Se g m e n t
• Routing and switching - recap
Ne two r k L a y e r
• Virtual circuits vs Datagram networks
• Forwarding
– Moving a packet from a router’s input port to the correct output port
– Happens within a router
– Forwarding table

• Routing
– Determining the route taken by packets as they flow from a sender to a receiver
– Network-wide process to determine end to end paths
– Routing table

• QoS as a service provided by the network layer

– Bounded delay
– Guaranteed max jitter
– Guaranteed min bandwidth
– And much more..
Ro u t e rs
• Input ports
– Terminate incoming physical links at the router
– Implement link-layer functions needed to interoperate with the link layer at the other side of the incoming link
– Look up forwarding table to determine the output port for a given IP address
• LPM lookups
• Fast lookup algorithms
• Fast memory access times – DRAM, SRAM, CAM lookups

• Switch fabric
– Connects the router’s input ports to its output ports
– Network inside the router

• Output ports
– Stores packets received from the switching fabric
– Transmits these packets on the outgoing link by performing the necessary link- & physical-layer functions
– Links can be bidirectional

• Routing processor
– Executes routing protocols, maintains routing tables, computes forwarding tables
Ro u t i n g
Swi tc h i n g
• Filtering
– Switch function that determines whether a frame should be forwarded to some interface or be dropped

• Forwarding
– Switch function that determines the interfaces to which a frame should be directed, and then moves the
frame to those interfaces
• Switch filtering and forwarding are done with a switch table
– MAC address to interface mapping

• How a switch learns MAC addresses

• Plug and play devices
Su m m a ry
• Recap of forwarding vs routing
• What is inside a router
• Recap of routing and switching basics
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

VLAN Basics
I n th i s Se g m e n t
• Forwarding in switches
• Issues with switch hierarchy
• Virtual LANs
Swi tc h – Mu l t i p l e S i m u l t a n e o u s
Tra n s m i s s i o n s
• Hosts have dedicated, direct connection
to switch
• Switches buffer packets
• Ethernet protocol used on each incoming
link, but no collisions; full duplex
• Each link is its own collision domain
• Switching: A-to-A’ and B-to-B’ can transmit
simultaneously, without collisions
F o rwa rd i n g i n S wi t c h e s
• Switch forwarding table
– Destination MAC address look up
– If found, forward incoming frame out of that interface
– If not, flood the incoming frame out of all interfaces except the one from it the frame was received

• Collision domain
– A section of a network connected by a shared medium or through repeaters where frames can collide with
one another when being sent
• Broadcast domain
– A logical division of a computer network, in which all nodes can reach each other by broadcast at the data
link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN
segments.
• Layer 2 switches provide for separate collision domains
– VLANs or routers provide for separate broadcast domains
Ex a m p l e - I n s t i t u t i o n a l Ne t wo r k
I s s u es wi t h S wi t c h Hi e ra rc h y
• Lack of traffic isolation for broadcast traffic
– Separate broadcast domains are provided by routers, but it is possible to do this with Layer 2 switches also

• Inefficient use of switches

– More no: of 1st level switches needed if there were more departments, to provide traffic isolation

• Managing users
– Difficult to handle cases where an employee moves from one dept to another, or if an employee belongs to 2
different depts

Solution: A switch that supports

Virtual Local Area Networks (VLANs)
Vi rtu al L ANs
• Multiple logical/virtual LANs overlaid on the physically connected LAN
• A virtual LAN (VLAN) is useful when you wish to treat distinct streams of Ethernet
traffic differently, without running separate cables

• Configure a port to belong to a VLAN

• Switch maintains a port-to-VLAN
mapping table
• Switch hardware only delivers frames
between ports belonging to the same
VLAN
• This results in separate broadcast
domains
A single switch with two configured VLANs
Po rt - b a se d V L ANs

• Switches supporting VLAN capabilities

can be configured to define multiple
virtual LANS over single physical LAN
infrastructure.

• Traffic isolation: frames to/from ports 1-8

can only reach ports 1-8
Su m m a ry
• Forwarding in switches
• Issues with switch hierarchy
• Virtual LANs
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Routing between VLANs, Trunking

I n th i s Se g m e n t
• When VLANs span multiple switches
• When there is a need to communicate across VLANs
• VLAN trunking
• Inter-VLAN routing
VL ANs
• Provides traffic isolation
• Efficient use of switches
• Saves on physical cabling changes required to manage users

• More requirements to address

– VLANs may span multiple switches
– May need to communicate across VLANs
VL ANs s p a n n i n g m u l t i p l e s wi t c h e s
VL AN Tru n k i n g
• One port is configured as trunk port, which connects the VLAN to all other VLANs
• How does a switch know that a frame arriving on a trunk port belongs to a
particular VLAN?
• VLAN tagging - 802.1Q
– Adds a 32-bit VLAN tag between the source MAC address and the “EtherType” field of the original frame
– What is the effect of this on frame size and MTU?
8 0 2. 1 Q F r a m e F o rm a t
De vi c e s i n a Tr u n k i n g E n v i r o m e n t

Source: ciscopress.com
Sa m p l e Co n f i g u ra t i o n s – Tr u n k p o r t
! Sample config to configure access port
switch# configure terminal
switch(config)# interface ethernet 1/10
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 5

! Sample config to configure trunk port

switch# configure terminal
switch(config)# interface ethernet 3/1
switch(config-if)# switchport mode trunk
F o rwa rd i n g b e t we en V L ANS

• VLANs create logical separation

between switch ports
• Each VLAN behaves like a
separate physical switch
• Each VLAN will typically
correspond to its own IP subnet
(eg: 10.0.10.0/24, 10.0.20.0/24)
• Forwarding between VLANs done
via routing (just as with separate
switches)
• Inter-VLAN routing
• In practice vendors sell combined
switches plus routers
 Sa m p l e Co n f i g u ra t i o n s – I n t e r- V L AN ro u t i n g
! Sample config to configure access port
switch# configure terminal
switch(config)# interface ethernet 1/10
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 5 Router(config)# interface eth0/1
Router(config-if)# ip address 10.0.10.1 255.255.255.0
Router(config-if)# no shutdown
! Sample config to configure access port Router(config)# interface eth0/2
switch# configure terminal Router(config-if)# ip address 10.0.20.1 255.255.255.0
switch(config)# interface ethernet 2/10 Router(config-if)# no shutdown
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 10
Su m m a ry
• VLAN trunking
• Inter-VLAN routing
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Tunneling, VLAN translation

I n th i s Se g m e n t
• 802.1Q tunnelling
• VLAN translation
Sc e n a r i o
• Service provider wants to carry and transport the customer VLANs across the
provider switches
• Potential problems
– Customer VLAN number is already being used in the service network and it can cause a conflict when forwarding
traffic
– A particular VLAN is being used by multiple customers and that can cause a conflict

• Potential solution
– Assign each customer a range of VLANs it may use
– Removes the customers' flexibility to choose their own VLAN numbers
– There may not be enough VLAN numbers (max no: of VLANs: < 4096)

• Enter 802.1Q tunnelling

– Assigns each customer a single VLAN number, chosen by the service provider
– Within each customer VLAN exists a secondary 802.1Q trunk, which is controlled by the customer
– Two layers of encapsulation
8 0 2. 1 Q Tu n n e l i n g
• Double tagging
– Each customer packet traversing the service provider network is tagged twice
– The inner 802.1Q header contains the customer-chosen VLAN ID (C-VLAN)
– The outer header contains the VLAN ID assigned to the customer by the service provider (S-VLAN)
– C-VLAN and S-VLAN tags use separate name spaces: C-VLAN 101 and an S-VLAN 101 can be configured
simultaneously
– Allows more scaling: 4096x4096 VLANs

• Effect on MTU
– 4 additional bytes are added
– MTU value on the trunk or access ports may need to be configured appropriately
8 0 2. 1 Q Tu n n e l i n g
• Tagged customer traffic
– Comes from an 802.1Q trunk port on a customer device
– Enters the service-provider edge switch through a tunnel
port
• The link between the 802.1Q trunk port on
a customer device and the tunnel port is
called an asymmetrical link
– One end is configured as an 802.1Q trunk port and the
other end is configured as a tunnel port
• Tunnel port is configured to an access
VLAN ID unique to each customer
8 0 2. 1 Q Tu n n e l i n g
• Tunnel traffic
– Tagged customer traffic comes from an 802.1Q trunk port on a customer device
– Enters the service-provider edge switch through a tunnel port
– The 802.1Q tag (C-VLAN tag) is not removed
– A new VLAN tag is added: 2-byte Ethertype field (0x8100), 2-byte field CoS field and the VLAN
– The received customer traffic is then put into the VLAN to which the tunnel port is assigned
– This Ethertype 0x8100 traffic, with the received 802.1Q tag intact, is called tunnel traffic
– A VLAN carrying tunnel traffic is an 802.1Q tunnel
– The tunnel ports in the VLAN are the tunnel’s ingress and egress points
– An egress tunnel port strips the 2-byte Ethertype field (0x8100) and the 2-byte length field and transmits the traffic with the
802.1Q tag still intact to an 802.1Q trunk port on a customer device
– The 802.1Q trunk port on the customer device strips the 802.1Q tag and puts the traffic into the appropriate customer VLAN

• Related commands
– switchport mode dot1q-tunnel

• Also called Q-in-Q, stacked VLANs

• Formally known as 802.1ad
8 0 2. 1 a d F r a m e F o r m a t

• An 802.1Q header, which is 4 bytes long, is added to an untagged Ethernet frame in the following
manner:
• The 4-byte tag is inserted between the MAC Source Address of the untagged frame and its ethertype field.
• This is the C-VLAN tag or the C-Tag
• The newly inserted VLAN header's ethertype is set to 0x8100 to identify the following data as a VLAN tag.
• After the insertion of a .1Q header to an untagged frame, the frame's original ethertype appears to
have been changed to 0x8100. The untagged frame's original ethertype in the single-tag frame is
now located adjacent to the payload. Its value is unchanged.
• A second 802.1Q header is added to a single-tagged frame in the following manner:
• The second tag is inserted in front of the first tag, meaning the second tag is closer to the Ethernet header than the first
(original) tag. This is the S-VLAN tag or the S-Tag.
• The second tag is inserted between the MAC SAMAC and the first (original) tag.
• The second tag is assigned an ethertype of 0x88A8 (instead of the .1Q standard 0x8100) by default. Source: Wikipedia
VL AN Tra n s l a t i o n
• Helps establish service provider VLANs
– Configures VLAN mapping (or VLAN ID translation) on trunk ports connected to a customer network
– Maps customer VLANs to service-provider VLANs based on the port number and the C-VLAN of the packet

• Mapping C-VLANs to S-VLANs

– Multiple ways
• All-in-one bundling
• Many-to-one bundling
• Mapping a specific interface
VL AN Tra n s l a t i o n – Co n f i g u r a t i o n
Ex a m p l e s
• Map VLAN IDs 1 to 5 in the customer network to VLANs 101 to 105 in the service-provider network
– Switch(config)# interface gigabiethernet0/1
– Switch(config-if)# switchport vlan mapping 1 101
– Switch(config-if)# switchport vlan mapping 2 102
– Switch(config-if)# switchport vlan mapping 3 103
– Switch(config-if)# switchport vlan mapping 4 104
– Switch(config-if)# switchport vlan mapping 5 105
– Switch(config-if)# switchport vlan mapping default drop
– Switch(config-if)# exit
• Bundling all traffic on the port to leave the switch with the S-VLAN ID of 100
– Switch(config)# interface gigabiethernet0/1
– Switch(config-if)# switchport mode trunk
– Switch(config-if)# switchport trunk allowed 100
– Switch(config-if)# switchport vlan mapping default dot1q-tunnel 100
– Switch(config-if)# exit
• Configuring selective QinQ mapping on the port so that traffic with a C-VLAN ID of 1 to 5 enters the
switch with an S-VLAN ID of 100. The traffic of any other VLAN IDs is dropped.
– Switch(config)# interface gigabiethernet0/1
– Switch(config-if)# switchport vlan mapping 1-5 dot1q-tunnel 100
– Switch(config-if)# switchport vlan mapping default drop
– Switch(config-if)# exit
Su m m a ry
• 802.1Q tunnelling
• VLAN translation