Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:09,140 --> 00:00:15,060 Welcome back in this section we're going to look at villans or virtual local area networks. 2 00:00:15,310 --> 00:00:18,240 We are going to virtualize our infrastructure. 3 00:00:18,530 --> 00:00:24,620 Virtualization is a big topic today with companies such as V.M. way of virtualizing servers but villans 4 00:00:24,680 --> 00:00:29,290 have been around for many years and in a similar way we are going to be virtualizing our switches with 5 00:00:29,300 --> 00:00:32,400 one physical switch is virtually multiple switches. 6 00:00:32,600 --> 00:00:34,350 This is not full virtualization. 7 00:00:34,400 --> 00:00:38,520 We are just virtualizing the local area networks on that specific switch. 8 00:00:38,810 --> 00:00:42,090 So I want to give you an overview of villans and how they operate. 9 00:00:42,200 --> 00:00:48,150 We need to talk about trunking protocols like a two to one q and a cell wall into switch link. 10 00:00:48,170 --> 00:00:53,930 I want to explain virtual trunking protocol or VTB which allows us to create villans on a single switch 11 00:00:54,320 --> 00:00:58,320 and have that information propagated to other switches in the topology. 12 00:00:58,510 --> 00:01:04,760 The DP can be a very useful protocol but can be extremely dangerous and has caused a lot of problems. 13 00:01:04,860 --> 00:01:11,060 Cisco engineers over the years and these days a lot of us will just turn it off and never use it because 14 00:01:11,060 --> 00:01:13,580 of its inherent dangers. 15 00:01:13,700 --> 00:01:19,510 Now an incorrectly designed network or poorly designed network has multiple issues in a simple typology 16 00:01:19,520 --> 00:01:20,780 as an example. 17 00:01:20,780 --> 00:01:22,750 We have a switch with a hub. 18 00:01:23,110 --> 00:01:25,370 This is a single broadcast domain. 19 00:01:25,700 --> 00:01:31,910 So if this host a started broadcasting that broadcast would be received by everyone. 20 00:01:32,000 --> 00:01:37,970 Now that may not be a problem but if the Knicks start jabbering in other words sending out broadcast 21 00:01:37,970 --> 00:01:43,340 off the broadcast of the broadcast it can flood through the entire network and cause a lot of issues 22 00:01:43,670 --> 00:01:47,160 as every device in the network needs to process that broadcast. 23 00:01:47,540 --> 00:01:54,260 This issue exponentially increases as the number of hosts on the network increases more and more hosts 24 00:01:54,260 --> 00:01:59,690 are sending broadcasts more and more hosts are affected by those broadcasts and thus broadcast should 25 00:01:59,690 --> 00:02:04,040 be contained or limited as far as possible. 26 00:02:04,050 --> 00:02:06,920 This is an example of a poorly designed network. 27 00:02:07,170 --> 00:02:11,340 If the central switch went down it would affect all devices and the typology. 28 00:02:11,550 --> 00:02:17,460 No host would be able to communicate with each other because all communication needs to go via the single 29 00:02:17,460 --> 00:02:20,800 device which is now a single point of failure. 30 00:02:21,110 --> 00:02:24,510 Broadcasts once again will fly throughout the network. 31 00:02:24,510 --> 00:02:31,180 The broadcast is received on all links and will consume the bandwidth on every single link in this apology. 32 00:02:31,350 --> 00:02:39,240 Once again every single device has to process that broadcast and it CPQ will be interrupted by the broadcast 33 00:02:39,750 --> 00:02:43,160 continuous broadcasts will slow down the entire network. 34 00:02:44,250 --> 00:02:50,040 Because of the way mac address tables work traffic going to the unit costs address where the MAC address 35 00:02:50,040 --> 00:02:56,210 is not learned by the switches will also be flooded throughout the typology multi costs are treated 36 00:02:56,210 --> 00:03:02,450 in the same way as broadcasts by most laity switches so multi-course will be flooded throughout the 37 00:03:02,450 --> 00:03:09,860 network and affect all devices at poorly designed network may be disorganized and poorly documented 38 00:03:10,310 --> 00:03:15,530 and easily identified traffic flows which make support maintenance and problem resolution. 39 00:03:15,530 --> 00:03:18,650 Very time consuming and very difficult. 40 00:03:18,650 --> 00:03:20,560 You also have the issue of security. 41 00:03:20,900 --> 00:03:26,450 If this host on the left hand side is in marketing and the host on the right hand side is in the accounts 42 00:03:26,450 --> 00:03:33,200 department the person in marketing has access to that machine across the network because security might 43 00:03:33,200 --> 00:03:34,980 not be implemented properly. 44 00:03:35,030 --> 00:03:42,570 It becomes very difficult to manage a poorly designed network so what is a virtual LAN or villain a 45 00:03:42,570 --> 00:03:50,400 villain is essentially a single broadcast domain or logical subnet or logical network. 46 00:03:50,580 --> 00:03:55,980 You could say it's a group of hosts with a common set of requirements attached to the same broadcast 47 00:03:55,980 --> 00:03:59,620 domain regardless of where they are physically located. 48 00:03:59,870 --> 00:04:05,790 You are able to group multiple devices together logically rather than physically. 49 00:04:05,790 --> 00:04:12,870 So it is possible to span a subnet or Villon across multiple switches even though that's not recommended 50 00:04:12,870 --> 00:04:14,090 today. 51 00:04:14,190 --> 00:04:20,580 You can design a villain structure that allows you to group together stations or hosts that are segmented 52 00:04:20,730 --> 00:04:25,500 logically by functions project teams and other types of applications. 53 00:04:25,500 --> 00:04:28,560 Once again without regard to physical location. 54 00:04:28,560 --> 00:04:34,440 So some of the advantages of villans include segmentation where you segment or separate users based 55 00:04:34,560 --> 00:04:35,730 on function. 56 00:04:35,730 --> 00:04:40,500 For instance the sales department will go into specific villain and the accountancy Department will 57 00:04:40,500 --> 00:04:46,290 go into different violent it's very flexible with our changing physical cabling you can move the user 58 00:04:46,290 --> 00:04:48,240 from one villain to another. 59 00:04:48,270 --> 00:04:55,020 It also provides security because users are insipidly lands and they have to traverse a layer 3 device 60 00:04:55,020 --> 00:05:01,920 like a Raptor to get from one villain to another on the router you could implement access lists to control 61 00:05:02,070 --> 00:05:04,780 which users have access to various villains. 62 00:05:04,980 --> 00:05:07,930 We'll be talking a lot about access lists later of course. 63 00:05:08,160 --> 00:05:13,830 But for now I understand that it gives you the ability to enhance security by separating users these 64 00:05:13,830 --> 00:05:14,070 days. 65 00:05:14,070 --> 00:05:18,960 Villans also have other advantages specifically when implementing voice over IP. 66 00:05:19,170 --> 00:05:24,870 You can put your IP phones into separate a villain to your workstations and therefore provide a better 67 00:05:24,870 --> 00:05:27,530 quality of service to the IP phones. 68 00:05:27,600 --> 00:05:31,900 So implementing villans has many advantages in modern networks today. 69 00:05:32,780 --> 00:05:37,970 Something that I find that always confuses people is the difference between a physical topology and 70 00:05:37,970 --> 00:05:39,700 a logical topology. 71 00:05:39,770 --> 00:05:45,530 You need to change your paradigm and no longer think about the physical topology of the network but 72 00:05:45,530 --> 00:05:48,750 draw they envision what the logical topology looks like. 73 00:05:48,920 --> 00:05:54,980 The logical typology will be very different to the physical topology as soon as villans are implemented. 74 00:05:54,980 --> 00:05:58,310 So he has an example of what a physical typology may look like. 75 00:05:58,370 --> 00:06:07,510 You have four physical machines connected to a single physical switch on Portes 0 1 0 2 0 3 and 0 4. 76 00:06:07,820 --> 00:06:15,450 So that's the physical topology However logically we can put interfaces into different villans. 77 00:06:15,920 --> 00:06:21,050 So all you need to do is go into the interface and I'll show you the commands in a moment and you put 78 00:06:21,050 --> 00:06:23,860 that interface into a specific plan. 79 00:06:23,990 --> 00:06:28,820 Let's say for argument's sake to read the land now the lands on switches are configured with numbers 80 00:06:29,330 --> 00:06:34,610 but often when we discuss villans we talk about colors to try and differentiate between the villains 81 00:06:34,610 --> 00:06:36,450 and make it easier to understand. 82 00:06:36,740 --> 00:06:44,360 So assume for the moment that PC a and PCD have been put into the red Villon like typing commands on 83 00:06:44,360 --> 00:06:50,570 the switch ports PCB and PCC have been put into the green V land. 84 00:06:50,690 --> 00:06:54,160 Please note that the hosts are oblivious to what's happened. 85 00:06:54,230 --> 00:07:00,380 As the administrator have just gone onto the switch and changed the villain that the port belongs to 86 00:07:00,980 --> 00:07:07,520 by default all ports belong to Villon one on Cisco switches but by using a single command you can move 87 00:07:07,520 --> 00:07:09,550 that port to a separate Thielen. 88 00:07:09,890 --> 00:07:13,420 So once again the physical topology looks as follows. 89 00:07:13,430 --> 00:07:20,440 But you've just got to imagine that these PCs on separate villans have a when looking at the logical 90 00:07:20,440 --> 00:07:30,700 topology things are dramatically different PCJ and PCD are in the red villaine on switch DCC and PC 91 00:07:30,700 --> 00:07:38,580 be on the green villaine logically there are two separate switches or two separate land. 92 00:07:38,580 --> 00:07:45,430 Here we have virtualise the Allen infrastructure and created two separate local area networks. 93 00:07:45,430 --> 00:07:50,480 These networks cannot communicate with each other from a layer to point of view. 94 00:07:50,550 --> 00:07:56,980 The plans are implemented at laity and the only way to move from one villain to another is to go via 95 00:07:56,980 --> 00:08:00,460 a layer 3 device such as a router remember please. 96 00:08:00,640 --> 00:08:05,310 A billion is a separate logical subnet or separate broadcast domain. 97 00:08:05,620 --> 00:08:12,690 If a sent a broadcast that broadcasts would only be received by d if C sent a broadcast that broadcasts 98 00:08:12,690 --> 00:08:19,570 would only be received by B which is very different with all the devices on the same Bil'in or same 99 00:08:19,570 --> 00:08:20,740 physical switch. 100 00:08:20,830 --> 00:08:27,080 Once again ports can be put into a villain using different mechanisms for the moment just a that use 101 00:08:27,130 --> 00:08:31,550 the administrator statically put the port into the of the land. 102 00:08:31,990 --> 00:08:36,780 So going back to our physical view of the topology and this topology we're not going to use Forty-Eight 103 00:08:36,790 --> 00:08:40,570 but Mac addresses because I want to simplify what's going on. 104 00:08:40,570 --> 00:08:48,420 So just assume that these numbers a b c and d are the Mac addresses of these devices. 105 00:08:48,530 --> 00:08:55,950 When a sends a broadcast that broadcast will be forwarded to the switch with a source address of a and 106 00:08:55,950 --> 00:08:58,340 the destination will contain x. 107 00:08:58,400 --> 00:09:04,490 In other words broadcast when that frame hits the switch the switch will make a note of which villaine 108 00:09:04,490 --> 00:09:05,890 that code belongs to. 109 00:09:06,170 --> 00:09:09,830 So that frame is internally tagged with the red villain. 110 00:09:09,920 --> 00:09:13,130 Please note the PC is oblivious to what's going on. 111 00:09:13,130 --> 00:09:19,640 The PC just sees this link as standard Ethernet and doesn't understand the concept of violence. 112 00:09:19,640 --> 00:09:21,730 I'm going to digress just for a second. 113 00:09:21,740 --> 00:09:30,690 The architecture switches very Cisco documents like this one explaining the architecture of a 6500 switch. 114 00:09:30,700 --> 00:09:36,830 So for example looking at the different Jessies and different line cards and different supervisors. 115 00:09:37,030 --> 00:09:40,870 This document will explain how the architecture is set up. 116 00:09:41,110 --> 00:09:46,180 The detail of this is totally out of the scope of the course but it's just to try and explain a little 117 00:09:46,180 --> 00:09:48,760 bit about what happens behind the scenes. 118 00:09:48,760 --> 00:09:54,850 One of the things that they explain in the document is the day in the life of a packet going through 119 00:09:54,880 --> 00:09:56,460 a hundred. 120 00:09:56,590 --> 00:10:03,010 And in this example they've got centralized forwarding so they'll explain how a package will arrive 121 00:10:03,370 --> 00:10:10,300 on an interface and based on different application specific integrated circuits or A-6 how that packet 122 00:10:10,300 --> 00:10:17,260 will flow from the ingress port to an a great sport going via the database on the back plane of the 123 00:10:17,260 --> 00:10:18,220 switch. 124 00:10:18,220 --> 00:10:24,070 You can learn more about the actual flow of the packet through the switch by going and looking at documents 125 00:10:24,070 --> 00:10:25,900 like this. 126 00:10:25,940 --> 00:10:30,310 All I want you to realize is that the architecture of different switches work differently. 127 00:10:30,440 --> 00:10:34,560 And if you want to look at the internals of a switch there are really good documents on Cisco's Web 128 00:10:34,560 --> 00:10:41,600 site explaining how packets flow through a switch for this cause we are going to explain it as follows. 129 00:10:41,740 --> 00:10:47,740 When the frame arrives on this port it's internally tagged with a red Villon that frame is then copied 130 00:10:47,890 --> 00:10:50,380 to all other ports on the switch. 131 00:10:50,380 --> 00:10:52,630 However that broadcast will not be forwarded. 132 00:10:52,630 --> 00:10:59,160 Out of this port because the port is in a different Villon to the original frame the frame will also 133 00:10:59,160 --> 00:11:00,030 not be forwarded. 134 00:11:00,030 --> 00:11:06,110 Out of this port 0 3 because the frame is in a different villain to the port. 135 00:11:06,120 --> 00:11:12,480 However on this port the frame will be forwarded out because the villain number or color is the same. 136 00:11:12,480 --> 00:11:16,360 Please note only the original frame is sent out of the port. 137 00:11:16,380 --> 00:11:18,710 No internal tagging leaves the switch. 138 00:11:18,750 --> 00:11:23,970 The PCs once again are oblivious to any tagging or changing of frames. 139 00:11:23,970 --> 00:11:28,760 So the frame leaves the switch and arrives at PCD in its original form. 140 00:11:28,980 --> 00:11:32,620 Source addresses a destination address as a broadcast. 141 00:11:32,670 --> 00:11:41,370 So physically we have one switch here but logically PCIe can only send traffic to PCD not to PCB or 142 00:11:41,370 --> 00:11:42,800 PCC. 143 00:11:42,870 --> 00:11:48,320 They are on a separate the land or separate logical switch. 144 00:11:48,360 --> 00:11:55,940 If you try to send a unit cost to see so the source addresses say in the frame and the destination address 145 00:11:55,940 --> 00:11:59,930 is C which is this PC on the green line. 146 00:12:00,210 --> 00:12:03,420 That frame would be sent to the switch as a standard. 147 00:12:03,420 --> 00:12:05,070 Ethan at frame. 148 00:12:05,070 --> 00:12:09,940 Now we are assuming here that is somehow learnt the Mac address of C.. 149 00:12:10,110 --> 00:12:15,380 So he is sending a frame directly to see normally he wouldn't even be able to learn that Mac address. 150 00:12:15,740 --> 00:12:19,900 So in this example the person on a could be up to no good. 151 00:12:19,920 --> 00:12:24,840 The frame arrives at the switch and the switch tags the frame internally with the red villaine that 152 00:12:24,840 --> 00:12:28,260 frame is copied to all ports on the switch. 153 00:12:28,260 --> 00:12:30,420 Now once again that depends on the switch architecture. 154 00:12:30,450 --> 00:12:35,070 So let's just assume for the moment that that's what's going to happen on the specific switch. 155 00:12:35,070 --> 00:12:40,980 Now the central async checks the Mac address table and sees that C can be found in port 0 3. 156 00:12:40,980 --> 00:12:46,510 So their central A-6 sends a flush message to the other ports to remove the copies of the frame. 157 00:12:46,510 --> 00:12:50,020 So the frame is only available on port 0 3. 158 00:12:50,070 --> 00:12:54,840 However just before sending out the frame the Port Vila and Kallos checked against the frame. 159 00:12:54,840 --> 00:12:58,650 The frame is a red villaine frame because it arrived on a red port. 160 00:12:58,650 --> 00:13:04,890 But this is a Green the line interface so the frame is not transmitted and is dropped so the frame never 161 00:13:04,890 --> 00:13:06,290 gets to PCC. 162 00:13:06,510 --> 00:13:09,140 Therefore am not able to access the green line. 163 00:13:09,570 --> 00:13:15,900 Logically A is separated from C and from a later point of view there is no connection between the red 164 00:13:16,070 --> 00:13:18,180 line and the green V land. 165 00:13:18,300 --> 00:13:23,430 As mentioned previously the only way to get from one villain to another is to traverse a layer 3 device 166 00:13:23,430 --> 00:13:29,200 such as a router and as there is no rot in the example the traffic is totally separated. 167 00:13:29,370 --> 00:13:31,650 Now he has a slightly more complicated example. 168 00:13:31,700 --> 00:13:37,920 He is still in the red line but is connected to switch 1 D is in the red villaine that is in this case 169 00:13:37,920 --> 00:13:45,500 connected to switch to CS in the green villin connected to switch t and B is in the green the line connected 170 00:13:45,500 --> 00:13:46,770 to switch 1. 171 00:13:46,960 --> 00:13:52,010 A special type of link is required between the two switches so that they can communicate any information 172 00:13:52,010 --> 00:13:55,490 between them and that is known as a trunk port. 173 00:13:55,490 --> 00:14:01,850 This interface will run at trunking protocol so that any information can be transmitted from one switch 174 00:14:01,850 --> 00:14:02,830 to another. 175 00:14:02,850 --> 00:14:10,130 The two trunking protocols that are used are ISIL or into switch link an editor the one key now ISIL 176 00:14:10,400 --> 00:14:15,150 was a Cecka proprietary protocol and tends not to be used today. 177 00:14:15,220 --> 00:14:15,680 Or one. 178 00:14:15,690 --> 00:14:21,800 Q The industry standard is the protocol of choice for communicating the information between switches 179 00:14:22,310 --> 00:14:24,270 across trunking ports. 180 00:14:24,290 --> 00:14:28,100 Now once again it's important to remember what the physical topology looks like. 181 00:14:28,100 --> 00:14:29,520 Which is as follows. 182 00:14:29,600 --> 00:14:33,490 And then the logical topology which looks like this. 183 00:14:33,820 --> 00:14:39,110 Is connected to switch one PCCs connected to switch to. 184 00:14:39,310 --> 00:14:46,310 They're all in the red Villon PCBs connected to switch one and PCD is connected to switch 2. 185 00:14:46,330 --> 00:14:52,570 But they're on the green villain so there's logical separation between the devices across the two switches 186 00:14:53,230 --> 00:14:56,470 physically please remember there are only two switches in this topology. 187 00:14:56,470 --> 00:15:01,780 But logically we are creating four switches with the Readville and separated from the green Bil'in and 188 00:15:01,780 --> 00:15:04,350 the switches are linked using a trunking interface. 189 00:15:04,690 --> 00:15:09,540 So trunking once again allows multiple villains to traverse a single physical link. 190 00:15:09,730 --> 00:15:11,870 The two protocols are Ed. one. 191 00:15:11,880 --> 00:15:18,370 Q The Industry Standard which tends to be used today and ISIL which was Cisco's proprietary method which 192 00:15:18,370 --> 00:15:20,920 tends not to be used in todays environments. 193 00:15:20,920 --> 00:15:26,500 Cisco IP phones for example do not support ICL and a lot of news switches do not provide support for 194 00:15:26,500 --> 00:15:27,850 ISIL. 195 00:15:27,850 --> 00:15:34,180 So in this course we are going to concentrate on a two to one key and attitude or one Q frame is different 196 00:15:34,180 --> 00:15:38,230 to a standard Ethan it frame stented Ethan it frame would look something like this. 197 00:15:38,230 --> 00:15:43,890 You have a destination field a source field a length or ether type field. 198 00:15:43,990 --> 00:15:50,670 You have the data and then you have the frame checked sequence and edit 2.1 one frame has a full byte 199 00:15:50,680 --> 00:15:57,190 tag inserted into the header between the source address field and the ether top or length field because 200 00:15:57,190 --> 00:15:58,740 the frame has been altered. 201 00:15:58,840 --> 00:16:03,740 The frame check sequence is pre-computed and replaced in the modified frame. 202 00:16:04,830 --> 00:16:13,780 The tag consists of two main parts the tag protocol identifier which is set to 0 6 8 1 0 0 to identify 203 00:16:13,780 --> 00:16:21,080 this as an actual E to the one tag frame and thus allow switches and devices to distinguish an editor 204 00:16:21,080 --> 00:16:24,000 or one cue frame from untagged frames. 205 00:16:24,120 --> 00:16:27,370 This is 16 bits in length or two bytes. 206 00:16:27,510 --> 00:16:34,860 The remaining two bytes will 16 bits is split as follows three bits represent the priority or priority 207 00:16:34,860 --> 00:16:42,250 code point which is a three bit field used to prioritize certain traffic types over others. 208 00:16:42,280 --> 00:16:47,950 This is used very heavily in quality of service where for instance a decimal value of five is used to 209 00:16:47,950 --> 00:16:49,900 represent voice. 210 00:16:49,900 --> 00:16:56,260 The canonical format identifier will see if y was used in the old days or compatibility between Ethernet 211 00:16:56,260 --> 00:16:57,820 and Token Ring networks. 212 00:16:57,820 --> 00:17:00,350 It's very unlikely that you're going to use that today. 213 00:17:00,790 --> 00:17:07,660 And the important piece is the villain identify which is a 12 bit field specifying the Wii LAN to which 214 00:17:07,660 --> 00:17:09,010 this frame belongs. 215 00:17:09,100 --> 00:17:13,110 A value of zero would mean that this frame does not belong to any villain. 216 00:17:13,270 --> 00:17:19,320 It's because of this field that switches are able to communicate the veel and number to each other. 217 00:17:19,420 --> 00:17:26,640 It is 12 bits in size which allows for 4000 ninety 96 villans to be created in an 8 to 1 environment. 218 00:17:27,420 --> 00:17:29,040 You can work that out as follows. 219 00:17:29,330 --> 00:17:35,940 Two to the power of 12 equals 4000 a 96. 220 00:17:35,950 --> 00:17:42,640 So in theory 4000 a 96 villans could be configured on an ADA to the one key switch switches however 221 00:17:42,670 --> 00:17:45,540 do not necessarily support that number of villans. 24635