國立清華大學資訊系黃能富教授 1 Virtual LAN and Dynamic Multicast Filtering Technologies All rights reserved. No part of this publication and file may be reproduced,

國立清華大學資訊系黃能富教授 1

Virtual LAN andDynamic Multicast Filtering

Technologies

All rights reserved. No part of this publication and file may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of Professor Nen-Fu Huang (E-mail: [email protected]).

國立清華大學資訊工程學系黃能富教授Tel: 03-573-1063Fax: 03-572-3694E-mail: [email protected]:http://www.cs.nthu.edu.tw/~nfhuang


Outline

IEEE 802.1Q : Virtual Bridged LANsIEEE 802.1p : Traffic Class

Expediting and Dynamic Multicast Filtering

GVRP : GARP VLAN Registration Resolution Protocol

GMRP : GARP Multicast Registration Protocol

GARP : Generic Attribute Registration Protocol


GARP

GVRP GMRP ???VLAN

Priority + Multicast Filtering

GVRP + GARP = No VLAN MulticastGVRP + GMRP + GARP = Support VLAN MulticastGMRP + GARP = Priority/Multicast Filtering

ES_REGISTER_GROUP_MEMBERES_DEREGISTER_GROUP_MEMBER ES_REGISTER_MODEES_DEREGISTER_MODE


VLANTopology

H

VLANA

VAB

VLANA VLANC

H H

H

H VLANB

VAB

VAB

Hybrid Link

VLANB

Access Link

VLANA

B

VLANC

802.1D BLAN

VLANC

H

H

H

H

H

B

H

H

Access Link

Access Link

Access Link H

H

Trunk Link

Spanning TreeH

Group in VLANA

H


Virtual Bridged LANs(IEEE 802.1Q)


Overview of Virtual LAN

Virtual LAN Services in Bridged LANs.Forwarding Process required to support VBLA

Ns.Filtering Database needed to support VBLANs. Protocols and Procedures required to provide

VLAN services and distribute the VLAN membership information.

Management services and Operations required to configure and administer VBLANs.


VLAN Aims and Benefits

Easy administration of logical group of stations. Also moves, adds, and changes in members of theses groups.

Traffic between VLANs is firewalled. The propagation of multicast and broadcast traffic between VLANs is limited.

Supported over shared and point-to-point media.Each VLAN is uniquely identified (VID). Maintain compatibility with existing bridges/switches a

nd stations.In the absence of VLAN configuration, bridges work in Pl

ug-and-Play.


VLAN Architecture Overview

Based on a 3-level model:ConfigurationDistribution/ResolutionRelay

MIBs

Declaration ProtocolsReq/Resp Protocols

Ingress Rules Forwarding RulesEgress Rules


Configuration

The means whereby the VLAN configuration is specified in the first place.

Assignment of VLAN configuration.


Virtual LANs Technologies

Port-based VLANMAC-based VLANIP-subnet based VLANLayer-3 Protocol based VLAN

Rule based VLAN


VLAN 1

VLAN 3 VLAN 2

橋接器 / 交換器 1

橋接器 / 交換器 2 橋接器 / 交換器 3

1 12

1 12 1 12

Port-based Virtual LANs


VLAN 1 VLAN 2 VLAN 3 VLAN 4

1 2 3 4 5 6 7 8

9 10 11 12 13 14 15 16



MAC-based Virtual LANs


VLAN 1 VLAN 2 VLAN 3 VLAN 4

1 2 3 4

5

6 7 8

9 10 11 12 13 14 15 16



MAC-based Virtual LANs --MAC5 moves


VLAN 1 = IP subnet 140.114.76 VLAN 2 = IP subnet 140.114.77 VLAN 3 = IP subnet 140.114.78

橋接器 / 交換器

橋接器 / 交換器橋接器 / 交換器

1 2 3 4 5 6 7 8

9 10 11 12 13 14 15 16

140.114.76.xx

140.114.77.xx

140.114.78.xx

140.114.78.xx140.114.76.xx

140.114.77.xx

IP Subnet-based Virtual LANs


VLAN 1 (IPX) VLAN 2 (IP)

橋接器 / 交換器

橋接器 / 交換器橋接器 / 交換器

1 2 3 4 5 6 7 8

9 10 11 12 13 14 15 16

Layer-3 Protocol based Virtual LANs


Rule-based Virtual LANs

所有使用某一個 IP子網路網址的工作站所有使用某一個特定網址的 IPX工作站所有使用由 abc公司生產之網路卡的工作站所有 Ethernet type欄位等於某特定值的訊框所有 SNAP欄位等於某特定值的訊框所有 TCP, Source port欄位等於某特定值的訊框所有 UDP, Source port欄位等於某特定值的訊框


DistributionDistribute information for Bridges to

determine on which VLAN a given packet should be forwarded.

Various possibilities exist for achieving this:Declaration Protocols for distributing VLAN associations (such as GARP to distribute membership information among Bridges)

Request/Response protocols to request a specific VLAN association (SNMP).


Relay

Mapping received frames to VLANs: determined by a set of ingress rules.

Where received frames should be forwarded: determined by a set of forwarding rules.

Mapping frames for output Ports and format (tagged or untagged): determined by a set of egress rules.

VLAN frame format to carry VLAN IDs (VIDs).The procedure to tag frames, modify tagged frames, an

d untag frames.


RelayThe Port-based approach specifies ingress,

forwarding and egress rules based on VLAN membership, which allow bridges to:Classify all received untagged frames as belonging to particular VLAN(PVID).

Recognize the VID associated with received tagged frames.

Make use of this VID to forwarding/filtering.Transmit frames in tagged or untagged format, as defined for a given Port/VLAN pairing.


Frame Tagging

Implicit taggingA frame is classified to a particular VLAN based on the data content of the frame (MAC address, Layer 3 Protocol ID, etc) and/or the receiving Port.

Explicit taggingA frame carries an explicit identification of the VLAN to which it belongs.


Ingress Rules/Egress Rules

Each frame received is classified as belonging to exactly one VLAN by associating a VID with it.

The classification is achieved as followsExplicit Tagging : the VID value it carriesImplicit Tagging : the PVID associated with the port it

is received.

Frames shall be filtered ifOutgoing port is not preset in the Member Set of the

VLAN; orFrames is in 802.5 format and the outgoing port is

preset in the Untagged Set of the VLAN, and the Bridge does not support frame format translation.


Port-Based VLAN DefinitionsVLAN aware devices understand VLAN

membership and VLAN frame format.VLAN unaware devices.An Access Link is a LAN segment used to

multiplex one or more VLAN unaware devices into a Port of a VLAN Bridge. All frames on an access link are implicitly tagged.No VLAN tagged frames on an access link.Viewed as being on the edge of the network.Can be attached to other 802.1D-conferment

Bridges (BLAN).


Definitions

A Trunk Link is a LAN segment used to multiplex VLANs between VLAN Bridges.

All devices connect to a Trunk Link must be VLAN aware.

All frames (including end station frames) on a Trunk Link are explicitly tagged with a VLAN ID.

A Hybrid Link is a LAN segment that has both VLAN aware and unaware devices.There can be a mix of Tagged Frames and Untagged

Frames but they must be from different VLANs.


VLANTopology

H

VLANA

VAB

VLANA VLANC

H H

H

H VLANB

VAB

VAB

Hybrid Link

VLANB

Access Link

VLANA

B

VLANC

802.1D BLAN

VLANC

H

H

H

H

H

B

H

H

Access Link

Access Link

Access Link H

H

Trunk Link

Spanning TreeH

Group in VLANA

H


Rules for Tagging Frames

For each VLAN, all frames traversing a particular hybrid link must be tagged the same way:

All implicitly tagged orAll carrying the same explicit tag.

There can be a mix of implicitly and explicit tagged frames but they must be for different VLANs.

All the frames for VLANs A and B are explicit tagged on the hybrid link.

All frames for VLAN C on the hybrid link are implicitly tagged.

On the trunk link all frames are tagged.


Spanning Tree

Eliminate loops in a bridged LAN. Improve scalability in a large network.Spanning tree formed in a virtual LAN environment ne

ed not be identical to the topology of the VLAN(S).Each VLAN may be overlaid on different segments or e

ntirely separate from each other.All VLANs are aligned along the Spanning Tree from w

hich they are formed.A VLAN is defined by a subset of the Spanning Tree.The topology of the VLAN is dynamic.


Bridge Operation

A Bridge filters frames to ensure that traffic destined for a given VLAN is forwarded only on segments that form a path to members of that VLAN.

For each VLAN, the bridge needs to keep:Member set (Port IDs)Untagged set (Port IDs)


Addressing Learning

Shared VLAN Learning (SVL)Independent VLAN Learning (IVL)In most cases, SVL or IVL produces the

same result. But in some special cases, we need to specify the learning mode of bridge.


Server (Bridge-Router, or Connector) connecting multiple independent VLANs.

Connector and stations are VLAN unaware (untag).Connector did not turn on spanning tree algorithm.VLAN Red (A) <--> VLAN Blue (B) should be delivered to

Connector (firewalled).The Filtering databases should be independent. Other

wise, MAC A(B) will be learned from different ports 1,4 (2,3) alternatively.

The frames from A (B) to B(A) will be delivered in a wrong way.

IVL Example -- Multiple Independent VLANs


虛擬網路橋接器

PVID = Red

PVID = Red

PVID = Blue

PVID = Blue

傳統橋接路徑器（連接器）

Port X Port Y

Port 4Port 3

Port 2Port 1

A B

A XB Y

MAC Port

A 1B 3

MAC PortVLAN Red

A 4B 2

MAC PortVLAN Blue

成員集合：Red - Ports 1,3Blue - Ports 2,4無標籤集合：Red - Ports 1,3Blue - Ports 2,4

過濾資料庫

IVL Example -- Multiple Independent VLANs

Correct pathsFor A->B and B->A


PVID = Red

PVID = Red

PVID = Blue

PVID = Blue

傳統橋接路徑器（連接器）

Port X Port Y

Port 4Port 3

Port 2Port 1

A B

A XB Y

MAC Port

A 4B 3

MAC PortSVL (Red, Blue)

成員集合：Red - Ports 1,3Blue - Ports 2,4無標籤集合：Red - Ports 1,3Blue - Ports 2,4

過濾資料庫

If SVL is used for this case

?

Incorrect pathFor B->A


Server (Bridge-Router, or Connector) connecting multiple independent VLANs.

Server is VLAN aware (tagging frames) and stations are VLAN unaware.

VLAN Red : A <--> ServerVLAN Blue : B <--> ServerThe Filtering databases should be independent. Othe

rwise, MAC A(B) will be learned from different ports alternatively.

The frames from server with tag Blue or Red may be filtered.

IVL Example (2) -- Multiple Independent VLANs



PVID = Discard

PVID = Red

PVID = Blue

虛擬橋接路徑器（連接器）

Port 1

Port 3

Port 2Port 1

A B

A 1B 1

MAC Port

成員集合：Red - Ports 1,3Blue - Ports 2,3無標籤集合：Red - Port 1Blue - Port 2

共享過濾資料庫 (Red, Blue)

A 1B 3

MAC PortVLAN Red

A 3B 2

MAC PortVLAN Blue

IVL Example (2) -- Multiple Independent VLANs

B A


PVID = Discard

PVID = Red

PVID = Blue

虛擬橋接路徑器（連接器）

Port 1

Port 3

Port 2Port 1

A B

A 1B 1

MAC Port


共享過濾資料庫 (Red, Blue)


B A

A 1 <-> 3B 2 <-> 3

MAC PortSVL (Red, Blue)


Stations A and B use the same MAC address X.

Server is VLAN aware (tagging frames) and stations are VLAN unaware.

VLAN Red : A <--> ServerVLAN Blue : B <--> ServerThe Filtering databases should be

independent. Otherwise, MAC X will be learned from different ports alternatively.

The frames from server with tag Blue (Red) may be forwarded to wrong destination A (B).

IVL Example (3) -- Duplicate MAC addresses



PVID = Discard

PVID = Red

PVID = Blue

伺服器 (VLAN-aware)

Port 3

Port 2Port 1

A B

X 1MAC PortVLAN Red

X 2MAC PortVLAN Blue


MAC X MAC X

IVL Example (3) -- Duplicate MAC addresses


PVID = Discard

PVID = Red

PVID = Blue

伺服器 (VLAN-aware)

Port 3

Port 2Port 1

A B


MAC X MAC X


X 1 <-> 2MAC Port

SVL (Red, Blue)

Incorrect pathFor Server ->A

? ?


Typically, two stations A and B belong to the same VLAN use the same VID to communicate.

Asymmetric VLAN: A->B and B -> A use different VIDs.

All server and stations are VLAN unaware (untagging frames)

A -> S and S->B but not A <-> B for security reason.VLAN Purple : Server --> A or BVLAN Red : A --> ServerVLAN Blue : B --> Server

Asymmetric VLAN


Asymmetric VLAN

If the Filter databases of VLAN Red and Purple are independent, then the frame from the server to B will be forwarded to both A and B due to A is not learned by VLAN Purple. Broadcast the frame in VLAN Purple for this case.

SVL is required for Asymmetric VLAN !!



PVID = Purple

PVID = Red

PVID = Blue

伺服器 S (VLAN-unaware)

Port 3

Port 2Port 1

A B

A 1MAC Port

成員集合：Purple - Ports 1,2Red - Port 3Blue - Port 3無標籤集合：Purple - Ports 1,2Red - Port 3Blue - Port 3

B 2S 3

共享過濾資料庫 (Purple, Red, Blue)

Red Blue

Purple Purple

Asymmetric VLAN


PVID = Purple

PVID = Red

PVID = Blue

伺服器 S (VLAN-unaware)

Port 3

Port 2Port 1

A B

成員集合：Purple - Ports 1,2Red - Port 3Blue - Port 3無標籤集合：Purple - Ports 1,2Red - Port 3Blue - Port 3

Purple Purple

If IVL is used for this caseS A or S B, but will S A and B

S 3MAC PortVLAN Purple

A 1MAC PortVLAN Red

B 2MAC PortVLAN Bule


Static Filtering EntryStatic VLAN Registration Entry

Dynamic Filtering EntryDynamic VLAN Registration Entry

Group Registration Entry

The Filtering Database


Static Filtering Entry

MAC VLAN ID Port MAP

MACa 2

MACb 3 MACc 3

MACd 2

MACe 4

Control ElementIndividual MAC, Group MAC, All Group MAC, All Unregistered Group MAC

Forward, Filter, According to dynamic FD


Static VLAN Registration Entry

VLAN ID Port MAP

2

3 4

5

6

Control ElementGVRP Registrar Administrative Control : Registration Fixed, Forbidden, Normal.Tagged/Untagged


Dynamic Filtering Entry (By Learning Process) MAC FID Port (MAP) Time

MACa 2

MACa 3 MACb 3

MACb 2

MACc 4

Individual MAC

20012010025060


Group Registration Entry (by GMRP Protocol)

MAC VLAN ID Port MAP

MACa 2

MACb 3 MACc 3

MACd 2

MACe 4

Control ElementGroup MAC, All Group MAC, All Unregistered Group MAC

Forward (Registered), Filter (Unregistered)


Dynamic VLAN Registration Entry

VLAN ID Port MAP

2

3 4

5

6

Control ElementVID is registered on this port ?


VLAN Tag Structure

Tag Protocol Identifier (TPID)Tag Control Information (TCI)

User-PriorityCanonical Format IndicatorVID Ethernet-encoded

TPID

TCI

SNAP-encoded TPID

TCI

3 1 12 Bits

Canonical Format IndicatorUser-Priority

VLAN Identifier (VID)

2

2

8

2


3 1 12 位元

VLAN Identifier (VID)

Canonical Format Indicator (CFI)

User Priority (0-7)

Ethernet-encoded TPID (81-00)

TCI LEN RIF

2 2 2 2-30 位元組

Tag Format (Ethernet-encoded)


3 5 1 6 1 位元

NC

FI

RC Route Descriptors

2 0-28 位元組

RT (X) LTH D LF

Tag Format (Ethernet-encoded)

RIF

RT (Routing Type): Transparent bridges or Source-routing bridgesLength: 2 for no route descriptorsDirection:Largest Frame : <= 1470 bytesNon-canonical Format Indicator


SNAP Header (AA-AA-03)

SNAP-encoded TPID

TCI

8 2 位元組

Tag Format (SNAP-encoded)

SNAP PID (00-00-00)

Tag Type (81-00)

3 位元組

3 位元組

2 位元組


Network Dependency

E-C-T (Ethernet, Canonical, Transparent)E-C-R (Ethernet, Canonical, Source-Routed)E-N-T (Ethernet, Non-Canonical,

Transparent)E-N-R (Ethernet, Non-Canonical, Source-

Routed)L-C-T (LLC, Canonical, Transparent)L-C-R (LLC, Canonical, Source-Routed)L-N-T (LLC, Non-Canonical, Transparent)L-N-R (LLC, Non-Canonical, Source-Routed)


Frame Types

E-C-T/E,T

Ethernet frame or LLC frame (E,L)

Canonical or Non-canonical (C, N)

Transparent or Source-routed (T,R)

Ethernet or Token-Ring (E,R)

Tagged frame (T)


DA

SA

Tag 標頭 (ETPID+TCI)

CFI = C PT

N 位元組C-Data

46 <= N <= 1496

FCS

DA

SA


CFI = CLEN

N 位元組LLC+C-Data+Pad42 <= N <= 1496

FCS

E-C-T/E,T L-C-T/E,T

VLAN Tagged Frames on 802.3/ Ethernet Media


DA

SA


CFI = 1

PT

FCS

N 位元組C-Data or N-Data 46 <= N <= 1470

E-N-T/E,TE-C-R/E,TE-N-R/E,T RIF

(0 <= R <= 30)

CFI = C or N

DA

SA


CFI = 1

PT

FCS

N 位元組LLC+C-Data+Pad

or LLC+N-Data+Pad

42-R <= N <= 1470

L-N-T/E,TL-C-R/E,TL-N-R/E,TRIF

(0 <= R <= 30)

CFI = C or N

VLAN Tagged Frames on 802.3/ Ethernet Networks


DA

SA

Tag 標頭(STPID+TCI)CFI = C or N

RIF(0 <= R <=

30)

SPT + N 位元組C-Data or D-Data46 <= N <= 1470

FCS

AC (TR only) FC

DA

SA

RIF(0 <= R <= 30)

N 位元組LCC + C-Data or D-Data

FCS

AC (TR only) FC

E-C-T/R,TE-N-T/R,TE-C-R/R,TE-N-R/R,T

L-C-T/R,TL-N-T/R,TL-C-R/R,TL-N-R/R,T

Tag 標頭(STPID+TCI)CFI = C or N

VLAN Tagged Frames on Token-Ring/ FDDI Networks


E-C-T/R,TE-N-T/R,TE-C-R/R,TE-N-R/R,TL-C-T/R,TL-N-T/R,TL-C-R/R,TL-N-R/R,T

802.3/Ethernet ( 無標籤 )

Token-Ring/FDDI ( 無標籤 )

802.3/Ethernet ( 貼標籤 )

Token-Ring/FDDI ( 貼標籤 )

E-C-T/R,UE-N-T/R,UE-C-R/R,UE-N-R/R,UL-C-T/R,UL-N-T/R,UL-C-R/R,UL-N-R/R,U

E-C-T/C,UE-N-T/C,UE-C-R/C,UE-N-R/C,UL-C-T/C,UL-N-T/C,UL-C-R/C,UL-N-R/C,U

E-C-T/C,TE-N-T/C,TE-C-R/C,TE-N-R/C,TL-C-T/C,TL-N-T/C,TL-C-R/C,TL-N-R/C,T

Q Q

H

Q+H Q+H

Q+H


VLAN System Example -Cisco

Inter-Switch Link Protocol (ISL) for Fast Ethernet-based Backbone networks

Modified IEEE 802.10 Security Protocol for FDDI-based Backbone networks


Cisco交換器 C

Cisco 交換器 A

Cisco 交換器 B

原訊框

ISL 訊框

Fast Ethernet 骨幹網路

原訊框

VLAN 1 VLAN 2

VLAN 3

2/1 2/2 3/1 2/1 2/2 3/2

1/1 1/2

1/1 1/2

Inter-Switch Link Protocol (ISL)


Address Constant(AA-AA-03)

VLAN ID

包裝訊框

Destination Type User Source Length Address Address

High-Bits Source Address (00-00-0C)

BPDU Index Resv CRC

40 4 4 48 16 位元

24 24 15 1 16 16 8-196,600 32 位元 ISL 標頭

ISL Frame Format

(01-00-0C-00-00)Type : Ethernet (0000) Token-Ring (0001) FDDI (0010) ATM (0011)

Port index


使用修改過之 IEEE 802.10 通訊協定之 FDDI 骨幹網路

Cisco交換器

Cisco交換器

Cisco交換器

Cisco路徑器

原訊框

原訊框

IEEE 802.10 訊框

IEEE 802.10 Security Protocol


IEEE 802.10 was developed in 1992 for security service over shared LANs.

Encryption and Authentication services.Secure Data Exchange Protocol Data Unit

(SDE PDU).The IEEE 802.10 header and ICV (Integrity Chec

k Value) are inserted into the original frame.

Modified 802.10 Frame Format


MAC 標頭

802.10 LSAP SAID MDF

Station ID

FragFlag 資料 ICV

Destination Source Length Address Address (+16)

802.10 標頭

可加密範圍

未保護標頭受保護標頭

Modified 802.10 Frame Format

LSAP : Logical SAP (0A-0A-03)SAID: Security Association ID -> VLAN IDStation ID: Source Address (duplicate)Fragment Flag: False


GARP VLAN Registration Protocol (GVRP)


GVRP Overview

A GARP application using GARP GID (GARP Information Declaration) and GIP (GARP Information Propagation ).

GVRP provides a mechanism for:dynamic maintenance of the Member Sets for each VLAN of a

Bridge;propagates the information they contain to other Bridges;allows GVRP-aware devices to dynamically establish and up

date which VLANs are currently have active members, and through which Ports they can be reached.

Similar to GMRP, but attribute values carried is 12-bit VID values, rather than 48-bit MAC addresses.


區域網路 1 區域網路 2

LLC LLC

訊框接收 /傳送程式

埠 1 埠 2

GVRP ApplicationGID

GVRP Participant GVRP Participant

訊框轉送程式

GIP

GVRP ApplicationGID

過濾資料庫


GVRP in Bridges/Switches


區域網路

LLC


埠

GVRP ApplicationGID

GVRP Participant

過濾資料庫

GVRP in Host Station


VLAN Registration Service Definition

ES_REGISTER_VLAN_MEMBER(VID): MAC service user wishes to receive frames destined for the VID.

ES_DEREGISTER_VLAN_MEMBER(VID): MAC service user no longer wishes to receive frames destined for the VID.

On receipt of above message, GVRP issues a GID_Join.request/ GID_Leave.request service primitive with attribute_type = VID Attribute Type, attribute_value = VID.

On receipt of a GID_Join.indication/GID_Leave.indication from GID with attribute_type = VID Attribute Type, the GVRP adds/remove the port concerned to the Member Set of the VLAN.


Definition of the GVRP Application

GVRP Application Identifier: 0000 0000 0000 0001

GVRP Application Address: xx-xx-xx-xx-xx-x1GVRP Attribute Type: VID Type (0000 0001)GVRP Attribute Values: VID value (two octets)

.All GARP PDUs sent and received by GVRP Par

ticipants are transmitted as Untagged Frames.


Traffic Class and Dynamic Multicast Filtering Services

in Bridged LANs (IEEE 802.1p)


GMRP Introduction

GMRP provides a mechanism that allows GMRP participants to dynamically register, de-register information with the MAC Bridges attached to the same LAN segment.

For that information to be disseminated across all Bridges in the Bridged LAN.


GMRP IntroductionGroup membership information

» indicates that one or more participants that are members of a particular Group exists.

» result in the creation or updating of Group Registration Entries in the Filtering Database.

Port Filtering Mode information» Indicates that one or more participants require Port Filtering Mode A or B operation.

» Used to change the current Port Filtering Mode of the Port on which it is received.


Model of Operation

GMRP defines a GARP Application which makes use of:GID and GIP offered by GARP to declare and propagate information .

The Group Membership information propagated results in the formation of a directed graph. The directed graph points, from any Filtering Database to all LAN segments to which the original sources of the information are attached.


Model of Operation

The Forwarding Process in the Bridge makes use of the directed graph to determine the directions in which frames should be forwarded or discarded.

The directed graph defines the subtree of the Spanning Tree.

Sources of MAC frames destined for the Group do not themselves have to register membership of the Group.


Example of Directed Graph (For a Single Group)

FilteringDatabase

FilteringDatabase

FilteringDatabase

FilteringDatabase

M

M

FilteringDatabase

FilteringDatabase

M

M

LAN A

LAN B LAN C

Hub-based


Propagation of Port Filtering Mode Information

If any Port in a given Bridge is operating in Port Filtering Mode A or B, this fact is propagated on all other Ports of the Bridge, resulting in Ports of adjacent Bridges switching to Port Filtering Mode A or B if they were in a higher Port Filtering Mode.

A GMRP-aware end station requiring to be able to receive all multicast traffic can achieve this end by declaring Port Filtering Mode A on the LAN segment to which it is attached. (Traffic Monitoring)


Definition of the GMRP Application

GMRP Application Identifier: 0000 0000 0000 0000

GMRP Application address: xx-xx-xx-xx-xx-x0GMRP Attribute Types:

Group Attribute Type (0000 0001);Port Filtering Mode Attribute Type (0000 0002).

GMRP Attribute Values:Only Group MAC address. (6 octets)Port Filtering Mode (1 octet) :

Mode A (0000 0000), Mode B (0000 0001).


End System Registration and De-registration

ES_REGISTER_GROUP_MEMBER /ES_DEREGISTER_GROUP_MEMBER

GMRP Participant issues a GID_Join.request /GID_Leave.request service primitive (,,,).

ES_REGISTER_MODE/ES_DEREGISTER_MODE

GMRP Participant issues a GID_Join.request/ GID_Leave.request service primitive (,,,).


Forwarding ProcessSource PortState Info

Dest PortState Info

FilteringDatabase

Frame Reception

Frame Discard

Frame Transmission

a b c d e f g

a : Enforcing Topology Restrictionb : Filtering Framesc : Regenerating User Priorityd : Queuing Framese : Selecting Frame for Transmissionf : Mapping Priorityg : Recalculating FCS

User Traffic Priority Class

0 - 4 05 - 7 1


Group Registration

The GMRP Application responds to registration and de-registration events signaled by GID as follows:On receipt of a GID_Join.indication whose

attribute value is equal to the value of the Group Attribute Type

» GMRP updates any Group Registration Entry in the Filtering Database for the address specified in the attribute_value parameter.

» If such a Filtering Database entry does not exist in the Filtering Database, a new Group Registration Entry is created.


Group Registration

On receipt of a GID_Leave.indication whose attribute value is equal to the value of the Group Attribute Type

» GMRP updates any Group Registration Entry in the Filtering Database for the address specified in the attribute_value parameter.

» If such a Filtering Database entry does not exist , then the indication is ignored.

» If the removal of the Port identifier from the Group Registration Entry result in there being no Port identifier in the member_port_set, then the Group Registration Entry is removed.

On receipt of a GID_Join.indication or a GID_Leave.indication whose attribute_type is equal to the value of the Port Filtering Mode Attribute Type, the GMRP updates the current Port Filtering Mode


Service Primitives for Basic Filtering Services

Dynamic Unicast Filtering ServicesES_IMPLICIT_REGISTER_FOR_RECEIVE(MAC_ADDRESS)Whose operation is supported by the creation of Dynamic F

iltering Entries by the learning processTopology Enforcement Filtering Services

MANAGER_ALLOCATE_STATIC_FILTER(MAC_ADDRESS,PORT_MAP,USER_PRIORITY)

MANAGER_DEALLOCATE_STATIC_FILTER(MAC_ADDRESS)Whose operation is supported by the creation of Static Filte

ring Entries via the management.


Service Primitives for Extended Filtering Services

Group Membership Registration and De-registration

ES_REGISTER_GROUP_MEMBER(MAC_ADDRESS, USER_PRIORITY) ES_DEREGISTER_GROUP_MEMBER(MAC_ADDRESS) ES_REGISTER_MODE(PORT_FILTERING_MODE) ES_DEREGISTER_PORT_FILTERING_MODE(MODE)

Static Group Registration/De-registration MANAGER_REGISTER_GROUP(MAC_ADDRESS, PORT_SET,

USER_PRIORITY) MANAGER_DEREGISTER_GROUP(MAC_ADDRESS)

Filtering State Configuration MANAGER_DEFINE_DEFAULT_FILTERING_STATE(PORT,STATE) MANAGER_SET_DEFAULT_FILTERING_STATE(PORT) MANAGER_SET_FILTERING_STATE(PORT,STATE)


The Filtering Database

Filtering EntriesConsists of MAC_address, port_specification elements.

Static Filtering InformationDynamic Filtering InformationA Filtering Entry shall not contain both static and

dynamic filtering information.Group Registration Entries

Consists of MAC_address, member_port_setOnly dynamic filtering information

Permanent DatabaseProvides fixed storage for static entries (define the

initial state of all static entries in the FD).


Generic Attribute Registration Protocol (GARP)


Generic Attribute Registration Protocol (GARP)

The GARP provides the generic attribute dissemination capability that is used by participants in GARP Applications to register and de-register attribute values with other GARP Participants within a Bridged LAN.


A A AA

A AAA

A Aa

a

a

a a

a

LAN 2 LAN 3 LAN 4

A

a

a a

a

a a

a a

a

a

LAN 1

a = Registration of attribute value AA=Declaration of attribute value A

GARP Purpose


GARP Overview

Allows GARP Applications (GMRP, GVRP,...) to make declaration , or withdraw declaration, relative to attribute values.

Declaration/Withdraw declaration will result in the Registration/De-registration for those Attribute values to all devices within the bridged LAN.

Each attribute value has it’s own state variable.The current registration state of an attribute

value on a port is recorded by means of the state variable.

De-registration of a given attribute value occurs only if all participants connected to the same LAN segment as the port withdraw the declaration.


GARP Architecture

LLC LLC

GIP

GARPApplication

GARPApplication

GID GID

GARP Participant GARP Participant

Port 1 Port 2

Two - Port Bridge


GARP Architecture (cont.)

A GARP Participant consists of GARP Application (GVRP, GMRP)GARP Information Declaration (GID)

Propagation of information between participants in a bridge is carried out by the GARP Information Propagation (GIP).

Each GARP Application has Group MAC Address used to exchange GARP PDUs between GARP Participant for that application.


GARP Architecture (cont.)

GARP Application is responsible for defining the semantics associated with parameter values and operators recorded in GARP PDUs, and for generating GARP PDUs for transmission.

GID is responsible for declaration and registration of attribute value, and provides primitives for GID user to use, and GID’s operation is defined by these primitives and some State Transition Table.


GID Primitives

DeclarationGID_Join.request(attribute_type,attribute_value)GID_Leave.request(attribute_type,attribute_value)GID request can be generated both by GARP

application and GIPRegistration

GID_Join.indication(attribute_type,attribute_value)GID_Leave.indication(attribute_type,attribute_valu

e)GID indication can be received both by GARP

application and GIP


GARP Application Address

Assignment Value

GMRP address

GVRP address

Reserved

Reserved

XX-XX-XX-XX-XX-X0

XX-XX-XX-XX-XX-X1

XX-XX-XX-XX-XX-X2

XX-XX-XX-XX-XX-XF

..........


GARP Operation Overview -- End_Station

High level UserHigh level User

LLCLLC

GARPApplication

GID

GARP Participant

1

2 3

4

1. End_Station issues ES_REGISTER2. GARP Application issues GID_Join.request3. GID responses GID_Join.indication4. GID sends GARP PDUs


GARP Operation Overview -- Bridge

High level UserHigh level User

GARPApplication

GID

LLCLLC

GARP Participant

GARPApplication

GID

GARP Participant

GIP

Update Data

1

2 33

4

4

5

1. GARP PDUs received2. Issue GID primitive according Message within GARP PDUs3. GID responses indication to AP and GIP4. AP updates data what it concerned. GIP propagates info. to other ports on this bridge according to spanning tree5. GID of other port retransmits GARP PDUs


GARP Protocol Operation

GARP protocol operation is based on GARP messages and two protocol components: Registrar and Applicant .

GARP messagesEmpty: Not trying to declare, not registered, but care an

y participants that wish to declare. JoinEmpty: Wish to declare, not registered, but care any

participants that wish to declare.JoinIn: Wish to declare, and will behave as if there are re

gistered.Leave: Had registered, but now in the process of de-regi

ster it.LeaveAll: All registration will shortly be de-registered


GARP Protocol Operation (cont.)

RegistrarUsed to record attribute registration declared by

other participants.Does not send any protocol message.

ApplicantRecord the current state of declared attribute

values.To ensure this participant’s declaration are

registered by other participant’s registrar within the bridged LAN.

To ensure that other participants have a chance to re-declare (rejoin) after anyone withdraw a declaration (Leave).


Registrar behavior

Has a single timer, the leave timer, and three states:

IN : I have registered the fact that this attribute value has been declared on this segment ;

MT : All declarations for this attribute value on this segment have been withdraw;

LV :I had registered this attribute value, but now am timing out the registration (using leave timer).

Registrar reacts to received messages as follow: A Join message causes registrar become IN; If registrar was IN, then a Leave or LeaveAll causes it to beco

me LV. Otherwise (LV or MT) there is no effect; An Empty message has no effect.


Applicant behavior

If no message lost, only one message be content that all registrars would register its declaration.

In order to record the numbers of messages propagated across the bridged LAN, it maintains a state variable :

V or Very Anxious, message = 0; A or Anxious, message = 1; Q or Quiet, message = 2; L or Leaving, records the pending need to send a message at the next

transmission opportunity. If a JoinEmpty, Empty, Leave, or LeaveAll message is recei

ved the counter is set to 0 (state V).


Members and Observers

A member is a participant that attempting to make or maintain a declaration for a given attribute value, or who has not yet sent the Leave message to allow him to leave.

A observer tracks the attribute state but does not wish to make a declaration.

We have three states for members an observers: A, or Active Member; P, or Passive Member; O, or Observer

An observer is required to become a member , it first becomes a passive member.

A passive member sends a join message, it becomes active member.

An active member received a Leave or LeaveAll message, it becomes a passive member


Applicant State

Combine {V,A,Q,L} and {A,P,O} we have the follow states : {VA,AA,QA,LA,VP,AP,QP,VO,AO,QO,LO}

Note that there is no LP (Leaving Passive Member) state, since a passive member can transition directly to an observer state when it wishes to withdraw a declaration.


GARP PDU Format PID AP ID No. of messages

Msg Length Msg Atrr Message Body Type Type (May be null)

1 2 3 4 5 6 OctetsHeader structure

Message structure

Message Body structure

Operator structure

Operator 1

Operator N

...

1 2 . . . . . Operator length

Operator Operator Operand Length Type


GARP PDU Format

Protocol Identifiers Application Identifiers No. of Message : Unsigned binary number, equal to the number of

messages that follow the GARP PDU Header. Message Length : Unsigned binary number, equal to the number of

octets occupied by the message (inclusive of the message length). The minimum value of this parameter is 4 .

Message Type : 0 : Identifies a Packed message; 1 : Identifies a LeaveAll message; 2 : Identifies a LeaveAllInRange message.

Attribute Type : 0 : Indicates that this message applies to all attribute

types defined by the application concerned;

1 ~ N : Indicates that this message applies to a specific attribute type.


GARP PDU Format (cont.)

Operator length : Unsigned binary number, equal to the number of octets occupied by the operator, inclusive of the operator length field.

Operator type: 0 : LeaveAll Range operator; 1 : JoinIn operator; 2 : JoinEmpty operator; 3 : LeaveIn operator; 4 : LeaveEmpty operator; 5 : Empty operator.

Operand : A single Attribute value; or An attribute value range, consisting a start of range attribute

value followed by an end of range attribute value.


LeaveAll Message format

Protocol Identifier = xxxx xxxx xxx xxxx Application Identifier = xxxx xxxx xxxx xxxx No. of Message = 1 Message Length = 4 Message Type = 1 Attribute Type = 0 or valid value for GARP application conc

erned.


LeaveAllInRange Message format

Protocol Identifier = xxxx xxxx xxx xxxx Application Identifier = xxxx xxxx xxxx xxxx No. of Message = 1 Message Length = 6+(2*N), N is the length in octets of an att

ribute value of type attribute type . Message Type = 2 Attribute Type = Any valid value for GARP application conce

rned. Operator Length = 2+(2*N), N is the length in octets of an att

ribute of type attribute type. Operator Type = 0. Operand = Carries an attribute value range for the attribute

type defined in the message.


Packed Message format

Protocol Identifier = xxxx xxxx xxx xxxx Application Identifier = xxxx xxxx xxxx xxxx No. of Message = Message Length = 4+N, N is the in octets of the set of operato

rs contained in the packed message; Message Type = 0; Attribute Type = Valid value for GARP application concerned. A set of one or more operators

Operator length = 2+N, N is length in octets of the attribute value contained in the operand;

Operator Type = 1 ,or 2 ,or 3 ,or 4 ,or 5; Operand = Carries the attribute value of the attribute type defin

ed by the message in which the operator is carried.


Timer Values

Parameter Value(centisecends)

JoinTime 20

LeaveTime 60

LeaveAllTime 1000

GARP time parameter values

Documents

國立清華大學資訊系黃能富教授 1 Virtual LAN and Dynamic Multicast Filtering Technologies All rights reserved. No part of this publication and file may be reproduced,