Is VLAN a Layer 2 technology or a Layer 3 technology?
The current project always mentions VLAN. No matter whether Party A has this requirement or not, VLAN must be switched at Layer 3. This brings a misunderstanding. Many people mistakenly believe that VLAN is a function only available for Layer 3 switches. I thought VLAN itself should belong to Layer 2 technology, and Layer 3 switching is only used for communication between VLANs. This talent is very shallow, and I also invite big coffee to discuss whether VLAN belongs to Layer 2 technology or Layer 3 technology?
Let's use the examples in life to compare what VLAN is and what problems it solves.
In a city center, some big houses are often used for group rent, and sometimes the big living room also puts a few beds for rent. People who sleep in the living room are definitely uncomfortable, because there are snoring, molars, and Sleepwalkers, and those who talk about dreams, have chicken feathers everywhere.
In order to overcome the above mutual interference, the second landlord transformed the living room into several small rooms with locks, so that each room has its own private space and can have a certain degree of security, at least valuable items can Put it in the room not to be afraid of getting it wrong.
The large living room above represents a large broadcast domain. It is assumed that the corresponding network segment of this broadcast domain is 10.1.0.0/16. In theory, this broadcast domain can accommodate 65535 terminals. The communication mode between the terminals is: broadcast first ARP finds the MAC address of the other party, and then peer-to-peer unicast communication.
Don't underestimate the impact of broadcast ARP, it will affect all terminals. If each terminal sends an average of one broadcast packet per hour, a total of 65535, each will be copied 65535 times, a total of 430 million broadcasts will be generated data.
In addition, not only ARP is broadcast in the LAN, but also NETBIOS, NBT (NETBIOS Over TCP), CIFS / SMB protocols that Windows file sharing and printer sharing rely on, will also send broadcast packets, and DHCP will also send broadcast packets, so the broadcast is right. The influence of the network is M * N ^ 2 (where M is the broadcast-dependent application and N is the number of terminals).
How to suppress the impact of broadcast messages?
Do you know why Ethernet is so monopolized? That's because it's easy to use and can be used without user configuration. In fact, this is not without cost. This is to achieve the simplicity and ease of use of the network at the cost of network noise. In other words, behind the simple appearance, relying on broadcast interaction to complete the network automation configuration.
Broadcasting cannot be suppressed in a broadcast domain. If it is suppressed, it means that the network ease of use is abandoned. Balance in network noisiness and network ease of use.
In the end, the choice of the network is simple and easy to use, which also means that we will still rely on noisy broadcasts to achieve automated configuration.
Since it is impossible to reduce broadcasting in a large broadcast domain, let's change our mind and seek some inspiration from the second landlord to divide the large broadcast domain into many small broadcast domains. Would it be better?
One VLAN and one broadcast domain
Now we divide the network segment 10.1.0.0/16 corresponding to the big broadcast domain into 255, then their corresponding network segments are 10.1.1.0/24, 10.1.2.0/24, 10.1.3.0/24…10.1.255.0 / 24, and their corresponding VLAN IDs are 1, 2, 3 ... 255, so that each broadcast domain can theoretically accommodate 255 terminals, and the impact index of broadcasting drops (compared to 430 million times, where there is only 255 ^ 2 = 65535).
Well, this is a good idea.
VLANs are implemented on Layer 2 switches. Layer 2 switches do not have the concept of network segments, only routers have the concept of network segments.
The configuration of the above 255 network segments is configured on the router's sub-interfaces, and each sub-interface (Sub-Interface) is encapsulated with 802.1Q VLAN ID, so that the network segment is associated with the corresponding VLAN. The default gateway of the network segment.
If a Layer 3 switch is used instead of a router, the Interface VLAN ID is used to associate the VLAN with the network segment, similar to using a router.
VLAN can provide security
We also learned from the second landlord that each room can be locked, and we can make some ACLs (Access-Lists) on Layer 3 switches (routes between VLANs), routers, and firewalls to allow or deny communication between VLANs .
One VLAN, corresponding to one network segment
VLAN is a layer 2 virtual technology. VLAN corresponds to the IEEE 802.1Q protocol standard. The 802 protocol standard defines the data link layer standard. The VLAN TAG is usually located between the Ethernet Header and the IP Header.
It is precisely because one VLAN corresponds to one network segment, so we need three-layer equipment to route host communication of different VLANs (network segments).
Why one VLAN and one network segment?
Why can't different VLANs use the same network segment? Then I want to ask this classmate, how do you plan to communicate between these two VLANs? Use routers, Layer 3 switches? You can't configure it at all, you can try it if you don't believe it. Can bridges be used? Yes, but the original intention of dividing VLAN has been lost. What is the original intention? What is the purpose of reducing the scope of the broadcast domain and bridging it again?
In order to deploy network business flexibility!
The above is the news sharing from the PASSHOT. I hope it can be inspired you. If you think today' s content is not too bad, you are welcome to share it with other friends. There are more latest Linux dumps, CCNA 200-301 dumps and CCNP Written dumps waiting for you.
Comments
Post a Comment