1 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ 3 Advanced Network Theory: Bridging and LAN Switching Terms you’ll need to understand: ✓ Broadcasts ✓ Transparent bridging (TB) ✓ Source-route bridging (SRB) ✓ Source-route transparent (SRT) ✓ Source-route translational bridging (SR/TLB) ✓ Integrated routing and bridging (IRB) ✓ Concurrent routing and bridging (CRB) ✓ Encapsulated bridging ✓ Remote-source route bridging (RSRB) ✓ Data-link switching (DLSw) ✓ Bridge Protocol Data Unit (BPDU) ✓ Spanning Tree Protocol (STP) ✓ Routing information fields (RIFs) ✓ Virtual LANs (VLANs) ✓ Inter-switch link (ISL) ✓ Fast Ethernet Channel (FEC) ✓ Cisco Discovery Protocol (CDP) ✓ Cisco Group Management Protocol (CGMP) ✓ LAN emulation (LANE) Techniques you’ll need to master: ✓ Describing and configuring bridging modes on Cisco routers ✓ Using common commands to enable bridging on a Cisco router ✓ Using LAN switching and emulation ✓ Distinguishing between cut- through and store and forward switching 2 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 3 This chapter examines bridging methods available on a Cisco router. First, the chapter covers bridging topics, and then LAN switching methods are reviewed. The following CCIE blueprint objectives as determined by the Cisco Systems CCIE program are covered in this chapter: ➤ Transparent Bridging—IEEE/DEC Spanning Tree Protocol, translational bridging, Bridge Protocol Data Unit (BPDU), integrated routing and bridg- ing (IRB), concurrent routing and bridging (CRB), access lists. ➤ Source Route Bridging—Source-route translational bridging (SR/TLB), source- route transparent bridging (SRT), data-link switching (DLSw), remote source- route bridging (RSRB), access lists. ➤ LAN Switching—Trunking, VLAN Trunk Protocol (VTP), inter-switch link (ISL), Virtual LANs (VLANS), Fast Ethernet Channel (FEC), Cisco Dis- covery Protocol (CDP), Cisco Group Management Protocol (CGMP). ➤ LANE—LAN Emulation Client (LEC), LAN Emulation Server (LES), broadcast and unknown server (BUS), LAN Emulation Configuration Server (LECS), Simple Server Replication Protocol (SSRP). Additional information is provided for completeness and in preparation for addi- tional subjects as the CCIE program expands. Bridging Overview Bridging is defined as a method used to allow communication between devices at the Data Link Layer (layer 2) of the OSI model. Bridging is a topic that is de- fined in the Cisco CCIE R/S blueprint with a focus on how Cisco IOS is used to bridge frames over an IP network. Why should you be concerned about bridging? Initially, when these non-routable (for example, LAT or SNA) protocols were invented, they were only intended for use on local area networks (LANs). In today’s networks, these non-routable proto- cols are used between remote locations. Because these locations can only be reached via a wide area network (WAN), non-routable protocols need to be bridged across the wide area networks. Bridged protocols are typically broadcast intensive and can cause a WAN link to reach high levels of utilization, resulting in slow response times or protocol timeouts, which will affect the entire WAN to some degree. You need to be concerned about bridging because protocols such as Local Area Transport (LAT) and NetBEUI typically rely on broadcasts to gain access to remote hosts or servers. Broadcasts can be excessive and the amount of broad- casts can severely impact WAN bandwidth, resulting in slow response times. For example, you might have a 10Mb Ethernet segment and a 64K WAN link on a router. It is easy for a bridgeable protocol to overwhelm the slow WAN link with 3 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Advanced Network Theory: Bridging and LAN Switching excessive broadcasts. By default, a Cisco router is not configured for bridging and will drop broadcasts, so for the purpose of this discussion, we can assume bridg- ing has been enabled. Most bridgeable protocols rely on broadcasts to send user information or data. These broadcasts can cause time delays. Typically, bridged protocols, such as LAT and Systems Network Architecture (SNA), are not ac- customed to time delays; hence, the data might be lost or the session might be reinitiated, which can also result in lost user data. It is important to be aware of the history and traditional use of bridges. In the 1980s, bridges were primarily used to segment large networks into smaller domains and also to extend the length of a LAN segment. Broadcasts were still sent out to all segments, but the WAN link was protected from locally based traffic and forwarded traffic not destined for remote locations across the WAN. Broadcasts would still be sent out all bridge ports except the source port. Broadcasts were still a primary concern for layer 2 protocols, such as LAT and NetBEUI. Keep in mind that a Cisco router will not modify the layer 2 MAC address of a frame when any form of bridging is used to send the frame across a bridged domain. Routing, on the other hand, is handled differently. When a layer 3 packet arrives on any interface, the Cisco router will buffer the packet and immediately strip the data link header and copy its own header, which will contain its local MAC address and the remote MAC address of the destination router. Thus, you can see that bridging is concerned with layer 2, has no layer 3 address, and cannot be routed. Routing has a layer 3 address and is routed. A broadcast domain is a set of devices that will receive broadcast frames originating from any device within the same group of devices. Routers typically define the end of a broadcast domain, because routers do not forward broadcast frames unless specifically configured for bridging. Broadcast domains can alleviate the number of broadcasts and increase the available bandwidth to end users by segmenting a single large broad- cast domain into smaller broadcast domains. There are many ways to bridge non-routable frames, and this chapter concen- trates on how you can accomplish sending non-routable traffic over an existing network without the need to configure every protocol on a Cisco router. You can also tunnel some non-routable protocols, such as SNA and LLC, using an IP tunnel. An IP tunnel enables you to transport legacy non-routable traffic over an IP network. This will become important later in this chapter when advanced forms of bridging are discussed. A tunnel is a Cisco IOS feature that allows you to transport protocols over your IP network without having to configure bridging over your core network. Table 3.1 shows where bridging, routing, and tunneling occurs in the OSI model. 4 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 3 Bridging Overview As mentioned previously, a bridge is basically a layer 2 device that can determine where devices are in a network and forward frames based on a bridge forwarding table. This table lists the location of layer 2 devices (or MAC addresses) to ports on a bridge. Cisco’s term for this forwarding table on their switches is the content addressable memory (CAM) table. To view the CAM table on a Cisco 5000 or 6000 Catalyst switch, you issue the show cam command. Bridges can be used to perform the following: ➤ Increase available bandwidth by segmenting your network ➤ Filter packets based on many criteria, such as MAC addresses and protocol types ➤ Base all forwarding decisions on MAC addresses ➤ Bridging Loop avoidance if spanning tree is configured The following bridging modes are available with Cisco IOS: ➤ Transparent bridging (TB) ➤ Source-route bridging (SRB) ➤ Source-route transparent (SRT) ➤ Source-route translational bridging (SR/TLB) ➤ Concurrent routing and bridging (CRB) Table 3.1 Where bridging occurs in the OSI model. Layer Name Layer Number Application Layer 7 Presentation Layer 6 Session Layer 5 Transport Layer 4 Network Layer 3 (routing and tunneling occurs here) Data Link Layer 2 (bridging occurs here) Physical Layer 1 5 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Advanced Network Theory: Bridging and LAN Switching ➤ Integrated routing and bridging (IRB) ➤ Encapsulated bridging ➤ Remote source-route bridging (RSRB) ➤ Data-link switching (DLSw) In the upcoming sections, we’ll review each of these bridging modes, beginning with a discussion about transparent bridging and moving through the preceding list to encapsulated bridging. At that point, we’ll look at access lists before wrap- ping up this section by taking a look at RSRB and DLSw. Transparent Bridging (TB) Transparent bridging is the easiest bridging type to define, so we’ll look at it first. In transparent bridging (TB), end devices are unaware of how packets are sent across a network. The bridging process is transparent to end devices, because the devices make no decisions regarding how their frames are handled by the net- work. This method of operation, in which the end device is unaware of what’s happening, is why this is called transparent bridging. Cisco routers can act as a transparent bridge to bridge protocols, such as NetBEUI and LAT (Local Area Transport). These protocols do not have a layer 3 (Network Layer) address and cannot be routed, so they will need to be bridged. When workstations or servers want to communicate with one another, the work- station (or server) will send a broadcast to search for the destination device. The first packet seen by the bridge will be examined for the source MAC address. Then, the bridge places the packets source MAC address into a MAC forward- ing table and notes the interface from which the frame was sent. Transparent bridges typically have one or more interfaces that contain a group of end devices. This stage of acquiring the location of new devices is called learning. After the bridge has finished learning a particular bridge port (a bridge will con- tinue to learn new devices), it will then forward the frame out all ports except the port the frame was received on, if the destination MAC address is not in its forwarding table. This forwarding process (in which frames are sent out on all interfaces except the interface on which the frame was received) is called flooding. The destination device will see and then respond to the packet. When the trans- parent bridge receives the response from the destination device, it will again look at the source address and check the forwarding table for an entry. If there is no entry, the source address will be learned and entered into the bridges forwarding table. The bridge will also look at the destination MAC address and forward it via the appropriate interface. Figure 3.1 displays a typical bridge connecting two Ethernet domains. 6 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 3 The bridge in Figure 3.1 has learned that the device is on Port 1 and has a MAC address of 0080.0c00.0001 and the device on Port 2 has a MAC address of 0090.0d00.0002. Each device will be associated with a bridge port and will be added to the forwarding table or the CAM. In Figure 3.2, when Device A sends a frame trying to locate Device B, both bridges initially forward the frames as broadcasts looking for Device B. There will be two broadcasts on Device B’s segment. The two transparent bridges will again see broadcast frames from one another as all broadcast frames are sent out on all interfaces except the interface the frame was received from. Broadcasts are then sent out onto Device A’s segment. The second transparent bridge will again see the broadcast frame and send it out onto Device B’s segment. This process will continue (described as a bridge loop) until you have a broadcast storm, in which case both TBs will eventually run out of memory and your network will fail. Loops at layer 2 are extremely harmful and will bring your network down. To help avoid damage from layer 2 loops, you need to run a Spanning Tree Protocol (STP), which can detect the loops and block the second path. STP automatically activates a backup path if a bridge or link to a segment fails. Now, let’s look at the bridging process a Cisco router will follow if transparent bridging is enabled as shown in Figure 3.2. First, the router will determine whether the packet is routable. If not, a decision will be made based on the configuration to bridge or drop the packet. If there are multiple paths to a device, the second transparent bridge will create a loop, unless you have some form of mechanism to stop frames from going around forever. For example, look at Figure 3.3. Fortunately, there is a way to detect multiple paths that will help prevent these routing loops from occurring, the answer is the Spanning Tree Protocol. Figure 3.1 Sample bridge forwarding table. MAC address: 0080.0c00.0001 MAC address: 0090.0d00.0002 Transparent bridge Bridge forwarding table Source MAC Port address Port 1 0080.0c00.0001 Port 1 Port 2 0090.0d00.0002 Port 2 Port 1 Port 2 7 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Advanced Network Theory: Bridging and LAN Switching Figure 3.2 Bridging decisions made by a transparent bridge. Figure 3.3 Transparent bridging decision process on a Cisco router. The Spanning Tree Protocol (STP) is defined as a method used to detect bridge loops in a bridge or switched environment. STP ensures that no redundant paths will create a second path to any destination network. There are three main Span- ning Tree Protocols, two for Ethernet, and one for Token Ring (which is dis- cussed in more detail later in this chapter): Bridge 2 Bridge 1 Loop and broadcast storm Port 2 Port 1 Port 2 Port 1 Device A Device B Is this packet routable? Is router configured for bridging? Discard packet End Header Data Trailer Incoming data frame Routed Bridge packet accordingly End End Y Y N N 8 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 3 ➤ IEEE 802.1D (Ethernet) ➤ DEC, by Digital Corporation (Ethernet) ➤ IBM spanning tree (Token Ring) The basic function of Spanning Tree Protocols is to maintain a loop-free topol- ogy and provide, as possible, a path between every pair of LANs. All TBs will go through the following four stages of spanning tree: ➤ Listening—The bridge listens for frames. No end user data frames are for- warded when the bridge is listening. ➤ Learning—The bridge starts to build a MAC address forwarding table. At this stage no end user data is forwarded yet. Cisco’s term for the MAC ad- dress forwarding table is the content addressable memory, or CAM, table. No frames are forwarded is this stage. ➤ Forwarding—The bridge is transmitting end user data frames to their appro- priate destination. ➤ Blocking—The bridge blocks frames to prevent a loop from occurring. The STP process of listening, learning, and forwarding or blocking results in a loop-free topology. Returning to Figure 3.2, you can see that one of the bridges will block one of its ports and remove any loop. Let’s assume that Bridge 1 will block on Port 2. If Bridge 2 fails on Port 2, then Bridge 1 will begin forwarding frames onto the Device B segment in order to maintain network connectivity between the two networks. Bridges maintain a loop-free topology by using special frames called Bridge Pro- tocol Data Units (BPDU). These frames are also used by spanning tree to elect a root bridge. The root bridge is responsible for maintaining a loop-free topology. Every other bridge will maintain a loop-free path to the root bridge. The root bridge will always forward on all ports (forwarding state), and other bridges will block on duplicate paths (blocking state). A Cisco router or bridge will send out a BPDU with a destination MAC address of 01-80-c2-00-00-00 Ethernet. In a Token Ring environment, the functional MAC address c0-00-00-00-01-00 is used. The root bridge is elected to maintain a loop-free path based on its priority (this is a configurable option and the lowest number wins) and MAC address. These two parameters together are called the unique bridge identifier. After the root bridge is elected, every other bridge will forward on a port with the least cost. 9 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Advanced Network Theory: Bridging and LAN Switching The default cost on a Cisco Catalyst 5000 switch is 32768. The cost can range from 0 to 65535. Cost is a configurable parameter that defines the associated interface cost on each port on a bridge. The default cost on a Cisco router’s Ethernet interface is 100. The cost is a number in the range from 0 through 65,535.The cost param- eter is used to enable the bridge to choose the least-cost path to the root bridge. Hence, a path with a lower cost to the same destination will always be chosen by a bridge over a path with a higher cost value. For illustrative purposes, let’s configure a Cisco router for an IEEE spanning tree and verify it will bridge properly. TB on Cisco Routers To configure transparent bridging on a Cisco router, you must issue several com- mands. First, you must issue a global transparent bridge command, as follows: bridge bridge-group protocol |ieee or dec| Then, you need to issue the following interface command: bridge-group bridge-group In the preceding commands, bridge-group identifies a decimal number from 1 through 63, and you must choose a Spanning Tree Protocol. The available choices are IEEE and DEC, which is Digital’s version. For additional modifiable param- eters, refer to the references listed in the “Need To Know More” section at the end of this chapter. Make sure you can identify how to make a bridge become the root bridge with the IOS command bridge-group priority <0-65535> with 0 being the highest priority. Let’s assume you have a Cisco 4000 router with four Ethernet interfaces. You want to allow transparent bridging on the first three only. Listing 3.1 details the IOS commands you would use to accomplish this setup. Listing 3.1 Transparent bridging configuration example. interface E0 bridge-group 1 !Enables Transparent bridging interface E1 bridge-group 1 Interface E2 bridge-group 1 bridge 1 protocol IEEE !enables IEEE spanning tree 10 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 3 An important concept to remember is that a Spanning Tree Protocol (STP) elects the root bridge based on the unique identifier. The identi- fier is made with the priority and MAC address sometimes represented as priority.MAC address. Note also that different STP protocols cannot communicate. For example, if you have IEEE STP and DEC STP on two separate bridges, there would be two spanning tree domains and two root bridges. To view how spanning tree is operating on a Cisco router, enter the IOS show spanning-tree command. The display will show you the spanning tree state and which bridge is the elected root bridge, as shown in Listing 3.2. Listing 3.2 The show spanning-tree command. R1#show spanning-tree Bridge Group 1 is executing the IEEE compatible STP Bridge Identifier has priority 32768, address 0060.7015.5e4d Configured hello time 2, max age 20, forward delay 15 Current root has priority 32768, address 0000.0c75.cf24 Root port is 2 (Ethernet0), cost of root path is 200 Topology change flag not set, detected flag not set Times: hold 1, topology change 30, notification 30 hello 2, max age 20, forward delay 15, aging 300 Timers: hello 0, topology change 0, notification 0 Port 2 (Ethernet0) of bridge group 1 is forwarding Port path cost 100, Port priority 128 Designated root has priority 32768, address 0000.0c75.cf24 Designated bridge has priority 32768, address 0060.2f53.5900 Designated port is 129, path cost 100 Timers: message age 2, forward delay 0, hold 0 As you can see in Listing 3.2, the default priority setting is 32768. You can also see that the router port (Ethernet 0 on bridge group 1) is in a forwarding state. In the event of a tie on priority, the lowest MAC address will be the root bridge. Listing 3.2 displays the root bridge with the MAC address of 0000.0c75.cf24 (lower MAC address) and a priority set to 32768. With transparent bridging or translational bridging, it is important to remember that the MAC address or layer 2 information is not modified as the frame passes from one bridge to another. When routing a packet, the layer 2 header is modified with the router inserting its own header that contains the router’s local MAC address and the remote router’s address. [...]... IOS command set Concurrent and Integrated Routing Bridging (CRB and IRB) In addition to the bridging methods discussed in the preceding sections, Cisco supports two propriety methods of bridging concurrent routing and bridging (CRB) and integrated routing and bridging (IRB): 22 Chapter 3 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ➤ Concurrent routing and bridging. .. used to manage broadcasts and network reachability Advanced Network Theory: Bridging and LAN Switching 23 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ 2 FDDI FRAME with own header and trailer Ethernet Header Data 3 Ethernet Header 1 Ethernet Header Data Data FDDI R1 R2 Figure 3.10 Encapsulated bridging over a FDDI network Access Lists Used for Bridging Access lists are... a large switched network Virtual LANs (VLANs) A virtual LAN is defined as a software-emulated LAN An administrator defines a VLAN according to the network s design requirements As mentioned earlier, segmenting or using VLANs provides more bandwidth to end users, reduces broadcast traffic, and reduces medium contention In general, a VLAN performs the same function as a LAN However, VLANs extend the flexibility... discussed previously Cisco Switching Methods The CCIE blueprint requires the candidate to be aware of the two main switching modes available We will discuss the two main types using the Catalyst 5000 Ethernet switch and the Catalyst 3900 Token Ring switch as an example A Catalyst 5000 series and 3900 switch can support two main switching methods: Advanced Network Theory: Bridging and LAN Switching 35 ○ ○ ○... network Remote Source-Route Bridging (RSRB) RSRB encapsulates frames from Token Ring domains and transports them across an IP network With RSRB, you can support Ethernet networks as long as your local router is running SR/TLB The concept of the virtual ring is applied here, which allows you to use the entire IP cloud as one hop Advanced Network Theory: Bridging and LAN Switching 25 ○ ○ ○ ○ ○ ○ ○ ○... 2 of the OSI model and discuss some of the more advanced technologies you need to know Description of LAN Switching Methods At this point in the chapter, we’ve reviewed the basics of bridging Now, we’ll turn to some advanced bridging (layer 2) concepts and Cisco switches, including how the Cisco switches can enable a network designer to tune the performance of a network Layer 2 switching has numerous... Figure 3.9 Source-route translational bridging sample network scenario Ring 100 Advanced Network Theory: Bridging and LAN Switching 21 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ➤ Identifies frame format differences, because Ethernet and Token Ring do not have the same frame formats (for more information, see Chapter 2) The IOS command to create the pseudo ring that... represent the vendor code Remote Source-Route Bridging (RSRB) and Data-Link Switching (DLSw) RSRB and DLSw are advanced bridging techniques used to provide solutions to large bridged environments Legacy protocols, such as SNA, are typically transported over IP networks RSRB and DLSw provide excellent techniques to accomplish stable network design and redundancy RSRB and DLSW are grouped together here because... filters to stop unwanted traffic across a network Easy configuration Provides easier configuration than complex bridging environments Advanced Network Theory: Bridging and LAN Switching 29 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ As you will see in the following examples, the available DLSw options are fairly extensive The IOS commands displayed here demonstrate the... four bits are reserved and set to all zeros ➤ 0810.0011.0022.0040—Note that this path specifies local ring 1, bridge 1, remote ring 2, bridge 2, and destination ring 4 (the last field is set to 0) For further clarification, let’s look at another, more-complex RIF example where the local ring numbers are 0x1 (1), 0x1F4 (500), and 0x2 (2): Advanced Network Theory: Bridging and LAN Switching 15 ○ ○ ○ ○ . ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ 3 Advanced Network Theory: Bridging and LAN Switching Terms you’ll need to understand: ✓ Broadcasts ✓ Transparent bridging (TB) ✓ Source-route bridging. Theory: Bridging and LAN Switching ➤ Integrated routing and bridging (IRB) ➤ Encapsulated bridging ➤ Remote source-route bridging (RSRB) ➤ Data-link switching