版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。 [url]http://netwalk.blog.51cto.com/173717/70528[/url]
|
||||||||||||||||||||
自从上次发一文《路由器集成桥接路由(IRB)模式分析》 [url]http://netwalk.blog.51cto.com/173717/67503[/url]后,很多朋友来消息交流桥接技术的一些心得和问题,在感谢大家关注这个问题的同时,我感觉有必要将桥接技术再次梳理,从整体上把握这个在网络发展历史上做出过巨大贡献,现在仍在一些领域继续贡献的伟大技术。
本来打算自己写的,后来想起《CCIE Routing and Switching Exam Certification Guide》有比较全面的介绍,就借花献佛,在自己的理解上翻译下,同时附上原文,供诸位网友分享。
Transparent Bridging (TB)透明桥接(TB)
This section covers bridging between Ethernet networks, STP, CRB, and IRB.
本章涵盖的内容包括以太网络间的桥接,STP,CRB以及IRB。
Bridges and STP
桥接和STP(生成树协议)
Ethernet bridging occurs in the data-link layer of the OSI model. Switches perform the same function as bridges. For the rest of the chapter, the term
switches refers to bridges. Bridges (and switches) forward frames from one interface to another based on the destination MAC address. For any incoming frame, bridges forward the frame out a specific port, if the destination MAC address is known, or it is flooded out all ports if the MAC address is unknown. If the destination MAC is unknown, the bridges forward the frame out all ports. This is known as
flooding. Bridges have three primary functions:
以太桥接技术定位于OSI(开放系统互联)模型的数据链路层(第二层)。交换机扮演了类似网桥的角色。在本章剩余的部分,交换机将被归类为网桥。网桥(和交换机)根据目的MAC地址将帧从一个接口转发到另一个接口。对于任意收到的帧,网桥将依照已知的目的MAC地址转发到相应的接口,当目的MAC未知时,网桥将在所有接口上泛洪,泛洪意为将帧转发到所有接口。网桥具备三个主要功能:
Bridges keep a bridge table to track the MAC addresses available out each port.
网桥持续跟踪每个接口出现的MAC地址并维护一个桥接表。
An example of the table on a Catalyst switch is shown in Example 4-3. The switch creates a table that lists the MAC address and port for the stations. For example, the station with MAC address 00-10-7b-80-ba-d5 is located out port 2/10. This MAC table was created dynamically.
范例4-3示范了一个Catalyst 交换机上显示的网桥MAC地址表。交换机创建了一张终端站(比如计算机)的MAC地址和接口表。举例来说,某个站的MAC地址是00-10-7b-80-ba-d5其对应的接口是port 2/10。这张MAC表是动态创建的。
Example 4-3 Bridge MAC Tablecat5000: show cam dynamic VLAN Dest MAC/Route Des Destination Ports or VCs / [Protocol Type] ---- ------------------ -------------------------------------------- 710 <Anchor3>00-10-7b-80-ba-d5 2/10 [ALL] 34 00-10-7b-1b-6f-9c 2/3 [ALL] 59 00-10-7b-7e-cc-c3 2/5 [ALL] 59 00-e0-b0-64-6e-47 2/9 [ALL] 1 00-e0-b0-64-6e-49 2/12 [ALL] 1 00-10-7b-7e-cc-cd 2/11 [ALL] 710 00-e0-b0-64-6e-07 2/7 [ALL] 34 00-50-3e-e4-58-59 2/4 [ALL] Total Matching CAM Entries Displayed = 8
Routers can also be configured to bridge protocols. By default, if bridging is configured on an interface, the router bridges any protocol that is not routed on that interface.
路由器一样支持桥接协议。默认的情况下,一旦某个接口配置了桥接,任何协议都不再该接口上进行路由。
The configuration in Example 4-4 bridges between Ethernet 1 and Ethernet 0. Bridge group 1 is configured for the IEEE STP with the
bridge 1 protocol ieee command. Each interface is configured to bridge with the
bridge-group 1 command.
范例4-4配置了Ethernet 1和Ethernet 0之间的桥接。桥接组1被配置成 IEEE STP协议,命令为
bridge 1 protocol ieee。每个接口要想加入该桥接组都要使用 bridge-group 1 命令。
Example 4-4 Configuration of Bridge Between Ethernet 0 and Ethernet 1bridge 1 protocol ieee ! interface ethernet 0 bridge-group 1 ! interface ethernet 1 bridge-group 1 Transparent Bridge Modes透明网桥模式
Bridges and switches can operate in two basic modes:
store-and-forward and
cut-through. The legacy mode is store-and-forward. The bridge stores the entire frame and verifies the CRC before forwarding the frame. If a CRC error is detected, the frame is discarded.
网桥和交换机都可以配置成两种基本模式:存储转发和直通。默认的模式是存储转发。网桥存储所有的帧并在校验CRC后进行转发。如果CRC校验没有通过,帧将被丢弃。
With the evolution of bridges and switches with fast integrated circuits, a new mode of operation is usually available: cut-through. In this mode, the switch does not wait for the entire frame to enter its buffer; instead, it forwards the frame just after it reads the destination MAC address. The advantage is that the switching operation is faster. The disadvantage is that the cut-through operation does not check for CRC errors, which increases the amount of runt and error frames on the network. Because of this problem, most switches provide the option to switch the mode back to store-and-forward if an error threshold is met. Switches in cut-through can track the CRC errors of forwarded frames to determine if there are too many errors. Other switches implement modified cut-through, which waits to receive 64 bytes before it begins transmission, which prevents the switch from sending runt frames.
随着高速集成电路的发展,网桥和交换机也在进化。一种新的模式被广泛使用了:这就是直通模式。在这个模式下,交换机不再等待全部帧进入缓存,而是在获得帧的目标MAC地址后立即进行转发。这有利于交换机性能的提高。不利因素也随之产生,由于直通模式不做CRC校验,网络上的畸形和错误帧将增加。正因为此,大部分交换机提供了在到达一定错误门限时切换回存储转发模式的操作。一部分交换机在直通模式下具备当错误过多时能跟踪并检测转发帧的CRC错误的能力。另一部分交换机则通过修改直通模式,实现了在传输前等待一个帧前段的64 bytes数据,从而达到阻止转发畸形帧的目的。
STP生成树协议
When multiple bridges connect the same LAN segments, bridge loops can occur. The STP is a Layer-2 link management protocol that discovers a loop free topology for connectivity between LANs. As shown in Figure 4-16, STP might place some redundant bridged interfaces in a blocked state. STP provides recovery from bridge failures by changing blocked interfaces to a forwarding state, if a primary link fails. Although a DEC and IBM version are available, the IEEE 802.1d standard is the default protocol.
当局域网内出现多个网桥时,桥接将形成环路。生成树协议是一个二层管理协议,它用来发现局域网中的拓扑循环问题。在图4-16中(ft,图怎么那么小?),生成树使得一些冗余的桥接接口处于阻塞状态。当主链路失效时,生成树将恢复阻塞接口为转发状态,保证桥接的正常运行。生成树协议包括三个版本,DEC和IBM版本,以及默认采用的IEEE 802.1d协议标准。
![]()
Figure 4-16 STP
Root Bridge Election
根网桥选举
A root bridge is elected as the root of the spanning-tree topology. All ports that are not needed to reach the root bridge are placed in blocking mode. The selection of the root bridge is based on the lowest numerical bridge priority. The bridge priority ranges from 0 to 65535. If all bridges have the same bridge priority, the bridge with the lowest MAC address is selected as the root. Physical changes of the network force spanning-tree recalculation.
生成树拓扑内的网桥共同选举出根网桥。那些没必要直接和根网桥通信的端口都被置为阻塞状态。根网桥选举的标准为最低(小)优先值,这个值的范围在0到65535之间。如果所有网桥都具备相同的优先值,MAC地址最小的网桥将被选举为根。网络的变化将引发生成树的重新计算。
The router interface priority can be changed with the
priority keyword, with priority values ranging from 1 to 255:
路由器的接口优先值使用命令
priority 修改,取值范围在1到255之间。
R4(config-if)#bridge-group 1 priority ? <0-255>
Bridge Identifier (BID) and Path Costs
网桥标识符(BID)和路径花费(代价)
As shown in Figure 4-17, the BID is 8 bytes long and contains a bridge priority (2 bytes), along with one of the bridge's MAC addresses (6 bytes). With 2 bytes, the priority values range from 0 to 65,535. The default priority is 32,768.
如图4-17所示,BID长8个字节,其中包含了2个字节的网桥优先值,其余部分为6个字节的MAC地址。2字节内,优先值取值范围在0到65535之间,默认的权限为32768。
![]()
Figure 4-17 BID Format
Each port is assigned a Port ID. Port IDs are 16 bits long and consist of two parts: a 6-bit priority setting and a 10-bit port number.
每个端口指定了一个端口ID,端口ID长16位,由两部分组成,一个6位的优先值和一个10为的端口号。
A path cost value is assigned to each port. The costs are accumulated to determine the total cost to reach the root. According to the original specification in 802.1d, cost is calculated by dividing 1000 Mbps (1 gigabit per second) by the bandwidth (in megabits per second) of the segment connected to the port. Using this formula, a 100 Mbps connection has a cost of 10 (1000 / 100 = 10). To accommodate higher speeds, such as GE, the IEEE adopted new values. Table 4-8 shows the revised path costs for STP.
每个端口被指定了一个路径花费值。这些数值被累加后用来判断到达根网桥的总度量。根据802.1d的规定,依照1000Mbps的带宽来计算开销,照这样算的话,100Mbps的代价应为10。但是为了包含更高速率,诸如GE、IEEE新的标准,表4-8显示了修整过后的STP花费值。
Table 4-8 STP Path Costs
Bridge Protocol Data Unit (BPDU)
桥接协议数据单元
Transparent bridges performing STP communicate by exchanging BPDUs. BPDU packets contain information on ports, addresses, priorities and costs. Bridges do not forward received BPDUs, instead the information generates new BPDUs.
透明桥通过交换BPDU来完成STP通讯。BPDU包含了接口、地址、属性、花费值等信息。网桥不会转发BPDU。
The BPDU contains the following information:
BPDU包含了以下信息:
NOTE
注意
BPDU destination addresses use the bridge group multicast MAC address 01-80-C2-00-00-00. These frames are copied by bridges but ignored by all other stations.
BPDU的目的地址采用桥接组播MAC地址01-80-C2-00-00-00。这个地址仅仅被网桥使用。
BPDU Types
BPDU类型
The two types of a BPDU follow:
BPDU具备两种类型:
Configuration BPDUs are sent from the root bridge with the root BID. The configuration BPDUs flow through all active paths, which provides the root BID and path cost information. The TCN BPDUs flow upstream to the root bridge to alert it of a topology change. The spanning-tree algorithm is recalculated by the bridges to determine any necessary changes in the path. After the network converges, no TCN BPDUs are present in the network.
配置BPDU源自所有根端口上连接的根网桥。配置BPDU携带了根网桥ID和路径花费信息,并通过当前活动的路径传送。TCN BPDU将向根网桥传送拓扑改变告警。生成树协议将依照网桥检测到的变化重新计算路径。网络收敛后,网内将不会出现TCN BPDU。
Bridge Port States
网桥端口状态
Each port of a transparent bridge exists in the following states:
网桥的每个端口都具备以下状态:
Designated Ports
指定端口
If connected with more than one port to the same segment, bridges select a designated port. The designated port is the port that sends and receives frames on the segment; other ports are placed in the blocking state (nondesignated ports).
如果在同一个网段中不止一个接口,网桥将指定一个端口。被指定的端口用以收发帧;其他端口将被置于阻塞状态(非指定端口)。
Multi-Instance Spanning-Tree Protocol (MISTP)
多生成树协议
Each VLAN configured in a switch runs an independent instance of the STP. MISTP is a proprietary spanning-tree mode in Cisco switches, which allows the grouping of multiple VLANs under a single instance of the STP. The MISTP instance has its own root switch and forwarding ports. When VLANs are mapped into a MISTP instance, it reduces the number of BPDUs because only MISTP BPDUs are sent between the switches configured for MISTP, which allows STP to scale to larger networks such as MANs.
交换机中每个vlan都被赋予一个独立的STP进程。MISTP是cisco交换机自有的生成树模式,允许多个vlan运行一个STP。MISTP有自己的根交换机和转发端口。当多个vlan被映射到一个MISTP中,由于只有MISTP BPDU发送,普通BPDU的数量将减少,但是要求这些交换机都必须配置MISTP,尤其在某些大型网络比如城域网中,这个优势特别明显。
CRB
并发路由桥接
CRB, introduced in IOS 11.0, enables the administrator to both route and bridge the same protocol on separate interfaces. With CRB, the routed traffic is confined to the routed interfaces, and bridged traffic is confined to the interfaces configured with bridge groups. Prior to CRB, routers could only bridge or route the same protocol-but not both.
IOS 11.0版本后引入了CRB的概念,允许在不同的端口上分别打开对某一协议的路由和桥接动作。通过CRB,路由流量被限制在路由模式接口,桥接流量被限制在配置了桥接组的接口中。在这之前,路由器只能桥接或路由某种协议而非同时启用。
As shown in Figure 4-18, IP traffic is routed on Ethernet interfaces 0 and 1 and concurrently bridged between Ethernet interfaces 2 and 3.
如图4-18所示,以太接口0和1之间路由IP通讯,同时在以太接口2和3之前桥接IP通讯。
![]()
Figure 4-18 CRB
The router configuration is displayed in Example 4-5.
例4-5显示了这个路由器的配置情况。
Example 4-5 Configuration Example of CRBbridge 1 protocol ieee bridge crb ! interface ethernet 0 ip address 192.168.1.1 255.255.255.0 ! interface ethernet 1 ip address 192.168.2.1 255.255.255.0 ! interface ethernet 2 bridge-group 1 no ip address ! interface ethernet 3 bridge-group 1 no ip address
CRB is enabled with the
bridge crb global command. The decision to route or bridge is in the hands of the transparent bridge group, with the
bridge
number
route ip command, which configures IP to be routed in a bridge group.
CRB通过
bridge crb 这个全局命令打开。桥接组(号)决定了是路由还是桥接。使用
bridge
number
route ip命令启用在桥接组内路由。
The
show interfaces crb command shows information about which protocols are routed and which are bridged.
show interfaces crb 命令将显示协议的桥接和路由情况。
IRB
集成路由桥接
IRB was introduced in IOS 11.2 as an enhancement to CRB. With IRB, a protocol can be routed between routed interfaces, bridged interfaces, or different bridge groups. As shown in Figure 4-19, this permits routing of IP from routed interfaces to bridged interfaces.
IRB出现于IOS 11.2版本,是CRB的增强模式。通过IRB,一种协议可以在路由接口、桥接接口和不同的桥接组之间路由。如图4-19所示,IP包从路由接口被转发到了桥接接口。
![]()
Figure 4-19 IRB
IRB is enabled with the
bridge irb global configuration command. A virtual IRB interface is created to have packets from the routed interfaces reach hosts in the bridge interfaces. The command to create the virtual bridge interface is
interface bvi
bridge-group.
bridge irb 这个全局命令用以开启IRB。一个虚拟的IRB接口用以将路由途径接收到的数据转发到桥接端口。
interface bvi
bridge-group用于创建虚拟桥接接口。
The router configuration is shown in Example 4-6. In this example, the virtual bridge interface is created for Bridge group 1 with the
interface bvi 1 command. IRB is enabled with the
bridge irb command. With the
bridge 1 route ip command, IP is routed between Ethernet 0, Ethernet 1, and the BVI interface; IP is bridged between Ethernet 2 and Ethernet 3.
具体路由配置见例4-6。在这个例子中,命令
interface bvi 1 用以创建虚拟桥接接口“桥接组1”。IRB通过
bridge irb 命令启用。通过
bridge 1 route ip 命令。IP数据在以太口0、1和BVI之间被路由。同时另一部分IP数据在以太2、3之间被桥接。
Example 4-6 Configuration of IRBbridge 1 protocol ieee bridge irb bridge 1 route ip ! interface ethernet 0 ip address 192.168.1.1 255.255.255.0 ! interface ethernet 1 ip address 192.168.2.1 255.255.255.0 ! interface ethernet 2 bridge-group 1 no ip address ! interface ethernet 3 bridge-group 1 no ip address ! interface bvi 1 ip address 192.168.3.1 255.255.255.0
The
show interface irb displays information about the IRB interface.
通过
show interface irb 指令显示IRB接口信息。
|