Sunday, October 3, 2010

Lesson 17 - Inter VLAN Traffic Flow Analysis

In Lesson 16, you had a chance to see how to implement simple VLAN scenario. It is relatively easy to configure VLANs, but what is far more important, is to understand the traffic flow between them. This post is going to show you step-by-step, how traffic flows between VLAN 10 and VLAN 20 used in the previous lesson.

Fancy a little, virtual journey between VLANs?

Our topology looks like this:

Pic. 1 - Topology Diagram
Icons designed by: Andrzej Szoblik - http://www.newo.pl

In our scenario, PC1 (source) is going to send the packet to PC2 (destination). Let's jump on the packet and see what happens, shall we?

NOTICE!
MAC addresses use hexadecimal notation and are case insensitive (i.e. lower or upper case are interpreted as the same address).

PC1 (hostname=ancient) Addresses:
IP: 192.168.10.1/24
MAC: 0050.BF9C.456A
Gateway: 192.168.10.254

PC2 (hostname=red) Addresses:

IP: 192.168.20.1/24
MAC: 0010.5AD3.E4E0
Gateway: 192.168.20.254

NOTICE!
R1's interface FastEthernet0/0 has been configured as two sub-interfaces, but the MAC address used by both of them is the same (real MAC address of Fas0/0)

R1 Addresses:

Gateway for VLAN 10 clients (sub-interface)
F0/0.10
IP: 192.168.10.254/24

Gateway for VLAN 20 clients
F0/0.20

IP: 192.168.20.254/24


F0/0 (both sub-interfaces use the real MAC below)
MAC:  000F.F752.EFE0

Having learned all these addresses we can finally hit the road!

Step 1
PC1 (ancient) wants to send a packet to PC2 (red). Since the IP address of the PC2 (destination) is NOT in the same layer 3 network as PC1 (source), it must be delivered to the default gateway. PC1 checks the destination IP by comparing its own 24 bits of the IP address (it uses 24 bit subnet mask=255.255.255.0) with 24 bits of the destination IP address.
192.168.10.0 (first 24 bits of PC1 in decimal notation)
192.168.20.0 (first 24 bits of PC2 in decimal notation)

The first sixteen bits (two bytes) are identical, but the third byte is NOT!

The packet must be sent to PC1's default gateway (192.168.10.254).

Step 2
Packet is encapsulated in a layer 2 Ethernet header. Source MAC address is PC1 (ancient=0050.BF9C.456A) and the destination MAC address must be the default gateway's MAC address. PC1 (ancient) tries to find the mapping of the default gateway IP to its MAC address like shown below. If one is not found, the ARP request is sent asking for it. In my case the PC1 has it.

Pic. 2 - PC1 (ancient) ARP cache has mapping of R1's IP to its MAC address.
IP packet is encapsulated in the Ethernet header:
Src IP=192.168.10.1
Dst IP=192.168.20.1
Src MAC=0050.BF9C.456A
Dst MAC=000F.F752.EFE0

Those address are NOT going to change, until delivered to R1 router (look at step 7).

The frame leaves PC1 (ancient) and is sent towards SW1, interface F0/1.

Step 3
SW1 receives the frame on port F0/1. It learns or refreshes its MAC address table entry (PC1's source MAC address on F0/1). Remember, that F0/1 is now an 'access' port assigned to VLAN 10! This means, that all traffic coming to that port is considered as sourced by VLAN 10.

Pic. 3 - SW1 CAM entry for PC1.


SW1 must now find the outbound port for our destination MAC address (R1=000F.F752.EFE0).

Step 4
SW1 looks into its Content Addressable Memory (CAM) aka MAC address table, and finds the outbound port showing where the destination MAC has been previously learned.

Pic. 4 - SW1 outbound interface.

SW1 performs an additional check. It must make sure that the inbound interface (F0/1) and the outbound one (F0/15) belong to the SAME VLAN. As the F0/15 (outbound) interface is in a trunking mode, and allows ALL VLANs by default, the frame can be sent out that port. The frame is moved to the outbound interface (F0/15) and the TAG is going to be injected with the source VLAN identifier (VLAN 10).

Step 5
The SW3 (port F0/15) is receiving the frame with the TAG containing source VLAN 10. It refreshes the entry regarding the sender's MAC address (0050.BF9C.456A) on port F0/15. As this interface is also configured as a trunk, it accepts the frame with the 802.1q TAG inserted into the frame. It processes the frame trying to find the outbound interface by looking at the destination MAC address (000F.F752.EFE0). The entry is found in the CAM as shown below (pic. 5).

Pic. 5 - Default Gateway MAC address Entry on SW3.

The SW3 realizes that the outbound port is also a trunk interface. The frame is moved to F0/1 interface and the TAG (with source VLAN 10) is going to be preserved while sending this frame towards R1's F0/0 interface.

Step 6
Here's a tricky part. Normally, the R1 would expect to see just a regular Ethernet header (no TAG in it), but R1 has been configured to accept frames with the TAG containing VLAN 10 in it! Look at the picture below.

Pic. 6 - R1 accepts Ethernet header with the TAG containing VLAN 10 identifier.

Can you see this line: encapsulation dot1Q 10?

The TAG with VLAN 10 is allowed on this sub-interface. Now, since the layer 2 header is useless (remember that a router is a layer 3 device), it is stripped off and ditched. What is now being processed is the IP header. The R1, reads the destination IP address (192.168.20.1), and tries to find the outbound interface in the routing table by comparing source and destination IP addresses.

Step 7
Destination IP address (192.168.20.1) is compared with the entries in the routing table. The longest number that matches our destination points to F0/0.20 sub-interface (pic. 7). According to the routing table, the destination IP address (192.168.20.1) is directly connected to R1 (sub-interface F0/0.20).

Pic. 7 - R1 routing table.

The packet is moved from F0/0.10 sub-interface (inbound), to the F0/0.20 sub-interface (outbound).

Step 8
Since the interface is also configured with encapsulation dot1Q, the packet is going to be encapsulated with new source and destination MAC addresses and the TAG with the new source VLAN identifier (VLAN 20). Take a look at the picture below (pic. 8).

Pic. 8 - R1's outbound sub-interface configuration.


Step 9
R1 encapsulates IP packet the Ethernet header as follows:
Src IP=192.168.10.1
Dst IP=192.168.20.1
Src MAC=000F.F752.EFE0
Dst MAC=0010.5AD3.E4E0 (PC2)
VLAN ID=20

Since the destination for the packet is directly connected to R1, the destination MAC address (that of PC2) is found in the ARP cache on R1. If one is not found, R1 sends ARP request asking for it as the destination is directly connected network.

Pic. 9 - ARP Cache on R1 shows MAC address for 192.168.20.1 (the last entry).

Step 10
The frame leaves sub-interface F0/0.20 with the TAG containing source VLAN 20 identifier as per R1's configuration (pic. 8).

Step 11
SW3 receives the frame on its F0/1 interface, but this time the MAC addresses look like below:
Src MAC: 000F.F752.EFE0 (R1's f0/0)
Dst MAC: 0010.5AD3.E4E0 (PC2)

SW3 refreshes the source MAC on its F0/1 interface. It is configured as trunk port, the TAG containing source VLAN 20 is allowed to be there.

Step 12
SW3 processes the frame and reads the destination MAC address (0010.5AD3.E4E0) trying to find the outbound interface for that destination.The entry is found pointing to F0/15 as the outbound interface (pic. 10)

Pic. 10 - SW3 entry for PC2 MAC address.


Step 13
The frame is delivered back to F0/15 of SW1. SW1 refreshes the source MAC address (000F.F752.EFE0) on its interface F0/15 and does the looks up in its CAM table trying to find the outbound interface for our destination MAC address (PC2). One is found as shown below.

Pic. 11 - SW1 finds the outbound interface for destination MAC (PC2)


Since both ports: inbound and outbound are trunks, the frame is sent out that port carrying VLAN 20. You can now guess what happens when the frame is delivered to SW2 port F0/13. Source MAC address is going to be refreshed on that port in the MAC address table (source here is the R1's MAC address). The inbound interface F0/13 on SW2 is configured as trunk port so it allows the TAG to be part of the Ethernet header. The SW2's outbound interface is going to be F0/1. Since this port is configured as an 'access' interface and is member of VLAN 20, both source and destination VLANs are the same. The frame is moved to the port F0/1, then the TAG is removed, as the outbound port is in 'access mode' and the frame is finally sent to PC2.

You may now be wondering why the path between the two VLANs looks like this. Why does SW3 not send the frame directly to SW2 but it sends it back through SW1?

In order to answer that question, I must explain the details of Spanning-Tree Protocol. But this is the topic I will focus on in the upcoming lessons (starting with lesson 19).

Before we leave VLANs for good, I would like to dedicate one more lesson to it. In this lesson (lesson 18) I will try to help you check if you truly understand the implications of using VLANs, access and trunking interfaces. I'll also show you Cisco proprietary protocol called Vlan Trunking Protocol (VTP). This protocol is used to disseminate the VLANs among switches automatically.

Cisco Is Easy - Main

  Cisco Basics (CCNA level)  Lessons: Watch Video Tutorials on Youtube 01 - Connecting to Cisco Console Port with MINICOM 02 - Navigatin...