深入浅出再谈桥接技术

 深入浅出再谈桥接技术
2008-04-08 20:05:54
 标签: IRB CRB TB bridge 桥接    [ 推送到博客圈]

版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。 [url]http://netwalk.blog.51cto.com/173717/70528[/url]
自从上次发一文《路由器集成桥接路由(IRB)模式分析》 [url]http://netwalk.blog.51cto.com/173717/67503[/url]后,很多朋友来消息交流桥接技术的一些心得和问题,在感谢大家关注这个问题的同时,我感觉有必要将桥接技术再次梳理,从整体上把握这个在网络发展历史上做出过巨大贡献,现在仍在一些领域继续贡献的伟大技术。
本来打算自己写的,后来想起《CCIE Routing and Switching Exam Certification Guide》有比较全面的介绍,就借花献佛,在自己的理解上翻译下,同时附上原文,供诸位网友分享。

Transparent Bridging (TB)

透明桥接(TB)

This section covers bridging between Ethernet networks, STP, CRB, and IRB.
本章涵盖的内容包括以太网络间的桥接,STP,CRB以及IRB。

Bridges and STP

桥接和STP(生成树协议)
Ethernet bridging occurs in the data-link layer of the OSI model. Switches perform the same function as bridges. For the rest of the chapter, the term switches refers to bridges. Bridges (and switches) forward frames from one interface to another based on the destination MAC address. For any incoming frame, bridges forward the frame out a specific port, if the destination MAC address is known, or it is flooded out all ports if the MAC address is unknown. If the destination MAC is unknown, the bridges forward the frame out all ports. This is known as flooding. Bridges have three primary functions:
以太桥接技术定位于OSI(开放系统互联)模型的数据链路层(第二层)。交换机扮演了类似网桥的角色。在本章剩余的部分,交换机将被归类为网桥。网桥(和交换机)根据目的MAC地址将帧从一个接口转发到另一个接口。对于任意收到的帧,网桥将依照已知的目的MAC地址转发到相应的接口,当目的MAC未知时,网桥将在所有接口上泛洪,泛洪意为将帧转发到所有接口。网桥具备三个主要功能:
  • To learn the MAC addresses of all nodes and their associated port
  • 在所有节点以及他们的联合接口(如BVI地址)上学习MAC地址
  • To filter incoming frames whose destination MAC addresses are located on the same incoming port
  • 过滤那些目的MAC地址和进入网桥时端口MAC地址相同的帧
  • To forward incoming frames to the destination MAC through their associated port
  • 将要去非本交换环境内的MAC地址的帧从这个交换环境的联合接口转发出去(比如通过BVI接口路由到其他网络)
Bridges keep a bridge table to track the MAC addresses available out each port.
网桥持续跟踪每个接口出现的MAC地址并维护一个桥接表。
An example of the table on a Catalyst switch is shown in Example 4-3. The switch creates a table that lists the MAC address and port for the stations. For example, the station with MAC address 00-10-7b-80-ba-d5 is located out port 2/10. This MAC table was created dynamically.
范例4-3示范了一个Catalyst 交换机上显示的网桥MAC地址表。交换机创建了一张终端站(比如计算机)的MAC地址和接口表。举例来说,某个站的MAC地址是00-10-7b-80-ba-d5其对应的接口是port 2/10。这张MAC表是动态创建的。

Example 4-3 Bridge MAC Table

cat5000: show cam dynamic
VLAN  Dest MAC/Route Des  Destination Ports or VCs / [Protocol Type]
----  ------------------  --------------------------------------------
710   <Anchor3>00-10-7b-80-ba-d5   2/10 [ALL]
34    00-10-7b-1b-6f-9c   2/3 [ALL]
59    00-10-7b-7e-cc-c3   2/5 [ALL]
59    00-e0-b0-64-6e-47   2/9 [ALL]
1     00-e0-b0-64-6e-49   2/12 [ALL]
1     00-10-7b-7e-cc-cd   2/11 [ALL]
710   00-e0-b0-64-6e-07   2/7 [ALL]
34    00-50-3e-e4-58-59   2/4 [ALL]
Total Matching CAM Entries Displayed = 8
Routers can also be configured to bridge protocols. By default, if bridging is configured on an interface, the router bridges any protocol that is not routed on that interface.
路由器一样支持桥接协议。默认的情况下,一旦某个接口配置了桥接,任何协议都不再该接口上进行路由。
The configuration in Example 4-4 bridges between Ethernet 1 and Ethernet 0. Bridge group 1 is configured for the IEEE STP with the bridge 1 protocol ieee command. Each interface is configured to bridge with the bridge-group 1 command.
范例4-4配置了Ethernet 1和Ethernet 0之间的桥接。桥接组1被配置成 IEEE STP协议,命令为 bridge 1 protocol ieee。每个接口要想加入该桥接组都要使用 bridge-group 1 命令。

Example 4-4 Configuration of Bridge Between Ethernet 0 and Ethernet 1

bridge 1 protocol ieee
!
interface ethernet 0
  bridge-group 1
!
interface ethernet 1
 bridge-group 1

Transparent Bridge Modes

透明网桥模式

Bridges and switches can operate in two basic modes: store-and-forward and cut-through. The legacy mode is store-and-forward. The bridge stores the entire frame and verifies the CRC before forwarding the frame. If a CRC error is detected, the frame is discarded.
网桥和交换机都可以配置成两种基本模式:存储转发和直通。默认的模式是存储转发。网桥存储所有的帧并在校验CRC后进行转发。如果CRC校验没有通过,帧将被丢弃。
With the evolution of bridges and switches with fast integrated circuits, a new mode of operation is usually available: cut-through. In this mode, the switch does not wait for the entire frame to enter its buffer; instead, it forwards the frame just after it reads the destination MAC address. The advantage is that the switching operation is faster. The disadvantage is that the cut-through operation does not check for CRC errors, which increases the amount of runt and error frames on the network. Because of this problem, most switches provide the option to switch the mode back to store-and-forward if an error threshold is met. Switches in cut-through can track the CRC errors of forwarded frames to determine if there are too many errors. Other switches implement modified cut-through, which waits to receive 64 bytes before it begins transmission, which prevents the switch from sending runt frames.
随着高速集成电路的发展,网桥和交换机也在进化。一种新的模式被广泛使用了:这就是直通模式。在这个模式下,交换机不再等待全部帧进入缓存,而是在获得帧的目标MAC地址后立即进行转发。这有利于交换机性能的提高。不利因素也随之产生,由于直通模式不做CRC校验,网络上的畸形和错误帧将增加。正因为此,大部分交换机提供了在到达一定错误门限时切换回存储转发模式的操作。一部分交换机在直通模式下具备当错误过多时能跟踪并检测转发帧的CRC错误的能力。另一部分交换机则通过修改直通模式,实现了在传输前等待一个帧前段的64 bytes数据,从而达到阻止转发畸形帧的目的。

STP

生成树协议

When multiple bridges connect the same LAN segments, bridge loops can occur. The STP is a Layer-2 link management protocol that discovers a loop free topology for connectivity between LANs. As shown in Figure 4-16, STP might place some redundant bridged interfaces in a blocked state. STP provides recovery from bridge failures by changing blocked interfaces to a forwarding state, if a primary link fails. Although a DEC and IBM version are available, the IEEE 802.1d standard is the default protocol.
当局域网内出现多个网桥时,桥接将形成环路。生成树协议是一个二层管理协议,它用来发现局域网中的拓扑循环问题。在图4-16中(ft,图怎么那么小?),生成树使得一些冗余的桥接接口处于阻塞状态。当主链路失效时,生成树将恢复阻塞接口为转发状态,保证桥接的正常运行。生成树协议包括三个版本,DEC和IBM版本,以及默认采用的IEEE 802.1d协议标准。
Figure 4-16 STP
Root Bridge Election
根网桥选举
A root bridge is elected as the root of the spanning-tree topology. All ports that are not needed to reach the root bridge are placed in blocking mode. The selection of the root bridge is based on the lowest numerical bridge priority. The bridge priority ranges from 0 to 65535. If all bridges have the same bridge priority, the bridge with the lowest MAC address is selected as the root. Physical changes of the network force spanning-tree recalculation.
生成树拓扑内的网桥共同选举出根网桥。那些没必要直接和根网桥通信的端口都被置为阻塞状态。根网桥选举的标准为最低(小)优先值,这个值的范围在0到65535之间。如果所有网桥都具备相同的优先值,MAC地址最小的网桥将被选举为根。网络的变化将引发生成树的重新计算。
The router interface priority can be changed with the priority keyword, with priority values ranging from 1 to 255:
路由器的接口优先值使用命令 priority 修改,取值范围在1到255之间。
R4(config-if)#bridge-group 1 priority ?
  <0-255>
Bridge Identifier (BID) and Path Costs
网桥标识符(BID)和路径花费(代价)
As shown in Figure 4-17, the BID is 8 bytes long and contains a bridge priority (2 bytes), along with one of the bridge's MAC addresses (6 bytes). With 2 bytes, the priority values range from 0 to 65,535. The default priority is 32,768.
如图4-17所示,BID长8个字节,其中包含了2个字节的网桥优先值,其余部分为6个字节的MAC地址。2字节内,优先值取值范围在0到65535之间,默认的权限为32768。
Figure 4-17 BID Format
Each port is assigned a Port ID. Port IDs are 16 bits long and consist of two parts: a 6-bit priority setting and a 10-bit port number.
每个端口指定了一个端口ID,端口ID长16位,由两部分组成,一个6位的优先值和一个10为的端口号。
A path cost value is assigned to each port. The costs are accumulated to determine the total cost to reach the root. According to the original specification in 802.1d, cost is calculated by dividing 1000 Mbps (1 gigabit per second) by the bandwidth (in megabits per second) of the segment connected to the port. Using this formula, a 100 Mbps connection has a cost of 10 (1000 / 100 = 10). To accommodate higher speeds, such as GE, the IEEE adopted new values. Table 4-8 shows the revised path costs for STP.
每个端口被指定了一个路径花费值。这些数值被累加后用来判断到达根网桥的总度量。根据802.1d的规定,依照1000Mbps的带宽来计算开销,照这样算的话,100Mbps的代价应为10。但是为了包含更高速率,诸如GE、IEEE新的标准,表4-8显示了修整过后的STP花费值。

Table 4-8 STP Path Costs

Bandwidth
STP Cost Value
4 Mbps
250
10 Mbps
100
16 Mbps
62
45 Mbps
39
100 Mbps
19
155 Mbps
14
622 Mbps
6
1 Gbps
4
10 Gbps
2

Bridge Protocol Data Unit (BPDU)
桥接协议数据单元
Transparent bridges performing STP communicate by exchanging BPDUs. BPDU packets contain information on ports, addresses, priorities and costs. Bridges do not forward received BPDUs, instead the information generates new BPDUs.
透明桥通过交换BPDU来完成STP通讯。BPDU包含了接口、地址、属性、花费值等信息。网桥不会转发BPDU。
The BPDU contains the following information:
BPDU包含了以下信息:
  • Root BID-The BID of the bridge that the transmitting bridge believes to be the root bridge.
  • 根网桥ID-透明网桥所信任的根网桥的ID。
  • Path Cost-The cost of the path to reach the root bridge. If the segment is attached to the root bridge, it has a cost of 0. For example, if the data has to travel over three 10 Mbps segments to reach the root bridge, the cost is 200 (100 + 100 + 0).
  • 路径花费-到达根网桥所需要的花费值。如果数据是根网桥产生的,那么花费就是0,如果经过了三个网段抵达根网桥的话,那么花费值就是200(100+100+0)。
  • Sender BID-The BID of the bridge that sent this BPDU.
  • 源网桥ID-发送BPDU的网桥的ID。
  • Port ID-The port ID on the bridge that sent this BPDU.
  • 接口ID-发送BPDU的网桥的接口ID。
NOTE
注意
BPDU destination addresses use the bridge group multicast MAC address 01-80-C2-00-00-00. These frames are copied by bridges but ignored by all other stations.
BPDU的目的地址采用桥接组播MAC地址01-80-C2-00-00-00。这个地址仅仅被网桥使用。
BPDU Types
BPDU类型
The two types of a BPDU follow:
BPDU具备两种类型:
  • Configuration BPDU
  • 配置BPDU
  • Topology Change Notification (TCN) BPDU
  • 拓扑变更通知(TCN)BPDU
Configuration BPDUs are sent from the root bridge with the root BID. The configuration BPDUs flow through all active paths, which provides the root BID and path cost information. The TCN BPDUs flow upstream to the root bridge to alert it of a topology change. The spanning-tree algorithm is recalculated by the bridges to determine any necessary changes in the path. After the network converges, no TCN BPDUs are present in the network.
配置BPDU源自所有根端口上连接的根网桥。配置BPDU携带了根网桥ID和路径花费信息,并通过当前活动的路径传送。TCN BPDU将向根网桥传送拓扑改变告警。生成树协议将依照网桥检测到的变化重新计算路径。网络收敛后,网内将不会出现TCN BPDU。
Bridge Port States
网桥端口状态
Each port of a transparent bridge exists in the following states:
网桥的每个端口都具备以下状态:
  • Disabled-The port is inactive and does not participate in STP.
  • 失效-端口未激活或没有参与STP。
  • Blocking-When a port is enabled, it first moves to the blocked state before listening to the network. In this state, it does not participate in frame forwarding. It receives bridge PDUs and sends them to the STP algorithm for processing.
  • 阻塞-端口被激活后,在监听网络前首先进入阻塞状态。在此状态下不参与帧转发。其接收桥接PDU并且将进行STP运算。
  • Listening-When the bridge determines that the port should participate in frame forwarding, it changes to the listening state. In this state, the bridge does not forward frames and does not learn of network MAC addresses. The bridge does receive and process BPDUs and network management frames, but it does not send BPDUs.
  • 监听-当网桥判断准备进入帧转发状态时,将进入监听状态。在这个状态下,网桥不能转发帧和学习网内MAC地址。网桥接受并处理BPDU和网络管理帧,但是不发送BPDU。
  • Learning-The bridge port discards incoming frames. The bridge begins to add MAC addresses associated with this port into the table. BPDU and network management messages are processed. The bridge processes, generates, and sends BPDUs in this state.
  • 学习-网桥端口丢弃流入帧(就是仍然不转发)。但是学习流入帧的源MAC地址并加入映射表。BPDU和网络管理消息仍将被处理。这个状态下网桥将处理、创建和发送BPDU。
  • Forwarding-The full functional state for a bridged port. In this state, the bridge does not discard incoming frames. The bridge forwards frames to other ports; the bridge also forwards frames out this port. BPDUs and network management frames are processed.
  • 转发-网桥端口的全功能状态。这个状态下,网桥不再丢弃流入帧。网桥依照正确的接口转发数据;同时也将处理BPDU和网络管理帧。
Designated Ports
指定端口
If connected with more than one port to the same segment, bridges select a designated port. The designated port is the port that sends and receives frames on the segment; other ports are placed in the blocking state (nondesignated ports).
如果在同一个网段中不止一个接口,网桥将指定一个端口。被指定的端口用以收发帧;其他端口将被置于阻塞状态(非指定端口)。
Multi-Instance Spanning-Tree Protocol (MISTP)
多生成树协议
Each VLAN configured in a switch runs an independent instance of the STP. MISTP is a proprietary spanning-tree mode in Cisco switches, which allows the grouping of multiple VLANs under a single instance of the STP. The MISTP instance has its own root switch and forwarding ports. When VLANs are mapped into a MISTP instance, it reduces the number of BPDUs because only MISTP BPDUs are sent between the switches configured for MISTP, which allows STP to scale to larger networks such as MANs.
交换机中每个vlan都被赋予一个独立的STP进程。MISTP是cisco交换机自有的生成树模式,允许多个vlan运行一个STP。MISTP有自己的根交换机和转发端口。当多个vlan被映射到一个MISTP中,由于只有MISTP BPDU发送,普通BPDU的数量将减少,但是要求这些交换机都必须配置MISTP,尤其在某些大型网络比如城域网中,这个优势特别明显。

CRB

并发路由桥接
CRB, introduced in IOS 11.0, enables the administrator to both route and bridge the same protocol on separate interfaces. With CRB, the routed traffic is confined to the routed interfaces, and bridged traffic is confined to the interfaces configured with bridge groups. Prior to CRB, routers could only bridge or route the same protocol-but not both.
IOS 11.0版本后引入了CRB的概念,允许在不同的端口上分别打开对某一协议的路由和桥接动作。通过CRB,路由流量被限制在路由模式接口,桥接流量被限制在配置了桥接组的接口中。在这之前,路由器只能桥接或路由某种协议而非同时启用。
As shown in Figure 4-18, IP traffic is routed on Ethernet interfaces 0 and 1 and concurrently bridged between Ethernet interfaces 2 and 3.
如图4-18所示,以太接口0和1之间路由IP通讯,同时在以太接口2和3之前桥接IP通讯。
Figure 4-18 CRB
The router configuration is displayed in Example 4-5.
例4-5显示了这个路由器的配置情况。

Example 4-5 Configuration Example of CRB

bridge 1 protocol ieee
bridge crb
!
interface ethernet 0
 ip address 192.168.1.1 255.255.255.0
!
interface ethernet 1
 ip address 192.168.2.1 255.255.255.0
!
interface ethernet 2
 bridge-group 1
 no ip address
!
interface ethernet 3
 bridge-group 1
 no ip address
CRB is enabled with the bridge crb global command. The decision to route or bridge is in the hands of the transparent bridge group, with the bridge number route ip command, which configures IP to be routed in a bridge group.
CRB通过 bridge crb 这个全局命令打开。桥接组(号)决定了是路由还是桥接。使用 bridge number route ip命令启用在桥接组内路由。
The show interfaces crb command shows information about which protocols are routed and which are bridged.
show interfaces crb 命令将显示协议的桥接和路由情况。

IRB

集成路由桥接
IRB was introduced in IOS 11.2 as an enhancement to CRB. With IRB, a protocol can be routed between routed interfaces, bridged interfaces, or different bridge groups. As shown in Figure 4-19, this permits routing of IP from routed interfaces to bridged interfaces.
IRB出现于IOS 11.2版本,是CRB的增强模式。通过IRB,一种协议可以在路由接口、桥接接口和不同的桥接组之间路由。如图4-19所示,IP包从路由接口被转发到了桥接接口。
Figure 4-19 IRB
IRB is enabled with the bridge irb global configuration command. A virtual IRB interface is created to have packets from the routed interfaces reach hosts in the bridge interfaces. The command to create the virtual bridge interface is interface bvi bridge-group.
bridge irb 这个全局命令用以开启IRB。一个虚拟的IRB接口用以将路由途径接收到的数据转发到桥接端口。 interface bvi bridge-group用于创建虚拟桥接接口。
The router configuration is shown in Example 4-6. In this example, the virtual bridge interface is created for Bridge group 1 with the interface bvi 1 command. IRB is enabled with the bridge irb command. With the bridge 1 route ip command, IP is routed between Ethernet 0, Ethernet 1, and the BVI interface; IP is bridged between Ethernet 2 and Ethernet 3.
具体路由配置见例4-6。在这个例子中,命令 interface bvi 1 用以创建虚拟桥接接口“桥接组1”。IRB通过 bridge irb 命令启用。通过 bridge 1 route ip 命令。IP数据在以太口0、1和BVI之间被路由。同时另一部分IP数据在以太2、3之间被桥接。

Example 4-6 Configuration of IRB

bridge 1 protocol ieee
bridge irb
bridge 1 route ip
!
interface ethernet 0
 ip address 192.168.1.1 255.255.255.0
!
interface ethernet 1
 ip address 192.168.2.1 255.255.255.0
!
interface ethernet 2
 bridge-group 1
 no ip address
!
interface ethernet 3
 bridge-group 1
 no ip address
!
interface bvi 1
 ip address 192.168.3.1 255.255.255.0
The show interface irb displays information about the IRB interface.
通过 show interface irb 指令显示IRB接口信息。

你可能感兴趣的:(技术,职场,休闲,桥接)