Professional Documents
Culture Documents
High
School
City : Kabul
Email : Noori2010@hotmail.com
Phone : +93-779099009
Introduction
The school is renowned for a history of excellence….a place for learning and
growth, where students on all ages and levels are encouraged to learn, to
challenge the ordinary and to excel. The board of governors, faculty and
staff welcome you to you dream point of learning and experience. KEN is an
exciting, creative, challenging place to learn
OSPF (Open Shortest Path First)
Overview
Adjacency state machine
Protocol messages
Area types
Backbone area
Stub area
Not-so-stubby area
Proprietary extensions
Transit area
Router types
Router attributes
Routing metrics
Extensions
History
Implementation
Motivation
Broadcast domains
IEEE 802.1Q
Protocol-based VLANs
DHCP
What Is DHCP?
Benefits of DHCP
Why use DHCP
DHCP server
DHCP client
Overview[edit]
OSPF is an interior gateway protocol (IGP) for routing Internet Protocol (IP) packets solely within
a single routing domain, such as an autonomous system. It gathers link state information from available
routers and constructs a topology map of the network. The topology is presented as a routing table to
the Internet Layer which routes datagrams based solely on the destination IP address found in IP
packets. OSPF supports Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) networks
and featuresvariable-length subnet masking (VLSM) and Classless Inter-Domain Routing (CIDR)
addressing models.
OSPF detects changes in the topology, such as link failures, and converges on a new loop-free
routing structure within seconds. It computes the shortest path tree for each route using a method
based on Dijkstra's algorithm, a shortest path first algorithm.
The OSPF routing policies for constructing a route table are governed by link cost factors
(external metrics) associated with each routing interface. Cost factors may be the distance of a router
(round-trip time), data throughput of a link, or link availability and reliability, expressed as simple
unitless numbers. This provides a dynamic process of traffic load balancing between routes of equal
cost.
OSPF does not use a TCP/IP transport protocol, such as UDP or TCP, but encapsulates its data in
IP datagrams with protocol number 89. This is in contrast to other routing protocols, such as the Routing
Information Protocol (RIP) and the Border Gateway Protocol (BGP). OSPF implements its own error
detection and correction functions.
For routing multicast IP traffic, OSPF supports the Multicast Open Shortest Path First protocol
(MOSPF) as defined in RFC 1584.[5] Cisco does not include MOSPF in their OSPF implementations. PIM
(Protocol Independent Multicast) in conjunction with OSPF or other IGPs, is widely deployed.
The OSPF protocol, when running on IPv4, can operate securely between routers, optionally
using a variety of authentication methods to allow only trusted routers to participate in routing. OSPFv3,
running on IPv6, no longer supports protocol-internal authentication. Instead, it relies on IPv6 protocol
security (IPsec).
Router relationships[edit]
OSPF supports complex networks with multiple routers, including backup routers, to balance
traffic load on multiple links to other subnetworks. Neighboring routers in the samebroadcast domain or
at each end of a point-to-point telecommunications communicate with each other via the OSPF protocol.
Routers form adjacencies when they have detected each other. This detection is initiated when a router
identifies itself in a Hello protocol packet. Upon acknowledgment, this establishes a two-way state and is
the most basic relationship. The routers in an Ethernet or Frame Relay network select a Designated
Router (DR) and a Backup Designated Router (BDR) which act as a hub to reduce traffic between routers.
OSPF uses both unicast and multicast transmission modes to send "Hello" packets and link state
updates.
As a link state routing protocol, OSPF establishes and maintains neighbor relationships for
exchanging routing updates with other routers. The neighbor relationship table is called an adjacency
database. Two OSPF routers are neighbors if they are members of the same subnet and share the same
area ID, subnet mask, timers and authentication. In essence, OSPF neighborship is a relationship
between two routers that allow them to see and understand each other but nothing more. OSPF
neighbors do not exchange any routing information - the only packets they exchange is Hello packets.
OSPF adjacencies are formed between selected neighbors and allow them to exchange routing
information. So, two routers must first be neighbors and only then, can they become adjacent. Two
routers become adjacent if at least one of them is Designated Router or Backup Designated Router (on
multiaccess type networks), or they are interconnected by a point-to-point or point-to-multipoint
network type. For forming a neighbor relationship between, the interfaces used to form the relationship
must be in the same OSPF area. Generally an interface is only configured in a single area, however, an
interface may be configured to belong to multiple areas. In the second area, such an interface must be
configured as a secondary interface.[6]
Each OSPF router within a network communicates with other neighboring routers on each
connecting interface to establish the states of all adjacencies. Every such communication sequence is a
separate conversation identified by the pair of router IDs of the communicating neighbors. RFC
2328 specifies the protocol for initiating these conversations (Hello Protocol) and for establishing full
adjacencies (Database Description Packets, Link State Request Packets). During its course, each router
conversation transitions through a maximum of eight conditions defined by a state machine:[1][7]
1. Down: The state down represents the initial state of a conversation when no information has
been exchanged and retained between routers with the Hello Protocol.
3. Init: The Init state indicates that a HELLO packet has been received from a neighbor, but the
router has not established a two-way conversation.
6. Exchange: In the Exchange state, a router is sending its link state database information to the
adjacent neighbor. At this state, a router is capable to exchange all OSPF routing protocol
packets.
8. Full: The Full state concludes the conversation when the routers are fully adjacent, and the state
appears in all router- and network-LSAs. The link state databases of the neighbors are fully
synchronized.
Protocol messages
Unlike other routing protocols, OSPF does not carry data via a transport protocol, such as
the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP). Instead, OSPF forms IP
datagrams directly, packaging them using protocol number 89 for the IP Protocol field. OSPF defines five
different message types, for various types of communication:
Hello
Hello messages are used as a form of greeting, to allow a router to discover other adjacent
routers on its local links and networks. The messages establish relationships between neighboring
devices (called adjacencies) and communicate key parameters about how OSPF is to be used in the
autonomous system or area.
Database Description
These messages are used by one router to request updated information about a portion of the
LSDB from another router. The message specifies exactly which link(s) about which the requesting
device wants more current information.
These messages contain updated information about the state of certain links on the LSDB. They
are sent in response to a Link State Request message, and also broadcast or multicast by routers on a
regular basis. Their contents are used to update the information in the LSDBs of routers that receive
them.
Area types
An OSPF network is divided into areas that are logical groupings of hosts and networks. An area
includes its router having interfaces connected to the network. Each area maintains a separate link state
database whose information may be summarized towards the rest of the network by the connecting
router. Thus, the topology of an area is unknown outside of the area. This reduces the routing traffic
between parts of an autonomous system.
Areas are uniquely identified with 32-bit numbers. The area identifiers are commonly written in
the dot-decimal notation, familiar from IPv4 addressing. However, they are not IP addresses and may
duplicate, without conflict, any IPv4 address. The area identifiers for IPv6 implementations (OSPFv3) also
use 32-bit identifiers written in the same notation. When dotted formatting is omitted, most
implementations expand area 1 to the area identifier 0.0.0.1, but some have been known to expand it
as 1.0.0.0.
Backbone area
The backbone area (also known as area 0 or area 0.0.0.0) forms the core of an OSPF network. All
other areas are connected to it, and inter-area routing happens via routers connected to the backbone
area and to their own associated areas. It is the logical and physical structure for the 'OSPF domain' and
is attached to all nonzero areas in the OSPF domain. Note that in OSPF the term Autonomous System
Boundary Router (ASBR) is historic, in the sense that many OSPF domains can coexist in the same
Internet-visible autonomous system, RFC1996 (ASGuidelines 1996, p. 25).[8]
The backbone area is responsible for distributing routing information between nonbackbone
areas. The backbone must be contiguous, but it does not need to be physically contiguous; backbone
connectivity can be established and maintained through the configuration of virtual links.
All OSPF areas must connect to the backbone area. This connection, however, can be through a
virtual link. For example, assume area 0.0.0.1 has a physical connection to area 0.0.0.0. Further assume
that area 0.0.0.2 has no direct connection to the backbone, but this area does have a connection to area
0.0.0.1. Area 0.0.0.2 can use a virtual link through the transit area 0.0.0.1 to reach the backbone. To be a
transit area, an area has to have the transit attribute, so it cannot be stubby in any way.
Stub area
A stub area is an area which does not receive route advertisements external to the autonomous
system (AS) and routing from within the area is based entirely on a default route. An ABR deletes type 4,
5 LSAs from internal routers, sends them a default route of 0.0.0.0 and turns itself into a default
gateway. This reduces LSDB and routing table size for internal routers.
Not-so-stubby area
A not-so-stubby area (NSSA) is a type of stub area that can import autonomous system external
routes and send them to other areas, but still cannot receive AS-external routes from other areas.
[9] NSSA is an extension of the stub area feature that allows the injection of external routes in a limited
fashion into the stub area. A case study simulates an NSSA getting around the Stub Area problem of not
being able to import external addresses. It visualizes the following activities: the ASBR imports external
addresses with a type 7 LSA, the ABR converts a type 7 LSA to type 5 and floods it to other areas, the
ABR acts as an "ASBR" for other areas. The ABRs do not take type 5 LSAs and then convert to type 7 LSAs
for the area.
Proprietary extensions
Several vendors (Cisco, Allied Telesis, Juniper, Alcatel-Lucent, Huawei, Quagga), implement the
two extensions below for stub and not-so-stubby areas. Although not covered by RFC standards, they
are considered by many to be standard features in OSPF implementations.
A totally stubby area is similar to a stub area. However, this area does not allow summary routes
in addition to not having external routes, that is, inter-area (IA) routes are not summarized into totally
stubby areas. The only way for traffic to get routed outside of the area is a default route which is the
only Type-3 LSA advertised into the area. When there is only one route out of the area, fewer routing
decisions have to be made by the route processor, which lowers system resource utilization.
Occasionally, it is said that a TSA can have only one ABR. [10]
An addition to the standard functionality of an NSSA, the totally stubby NSSA is an NSSA that
takes on the attributes of a TSA, meaning that type 3 and 4 summary routes are not flooded into this
type of area. It is also possible to declare an area both totally stubby and not-so-stubby, which means
that the area will receive only the default route from area 0.0.0.0, but can also contain an autonomous
system boundary router (ASBR) that accepts external routing information and injects it into the local
area, and from the local area into area 0.0.0.0.
Redistribution into an NSSA area creates a special type of LSA known as type 7, which can exist
only in an NSSA area. An NSSA ASBR generates this LSA, and an NSSA ABR router translates it into type 5
LSA which gets propagated into the OSPF domain.
A newly acquired subsidiary is one example of where it might be suitable for an area to be
simultaneously not-so-stubby and totally stubby if the practical place to put an ASBR is on the edge of a
totally stubby area. In such a case, the ASBR does send externals into the totally stubby area, and they
are available to OSPF speakers within that area. In Cisco's implementation, the external routes can be
summarized before injecting them into the totally stubby area. In general, the ASBR should not advertise
default into the TSA-NSSA, although this can work with extremely careful design and operation, for the
limited special cases in which such an advertisement makes sense.
By declaring the totally stubby area as NSSA, no external routes from the backbone, except the
default route, enter the area being discussed. The externals do reach area 0.0.0.0 via the TSA-NSSA, but
no routes other than the default route enter the TSA-NSSA. Routers in the TSA-NSSA send all traffic to
the ABR, except to routes advertised by the ASBR.
Transit area
A transit area is an area with two or more OSPF border routers and is used to pass network
traffic from one adjacent area to another. The transit area does not originate this traffic and is not the
destination of such traffic.
Router types
OSPF defines the following overlapping categories of routers:
An area border router is a router that connects one or more areas to the main backbone
network. It is considered a member of all areas it is connected to. An ABR keeps multiple copies of the
link-state database in memory, one for each area to which that router is connected.
A backbone router has an interface to the backbone area. Backbone routers may also be area
routers, but do not have to be.
An autonomous system boundary router is a router that is connected by using more than one
routing protocol and that exchanges routing information with routers autonomous systems. ASBRs
typically also run an exterior routing protocol (e.g., BGP), or use static routes, or both. An ASBR is used
to distribute routes received from other, external ASs throughout its own autonomous system. An ASBR
creates External LSAs for external addresses and floods them to all areas via ABR. Routers in other areas
use ABRs as next hops to access external addresses. Then ABRs forward packets to the ASBR that
announces the external addresses.
The router type is an attribute of an OSPF process. A given physical router may have one or
more OSPF processes. For example, a router that is connected to more than one area, and which
receives routes from a BGP process connected to another AS, is both an area border router and an
autonomous system boundary router.
Each router has an identifier, customarily written in the dotted decimal format (e.g., 1.2.3.4) of
an IP address. This identifier must be established in every OSPF instance. If not explicitly configured, the
highest logical IP address will be duplicated as the router identifier. However, since the router identifier
is not an IP address, it does not have to be a part of any routable subnet in the network, and often isn't
to avoid confusion.
Router attributes
In addition to the four router types, OSPF uses the terms designated router (DR) and backup
designated router (BDR), which are attributes of a router interface.
Designated router
A designated router (DR) is the router interface elected among all routers on a particular
multiaccess network segment, generally assumed to be broadcast multiaccess. The basic neighbor
discovery process (Hello), flooding (224.0.0.6), DR election (priority, RID). Special techniques, often
vendor-dependent, may be needed to support the DR function on nonbroadcast multiaccess (NBMA)
media. It is usually wise to configure the individual virtual circuits of a NBMA subnet as individual point-
to-point lines; the techniques used are implementation-dependent.
A backup designated router (BDR) is a router that becomes the designated router if the current
designated router has a problem or fails. The BDR is the OSPF router with second highest priority at the
time of the last election.
A given router can have some interfaces that are designated (DR) and others that are backup
designated (BDR), and others that are non-designated. If no router is a DR or a BDR on a given subnet,
the BDR is first elected, and then a second election is held for the DR. [11] s a step-by-step DR election
example: How neighbor list, neighbor state, DR, and BDR are changed when receiving Hello) The DR is
elected based on the following default criteria:
If the priority setting on an OSPF router is set to 0, that means it can NEVER become a DR or BDR
(Backup Designated Router).
When a DR fails and the BDR takes over, there is another election to see who becomes the
replacement BDR.
The router sending the Hello packets with the highest priority wins the election.
If two or more routers tie with the highest priority setting, the router sending the Hello with the
highest RID (Router ID) wins. NOTE: a RID is the highest logical (loopback) IP address configured
on a router, if no logical/loopback IP address is set then the Router uses the highest IP address
configured on its active interfaces. (e.g. 192.168.0.1 would be higher than 10.1.1.2).
Usually the router with the second highest priority number becomes the BDR.
The priority values range between 0 - 255, [12] with a higher value increasing its chances of
becoming DR or BDR.
If a higher priority OSPF router comes online after the election has taken place, it will not
become DR or BDR until (at least) the DR and BDR fail.
If the current DR 'goes down' the current BDR becomes the new DR and a new election takes
place to find another BDR. If the new DR then 'goes down' and the original DR is now available,
still previously chosen BDR will become DR.
DR's exist for the purpose of reducing network traffic by providing a source for routing updates.
The DR maintains a complete topology table of the network and sends the updates to the other routers
via multicast. All routers in a multi-access network segment will form a slave/master relationship with
the DR. They will form adjacencies with the DR and BDR only. Every time a router sends an update, it
sends it to the DR and BDR on the multicast address 224.0.0.6. The DR will then send the update out to
all other routers in the area, to the multicast address 224.0.0.5. This way all the routers do not have to
constantly update each other, and can rather get all their updates from a single source. The use of
multicasting further reduces the network load. DRs and BDRs are always setup/elected on OSPF
broadcast networks. DR's can also be elected on NBMA (Non-Broadcast Multi-Access) networks such as
Frame Relay or ATM. DRs or BDRs are not elected on point-to-point links (such as a point-to-point WAN
connection) because the two routers on either sides of the link must become fully adjacent and the
bandwidth between them cannot be further optimized. DR and non-DR routers evolve from 2-way to full
adjacency relationships by exchanging DD, Request, and Update.
Routing metrics
OSPF uses path cost as its basic routing metric, which was defined by the standard not to equate
to any standard value such as speed, so the network designer could pick a metric important to the
design. In practice, it is determined by the speed (bandwidth) of the interface addressing the given
route, although that tends to need network-specific scaling factors now that links faster than 100 Mbit/s
are common. Cisco uses a metric like 10 8/bandwidth (the reference value, 10 8 by default, can be
adjusted). So, a 100Mbit/s link will have a cost of 1, a 10Mbit/s a cost of 10 and so on. But for links faster
than 100Mbit/s, the cost would be <1.
Metrics, however, are only directly comparable when of the same type. Four types of metrics
are recognized. In decreasing preference, these types are (for example, an intra-area route is always
preferred to an External route regardless of metric):
1. Intra-area
2. Inter-area
3. External Type 1, which includes both the external path cost and the sum of internal path costs to
the ASBR that advertises the route, [13]
4. External Type 2, the value of which is solely that of the external path cost,
Extensions
Traffi c engineering
In the Resource Reservati on Protocol (RSVP), OSPF-TE is used for recording and fl ooding
RSVP signaled bandwidth reservati ons for label switched paths within the link-state
database.
RFC 3717 documents work in opti cal routi ng for IP, based on "constraint-based"
extensions to OSPF and IS-IS. [15]
For non-broadcast multi ple-access networks (NBMA), RFC 2328 defi ned the following
two offi cial modes for OSPF:
nonbroadcast
point-to-multi point
Cisco has defi ned the following three additi onal modes for OSPF in NBMA topologies:
broadcast
point-to-point
Uses
Network architects set up VLANs to provide the network segmentati on services
traditi onally provided only by routers in LAN confi gurati ons. VLANs address issues such
asscalability, security, and network management. Routers in VLAN topologies
fi lter broadcast traffi c, enhance network security, perform address summarizati on, and
miti gatenetwork congesti on. Switches may not bridge network traffi c between VLANs,
as doing so would violate the integrity of the VLAN broadcast domain.
VLANs can also help create multi ple layer 3 networks on a single physical infrastructure.
For example, if a DHCP server is plugged into a switch it will serve any host on that
switch that is confi gured for DHCP. By using VLANs, the network can be easily split up
so some hosts will not use that DHCP server and will obtain link-local addresses , or
obtain an address from a diff erent DHCP server.
By using VLANs, one can control traffi c patt erns and react quickly to relocati ons. VLANs
provide the fl exibility to adapt to changes in network requirements and allow for
simplifi ed administrati on. [2]
VLANs can be used to parti ti on a local network into several disti ncti ve segments, [3] for
example:
Producti on
Voice over IP
Network management
Guest network
Demilitarized zone (DMZ)
A common infrastructure shared across VLAN trunks can provide a very high level of
security with great fl exibility for a comparati vely low cost. Quality of service schemes
can opti mize traffi c on trunk links for real-ti me (e.g. VoIP) or low-latency requirements
(e.g. SAN).
In cloud computi ng VLANs, IP addresses, and MAC addresses on them are resources
which end users can manage. Placing cloud-based virtual machines on VLANs may be
preferable to placing them directly on the Internet to avoid security issues. [4]
History
Aft er successful experiments with Voice over Ethernet from 1981 to 1984, Dr. W. David
Sincoskie joined Bellcore and began addressing the problem of scaling up Ethernet
networks. At 10 Mbit/s, Ethernet was faster than most alternati ves at the ti me;
however, Ethernet was a broadcast network and there was no good way of connecti ng
multi ple Ethernet networks together. This limited the total bandwidth of an Ethernet
network to 10 Mbit/s and the maximum distance between any two nodes to a few
hundred feet.
By contrast, although the existi ng telephone network's peak speed for individual
connecti ons was limited to 56 kbit/s (less than one hundredth of Ethernet's speed), the
total bandwidth of that network was esti mated at 1 Tbit/s, capable of moving over a
hundred thousand ti mes more informati on in a given ti mescale.
Although it was possible to use IP routi ng to connect multi ple Ethernet networks
together, it was expensive and relati vely slow. Sincoskie started looking for alternati ves
that required less processing per packet. In the process he independently reinvented
the self-learning Ethernet switch.[5]
To help alleviate this problem, Sincoskie invented VLANs by adding a tag to each
Ethernet packet. These tags could be thought of as colors, say red, green, or blue. Then
each switch could be assigned to handle packets of a single color, and ignore the rest.
The networks could be interconnected with three spanning trees, one for each color. By
sending a mix of diff erent packet colors, the aggregate bandwidth could be improved.
Sincoskie referred to this as a multi tree bridge. He and Chase Cott on created and
refi ned the algorithms necessary to make the system feasible. [6] This "color" is what is
now known in the Ethernet frame as the IEEE 802.1Q header, or the VLAN tag. While
VLANs are commonly used in modern Ethernet networks, using them for the original
purpose would be rather unusual.
Implementati on
A basic switch not confi gured for VLANs has VLAN functi onality disabled or permanently
enabled with a default VLAN that contains all ports on the device as members. [2] Every
device connected to one of its ports can send packets to any of the others. Separati ng
ports by VLAN groups separates their traffi c very much like connecti ng the devices to
another, disti nct switch of their own.
Confi gurati on of the fi rst custom VLAN port group usually involves removing ports from
the default VLAN, such that the fi rst custom group of VLAN ports is actually the second
VLAN on the device, in additi on to the default VLAN. The default VLAN typically has an
ID of 1.
If a VLAN port group were to exist only on one device, no ports that are members of the
VLAN group would need to be tagged. These ports would hence be considered
"untagged". It is only when the VLAN port group is to extend to another device that
tagging is used. Since communicati ons between ports on two diff erent switches travel
via the uplink ports of each switch involved, every VLAN containing such ports must
also contain the uplink port of each switch involved, and these ports must be tagged.
This also applies to the default VLAN.
Some switches either allow or require that a name be created for the VLAN, but only
the VLAN group number is important from one switch to the next.
Where a VLAN group is to simply pass through an intermediate switch via two pass-
through ports, only the two ports must be a member of the VLAN, and are tagged to
pass both the required VLAN and the default VLAN on the intermediate switch.
Management of the switch requires that the administrati ve functi ons be associated with
one of the confi gured VLANs. If the default VLAN were deleted or renumbered without
fi rst moving the management connecti on to a diff erent VLAN, it is possible for the
administrator to be locked out of the switch confi gurati on, requiring a forced clearing
of the device confi gurati on (possibly to the factory default) to regain access or physical
access to the switch if it has a console port or other means of direct management.
Switches typically have no built-in method to indicate VLAN port members to someone
working in a wiring closet. It is necessary for a technician to either have administrati ve
access to the device to view its confi gurati on, or for VLAN port assignment charts or
diagrams to be kept next to the switches in each wiring closet. These charts must be
manually updated by the technical staff whenever port membership changes are made
to the VLANs.
Remote confi gurati on of VLANs involves the risk for the administrator to cut off
communicati ons accidentally and lose connecti vity to the devices they are att empti ng
to confi gure. Acti ons such as subdividing the default VLAN by moving the switch uplink
ports into a separate new VLAN can suddenly terminate all remote connecti vity,
requiring the device to be physically accessed at the distant locati on to conti nue the
confi gurati on process.
Generally, VLANs within the same organizati on will be assigned diff erent non-
overlapping network addresses. This is not a requirement of VLANs. There is no issue
with separate VLANs using identi cal overlapping address ranges (e.g. two VLANs each
use the private network 192.168.0.0 / CIDR 16). However, it is generally not possible
to route data between two networks with overlapping addresses, so if the goal of
VLANs is segmentati on of a larger overall organizati onal network, non-overlapping
addresses must be used in each separate VLAN.
Motivation
In a legacy network, users were assigned to networks based on geography and were
limited by physical topologies and distances. VLANs can logically group networks to
decouple the users' network locati on from their physical locati on. Technologies that can
implement VLANs are:[citati on needed]
Ethernet
HiperSockets
Infi niBand
Broadcast domains
IEEE 802.1Q
The protocol most commonly used today to confi gure VLANs is IEEE 802.1Q. The IEEE
committ ee defi ned this method of multi plexing VLANs in an eff ort to provide
multi vendor VLAN support. Prior to the introducti on of the 802.1Q standard, several
proprietary protocols existed, such as Cisco's ISL (Inter-Switch Link) and 3Com's VLT
(Virtual LAN Trunk). Cisco also implemented VLANs over FDDI by carrying VLAN
informati on in an IEEE 802.10 frame header, contrary to the purpose of the IEEE 802.10
standard.
Both ISL and IEEE 802.1Q tagging perform "explicit tagging" - the frame itself is tagged
with VLAN informati on. ISL uses an external tagging process that does not modify the
existi ng Ethernet frame, while 802.1Q uses a frame-internal fi eld for tagging, and
therefore does modify the Ethernet frame. This internal tagging is what allows IEEE
802.1Q to work on both access and trunk links: frames are standard Ethernet, and so
can be handled by commodity hardware.
Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094
(the 4,096 provided for by the 12-bit VID fi eld minus reserved values 0x000 and 0xFFF).
This does not impose the same limit on the number of IP subnets in such a network,
since a single VLAN can contain multi ple IP subnets. The VLAN limit is expanded to 16
million with Shortest Path Bridging.
Inter-Switch Link (ISL) is a Cisco proprietary protocol used to interconnect multi ple
switches and maintain VLAN informati on as traffi c travels between switches on trunk
links. This technology provides one method for multi plexing bridge groups (VLANs) over
a high-speed backbone. It is defi ned for Fast Ethernet and Gigabit Ethernet, as is IEEE
802.1Q. ISL has been available on Cisco routers since Cisco IOS Soft ware Release 11.1.
With ISL, an Ethernet frame is encapsulated with a header that transports VLAN IDs
between switches and routers. ISL does add overhead to the packet as a 26-byte header
containing a 10-bit VLAN ID. In additi on, a 4-byte CRC is appended to the end of each
frame. This CRC is in additi on to any frame checking that the Ethernet frame requires.
The fi elds in an ISL header identi fy the frame as belonging to a parti cular VLAN.
A VLAN ID is added only if the frame is forwarded out a port confi gured as a trunk link.
If the frame is to be forwarded out a port confi gured as an access link, the ISL
encapsulati on is removed.
Early network designers oft en confi gured VLANs with the aim of reducing the size of
the collision domain in a large single Ethernet segment and thus improving
performance. When Ethernet switches made this a non-issue (because each switch port
is a collision domain), att enti on turned to reducing the size of the broadcast domain at
the MAC layer. A VLAN can also serve to restrict access to network resources without
regard to physical topology of the network, although the strength of this method
remains debatable as VLAN hopping[8] is a means of bypassing such security measures.
VLAN hopping can be miti gated with proper switchport confi gurati on.
VLANs operate at Layer 2 (the data link layer) of the OSI model. Administrators oft en
confi gure a VLAN to map directly to an IP network, or subnet, which gives the
appearance of involving Layer 3 (the network layer). In the context of VLANs, the term
"trunk" denotes a network link carrying multi ple VLANs, which are identi fi ed by labels
(or "tags") inserted into their packets. Such trunks must run between "tagged ports" of
VLAN-aware devices, so they are oft en switch-to-switch or switch-to- router links rather
than links to hosts. (Note that the term 'trunk' is also used for what Cisco calls
"channels" : Link Aggregati on or Port Trunking ). A router (Layer 3 device) serves as
the backbone for network traffi c going across diff erent VLANs .
Introduction
VLAN Trunk Protocol (VTP) reduces administration in a switched network. When you configure a new
VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the
need to configure the same VLAN everywhere. VTP is a Cisco-proprietary protocol that is available on
most of the Cisco Catalyst series products.
Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP Version 1 (V1) and
Version 2 (V2), and it is only available on Catalyst OS (CatOS) 8.1(1) or later. VTP Version 3 incorporates
many changes from VTP V1 and V2. Make certain that you understand the differences between VTP
Version 3 and earlier versions before you alter your network configuration. Refer to one of these
sections of VLAN Trunking Protocol (VTP) for more information:
Understanding VTP Version 3
VLAN Interaction
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software or hardware versions.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Understand VTP
Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP V1 and V2 and is only
available on CatOS 8.1(1) or later. Refer to one of these sections of VLAN Trunking Protocol (VTP) for
more information:
Understanding VTP Version 3
VLAN Interaction
VTP Messages in Detail
VTP packets are sent in either Inter-Switch Link (ISL) frames or in IEEE 802.1Q (dot1q) frames. These
packets are sent to the destination MAC address 01-00-0C-CC-CC-CC with a logical link control (LLC) code
of Subnetwork Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header). This is the
format of a VTP packet that is encapsulated in ISL frames:
Of course, you can have a VTP packet inside 802.1Q frames. In that case, the ISL header and cyclic
redundancy check (CRC) is replaced by dot1q tagging.
Now consider the detail of a VTP packet. The format of the VTP header can vary, based on the type of
VTP message. But, all VTP packets contain these fields in the header:
VTP protocol version: 1, 2, or 3
VTP message types:
Summary advertisements
Subset advertisement
Advertisement requests
VTP join messages
Management domain length
Management domain name
Configuration Revision Number
The configuration revision number is a 32-bit number that indicates the level of revision for a VTP packet.
Each VTP device tracks the VTP configuration revision number that is assigned to it. Most of the VTP
packets contain the VTP configuration revision number of the sender.
This information is used in order to determine whether the received information is more recent than the
current version. Each time that you make a VLAN change in a VTP device, the configuration revision is
incremented by one. In order to reset the configuration revision of a switch, change the VTP domain
name, and then change the name back to the original name.
Summary Advertisements
By default, Catalyst switches issue summary advertisements in five-minute increments. Summary
advertisements inform adjacent Catalysts of the current VTP domain name and the configuration revision
number.
When the switch receives a summary advertisement packet, the switch compares the VTP domain name
to its own VTP domain name. If the name is different, the switch simply ignores the packet. If the name is
the same, the switch then compares the configuration revision to its own revision. If its own configuration
revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.
This list clarifies what the fields means in the summary advertisement packet:
The Followers field indicates that this packet is followed by a Subset Advertisement packet.
The Updater Identity is the IP address of the switch that is the last to have incremented the configuration revision.
The Update Timestamp is the date and time of the last increment of the configuration revision.
Message Digest 5 (MD5) carries the VTP password, if MD5 is configured and used to authenticate the validation
of a VTP update.
Subset Advertisements
When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes are made
increments the configuration revision and issues a summary advertisement. One or several subset
advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN
information. If there are several VLANs, more than one subset advertisement can be required in order to
advertise all the VLANs.
This formatted example shows that each VLAN information field contains information for a different VLAN.
It is ordered so that lowered-valued ISL VLAN IDs occur first:
Most of the fields in this packet are easy to understand. These are two clarifications:
Code—The format for this is 0x02 for subset advertisement.
Sequence number—This is the sequence of the packet in the stream of packets that follow a summary
advertisement. The sequence starts with 1.
Advertisement Requests
A switch needs a VTP advertisement request in these situations:
The switch has been reset.
The VTP domain name has been changed.
The switch has received a VTP summary advertisement with a higher configuration revision than its own.
Upon receipt of an advertisement request, a VTP device sends a summary advertisement. One or more
subset advertisements follow the summary advertisement. This is an example:
Code—The format for this is 0x03 for an advertisement request.
Start-Value—This is used in cases in which there are several subset advertisements. If the first (n) subset
advertisement has been received and the subsequent one (n+1) has not been received, the Catalyst only requests
advertisements from the (n+1)th one.
Other VTP Options
VTP Modes
You can configure a switch to operate in any one of these VTP modes:
Server—In VTP server mode, you can create, modify, and delete VLANs and specify other configuration
parameters, such as VTP version and VTP pruning, for the entire VTP domain. VTP servers advertise their
VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with
other switches based on advertisements received over trunk links. VTP server is the default mode.
Client—VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a
VTP client.
Transparent—VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise
its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements, but
transparent switches do forward VTP advertisements that they receive out their trunk ports in VTP Version 2.
Off (configurable only in CatOS switches)—In the three described modes, VTP advertisements are received and
transmitted as soon as the switch enters the management domain state. In the VTP off mode, switches behave the
same as in VTP transparent mode with the exception that VTP advertisements are not forwarded.
VTP V2
VTP V2 is not much different than VTP V1. The major difference is that VTP V2 introduces support for
Token Ring VLANs. If you use Token Ring VLANs, you must enable VTP V2. Otherwise, there is no
reason to use VTP V2. Changing the VTP version from 1 to 2 will not cause a switch to reload.
VTP Password
If you configure a password for VTP, you must configure the password on all switches in the VTP domain.
The password must be the same password on all those switches. The VTP password that you configure
is translated by algorithm into a 16-byte word (MD5 value) that is carried in all summary-advertisement
VTP packets.
VTP Domain
VTP ensures that all switches in the VTP domain are aware of all VLANs. However, there are occasions
when VTP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded
over the entire VLAN. All switches in the network receive all broadcasts, even in situations in which few
users are connected in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this
unnecessary traffic.
Broadcast traffic in a switched network without pruning
This figure shows a switched network without VTP pruning enabled. Port 1 on Switch A and Port 2 on
Switch D are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch A,
Switch A floods the broadcast and every switch in the network receives it, even though Switches C, E,
and F have no ports in the Red VLAN.
Broadcast traffic in a switched network with pruning
This figure shows the same switched network with VTP pruning enabled. The broadcast traffic from
Switch A is not forwarded to Switches C, E, and F because traffic for the Red VLAN has been pruned on
the links shown (Port 5 on Switch B and Port 4 on Switch D).
When VTP pruning is enabled on a VTP server, pruning is enabled for the entire management domain.
Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that
trunk only (not on all switches in the VTP domain). VTP pruning takes effect several seconds after you
enable it. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs
1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range
VLANs (VLAN IDs greater than 1005) are also pruning-ineligible.
What Is DHCP?
The Microsoft Windows Server 2003 operating system includes a DHCP Server service, which is
an optional networking component. All Windows-based clients include the DHCP client as part of TCP/IP,
including Windows Server 2003, Microsoft Windows XP, Windows 2000, Windows NT 4.0, Windows
Millennium Edition (Windows Me), and Windows 98.
Note
Benefits of DHCP
In Windows Server 2003, the DHCP Server service provides the following benefits:
Reduced network administration. DHCP includes the following features to reduce network
administration:
The efficient handling of IP address changes for clients that must be updated frequently, such as
those for portable computers that move to different locations on a wireless network.
The forwarding of initial DHCP messages by using a DHCP relay agent, thus eliminating the need
to have a DHCP server on every subnet.
DHCP enables this entire process to be automated and managed centrally. The DHCP server
maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on
the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned),
addresses no longer in use are automatically returned to the pool for reallocation.
The network administrator establishes DHCP servers that maintain TCP/IP configuration
information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The
DHCP server stores the configuration information in a database, which includes:
Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses.
Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment
of a single IP address to a single DHCP client.
The lease duration, or the length of time for which the IP address can be used before a lease
renewal is required.
A DHCP-enabled client, upon accepting a lease offer, receives:
Requested DHCP options, which are additional parameters that a DHCP server is configured to
assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers, and DNS
Domain Name. For a full list of DHCP options, see “DHCP Tools and Settings.”
Term Definition
DHCP server
A computer running the DHCP Server service that holds information about available IP addresses
and related configuration information as defined by the DHCP administrator and responds to requests
from DHCP clients.
DHCP client
A computer that gets its IP configuration information by using DHCP.
Scope
A range of IP addresses that are available to be leased to DHCP clients by the DHCP Server
service.
Subnetting
The process of partitioning a single TCP/IP network into a number of separate network
segments called subnets.
DHCP option
Configuration parameters that a DHCP server assigns to clients. Most DHCP options are
predefined, based on optional parameters defined in Request for Comments (RFC) 2132, although
extended options can be added by vendors or users.
Option class
An additional set of options that can be provided to a DHCP client based on its computer class
membership. The administrator can use option classes to submanage option values provided to DHCP
clients. There are two types of options classes supported by a DHCP server running Windows Server
2003: vendor classes and user classes.
Lease
The length of time for which a DHCP client can use a DHCP-assigned IP address configuration.
Reservation
A specific IP address within a scope permanently set aside for leased use by a specific DHCP
client. Client reservations are made in the DHCP database using the DHCP snap-in and are based on a
unique client device identifier for each reserved entry.
Exclusion/exclusion range
One or more IP addresses within a DHCP scope that are not allocated by the DHCP Server
service. Exclusions ensure that the specified IP addresses will not be offered to clients by the DHCP
server as part of the general address pool.
Either a host or an IP router that listens for DHCP client messages being broadcast on a subnet
and then forwards those DHCP messages directly to a configured DHCP server. The DHCP server sends
DHCP response messages directly back to the DHCP relay agent, which then forwards them to the DHCP
client. The DHCP administrator uses DHCP relay agents to centralize DHCP servers, avoiding the need for
a DHCP server on each subnet. Also referred to as a BOOTP relay agent.
A DHCP server that has not explicitly been authorized. Sometimes referred to as a rogue DHCP
server.
In a Windows Server 2003 domain environment, the DHCP Server service on an unauthorized
server running Windows Server 2003 fails to initialize. The administrator must explicitly authorize all
DHCP servers running Windows Server 2003 that operate in an Active Directory service domain
environment. At initialization time, the DHCP Server service in Windows Server 2003 checks for
authorization and stops itself if the server detects that it is in a domain environment and the server has
not been explicitly authorized.
Automatic Private IP Addressing (APIPA)
A TCP/IP feature in Windows XP and Windows Server 2003 that automatically configures a
unique IP address from the range 169.254.0.1 through 169.254.255.254 with a subnet mask of
255.255.0.0 when the TCP/IP protocol is configured for automatic addressing, the Automatic private IP
address alternate configuration setting is selected, and a DHCP server is not available. The APIPA range
of IP addresses is reserved by the Internet Assigned Numbers Authority (IANA) for use on a single
subnet, and IP addresses within this range are not used on the Internet.
Superscope
A configuration that allows a DHCP server to provide leases from more than one scope to clients
on a single physical network segment.
Multicast IP addresses
Multicast IP addresses allow multiple clients to receive data that is sent to a single IP address,
enabling point-to-multipoint communication. This type of transmission is often used for streaming
media transmissions, such as video conferencing.
Multicast Scope
A range of multicast IP addresses that can be assigned to DHCP clients. A multicast scope allows
dynamic allocation of multicast IP addresses for use on the network by using the MADCAP protocol, as
defined in RFC 2730.
BOOTP
An older protocol with similar functionality; DHCP is based on BOOTP. BOOTP is an established
protocol standard used for configuring IP hosts. BOOTP was originally designed to enable boot
configuration for diskless workstations. Most DHCP servers, including those running Windows Server
2003, can be configured to respond to both BOOTP requests and DHCP requests