Virtual LANs (VLANs) are used to subdivide one local area network into several logically isolated broadcast domains, independent of physical topology. The LAN being subdivided into logical pieces can be any type of LAN -- including Ethernet or Wi-Fi.
Port-based VLANs rely on switch or AP configuration to enforce VLAN membership. For example, a switch can be configured to put ports 1 through 8 into VLAN #1 and ports 9 through 16 into VLAN #2. Every station in VLAN #1 will hear the same LAN broadcasts, but nobody in VLAN #2 will be able to do so. Similarly, a wireless AP can be configured to relay traffic to and from VLAN #1 onto a named network (SSID) while relaying traffic to and from VLAN #2 onto a different SSID. That technique is commonly used to segregate guest wireless traffic from other (private) wireless traffic on the wired network.
Alternatively, 802.1Q uses tags (VLAN IDs) carried inside LAN frames to segregate traffic and keep it separated. VLAN tags let 802.1Q-capable devices like switches, APs, routers, and firewalls enforce VLAN segregation along the packet's entire path.
As described above, a wireless AP can be configured to apply a specific VLAN tag to each frame from a particular SSID. Or, wireless APs can receive VLAN tag assignments for each station during 802.1X authentication, supplied by a RADIUS server using RFC 3580. This technique can put individual users into the right VLAN, based on authenticated identity instead of the SSID they connect to.
VLANs can be extended all the way across an enterprise network, from branch office, across the WAN, to headquarters. A VLAN tag does not traverse this entire route because VLANs only apply to local area networks. However, routers and firewalls along the way can be configured to map VLAN tags onto network sub-interfaces.
For example, traffic from VLAN #1 might be routed onto VPN tunnel A as it traverses the Internet, while traffic from VLAN #2 would be routed through VPN tunnel B, etc. Traffic through both VPN tunnels would probably be transmitted over the same WAN link in between locations. In other words, VPN tunnels can keep layer 3 traffic segregated over IP networks, just like VLANs keep layer 2 traffic segregated over LANs.
2009年11月12日 星期四
2009年11月10日 星期二
Media Access Control
The Media Access Control (MAC) data communication protocol sub-layer, also known as the Medium Access Control, is a sublayer of the Data Link Layer specified in the seven-layer OSI model (layer 2). It provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multipoint network, typically a local area network (LAN) or metropolitan area network (MAN). The hardware that implements the MAC is referred to as a Medium Access Controller.
The MAC sub-layer acts as an interface between the Logical Link Control (LLC) sublayer and the network's physical layer. The MAC layer emulates a full-duplex logical communication channel in a multipoint network. This channel may provide unicast, multicast or broadcast communication service.
Addressing mechanism
The MAC layer addressing mechanism is called physical address or MAC address. A MAC address is a unique serial number. Once a MAC address has been assigned to a particular piece of network hardware (at time of manufacture), that device should be uniquely identifiable amongst all other network devices in the world. This guarantees that each device in a network will have a different MAC address (analogous to a street address). This makes it possible for data packets to be delivered to a destination within a subnetwork, i.e. a physical network consisting of several network segments interconnected by repeaters, hubs, bridges and switches, but not by IP routers. An IP router may interconnect several subnets.
An example of a physical network is an Ethernet network, perhaps extended by wireless local area network (WLAN) access points and WLAN network adapters, since these share the same 48-bit MAC address hierarchy as Ethernet.
A MAC layer is not required in full-duplex point-to-point communication, but address fields are included in some point-to-point protocols for compatibility reasons.
Channel access control mechanism
The channel access control mechanisms provided by the MAC layer are also known as a multiple access protocol. This makes it possible for several stations connected to the same physical medium to share it. Examples of shared physical media are bus networks, ring networks, hub networks, wireless networks and half-duplex point-to-point links. The multiple access protocol may detect or avoid data packet collisions if a packet mode contention based channel access method is used, or reserve resources to establish a logical channel if a circuit switched or channelization based channel access method is used. The channel access control mechanism relies on a physical layer multiplex scheme.
The most widespread multiple access protocol is the contention based CSMA/CD protocol used in Ethernet networks. This mechanism is only utilized within a network collision domain, for example an Ethernet bus network or a hub network. An Ethernet network may be divided into several collision domains, interconnected by bridges and switches.
A multiple access protocol is not required in a switched full-duplex network, such as today's switched Ethernet networks, but is often available in the equipment for compatibility reasons.
The MAC sub-layer acts as an interface between the Logical Link Control (LLC) sublayer and the network's physical layer. The MAC layer emulates a full-duplex logical communication channel in a multipoint network. This channel may provide unicast, multicast or broadcast communication service.
Addressing mechanism
The MAC layer addressing mechanism is called physical address or MAC address. A MAC address is a unique serial number. Once a MAC address has been assigned to a particular piece of network hardware (at time of manufacture), that device should be uniquely identifiable amongst all other network devices in the world. This guarantees that each device in a network will have a different MAC address (analogous to a street address). This makes it possible for data packets to be delivered to a destination within a subnetwork, i.e. a physical network consisting of several network segments interconnected by repeaters, hubs, bridges and switches, but not by IP routers. An IP router may interconnect several subnets.
An example of a physical network is an Ethernet network, perhaps extended by wireless local area network (WLAN) access points and WLAN network adapters, since these share the same 48-bit MAC address hierarchy as Ethernet.
A MAC layer is not required in full-duplex point-to-point communication, but address fields are included in some point-to-point protocols for compatibility reasons.
Channel access control mechanism
The channel access control mechanisms provided by the MAC layer are also known as a multiple access protocol. This makes it possible for several stations connected to the same physical medium to share it. Examples of shared physical media are bus networks, ring networks, hub networks, wireless networks and half-duplex point-to-point links. The multiple access protocol may detect or avoid data packet collisions if a packet mode contention based channel access method is used, or reserve resources to establish a logical channel if a circuit switched or channelization based channel access method is used. The channel access control mechanism relies on a physical layer multiplex scheme.
The most widespread multiple access protocol is the contention based CSMA/CD protocol used in Ethernet networks. This mechanism is only utilized within a network collision domain, for example an Ethernet bus network or a hub network. An Ethernet network may be divided into several collision domains, interconnected by bridges and switches.
A multiple access protocol is not required in a switched full-duplex network, such as today's switched Ethernet networks, but is often available in the equipment for compatibility reasons.
Wireless ad hoc network
A wireless ad hoc network is a decentralized wireless network.[1] The network is ad hoc because it does not rely on a preexisting infrastructure, such as routers in wired networks or access points in managed (infrastructure) wireless networks. Instead, each node participates in routing by forwarding data for other nodes, and so the determination of which nodes forward data is made dynamically based on the network connectivity.
Application
The decentralized nature of wireless ad hoc networks makes them suitable for a variety of applications where central nodes can't be relied on, and may improve the scalability of wireless ad hoc networks compared to wireless managed networks, though theoretical and practical limits to the overall capacity of such networks have been identified.
Minimal configuration and quick deployment make ad hoc networks suitable for emergency situations like natural disasters or military conflicts. The presence of a dynamic and adaptive routing protocol will enable ad hoc networks to be formed quickly.
Medium Access Control
In most wireless ad hoc networks the nodes compete to access the shared wireless medium, often resulting in collisions. Using cooperative wireless communications improves immunity to interference by having the destination node combine self-interference and other-node interference to improve decoding of the desired signal.
Application
The decentralized nature of wireless ad hoc networks makes them suitable for a variety of applications where central nodes can't be relied on, and may improve the scalability of wireless ad hoc networks compared to wireless managed networks, though theoretical and practical limits to the overall capacity of such networks have been identified.
Minimal configuration and quick deployment make ad hoc networks suitable for emergency situations like natural disasters or military conflicts. The presence of a dynamic and adaptive routing protocol will enable ad hoc networks to be formed quickly.
Medium Access Control
In most wireless ad hoc networks the nodes compete to access the shared wireless medium, often resulting in collisions. Using cooperative wireless communications improves immunity to interference by having the destination node combine self-interference and other-node interference to improve decoding of the desired signal.
802.3 MAC Frame
A data packet on the wire is called a frame. A frame viewed on the actual physical wire would show Preamble and Start Frame Delimiter, in addition to the other data. These are required by all physical hardware.
The table below shows the complete Ethernet frame, as transmitted, for the MTU of 1500 bytes (some implementations of gigabit Ethernet and higher speeds support larger jumbo frames). Note that the bit patterns in the preamble and start of frame delimiter are written as bit strings, with the first bit transmitted on the left (not as byte values, which in Ethernet are transmitted least significant bit first). This notation matches the one used in the IEEE 802.3 standard. One octet is eight bits of data (i.e., a byte on most modern computers).
Wiki Frame format
The table below shows the complete Ethernet frame, as transmitted, for the MTU of 1500 bytes (some implementations of gigabit Ethernet and higher speeds support larger jumbo frames). Note that the bit patterns in the preamble and start of frame delimiter are written as bit strings, with the first bit transmitted on the left (not as byte values, which in Ethernet are transmitted least significant bit first). This notation matches the one used in the IEEE 802.3 standard. One octet is eight bits of data (i.e., a byte on most modern computers).
Wiki Frame format
2009年11月9日 星期一
Quality of service
In the field of computer networking and other packet-switched telecommunication networks, the traffic engineering term quality of service (QoS) refers to resource reservation control mechanisms rather than the achieved service quality. Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow.
For example, a required bit rate, delay, jitter, packet dropping probability and/or bit error rate may be guaranteed. Quality of service guarantees are important if the network capacity is insufficient, especially for real-time streaming multimedia applications such as voice over IP, online games and IP-TV, since these often require fixed bit rate and are delay sensitive, and in networks where the capacity is a limited resource, for example in cellular data communication. In the absence of network congestion, QoS mechanisms are not required.
A network or protocol that supports QoS may agree on a traffic contract with the application software and reserve capacity in the network nodes, for example during a session establishment phase. During the session it may monitor the achieved level of performance, for example the data rate and delay, and dynamically control scheduling priorities in the network nodes. It may release the reserved capacity during a tear down phase.
For example, a required bit rate, delay, jitter, packet dropping probability and/or bit error rate may be guaranteed. Quality of service guarantees are important if the network capacity is insufficient, especially for real-time streaming multimedia applications such as voice over IP, online games and IP-TV, since these often require fixed bit rate and are delay sensitive, and in networks where the capacity is a limited resource, for example in cellular data communication. In the absence of network congestion, QoS mechanisms are not required.
A network or protocol that supports QoS may agree on a traffic contract with the application software and reserve capacity in the network nodes, for example during a session establishment phase. During the session it may monitor the achieved level of performance, for example the data rate and delay, and dynamically control scheduling priorities in the network nodes. It may release the reserved capacity during a tear down phase.
Dealing with multiple clients
CSMA/CD shared medium Ethernet
Ethernet originally used a shared coaxial cable (the shared medium) winding around a building or campus to every attached machine. A scheme known as carrier sense multiple access with collision detection (CSMA/CD) governed the way the computers shared the channel. This scheme was simpler than the competing token ring or token bus technologies. When a computer wanted to send some information, it used the following algorithm:
Main procedure
1.Frame ready for transmission.
2.Is medium idle? If not, wait until it becomes ready and wait the interframe gap period (9.6 µs in 10 Mbit/s Ethernet).
3.Start transmitting.
4.Did a collision occur? If so, go to collision detected procedure.
5.Reset retransmission counters and end frame transmission.
Collision detected procedure
1.Continue transmission until minimum packet time is reached (jam signal) to ensure that all receivers detect the collision.
2.Increment retransmission counter.
3.Was the maximum number of transmission attempts reached? If so, abort transmission.
4.Calculate and wait random backoff period based on number of collision
5.Re-enter main procedure at stage 1.
This can be likened to what happens at a dinner party, where all the guests talk to each other through a common medium (the air). Before speaking, each guest politely waits for the current speaker to finish. If two guests start speaking at the same time, both stop and wait for short, random periods of time (in Ethernet, this time is generally measured in microseconds). The hope is that by each choosing a random period of time, both guests will not choose the same time to try to speak again, thus avoiding another collision. Exponentially increasing back-off times (determined using the truncated binary exponential backoff algorithm) are used when there is more than one failed attempt to transmit.
Ethernet originally used a shared coaxial cable (the shared medium) winding around a building or campus to every attached machine. A scheme known as carrier sense multiple access with collision detection (CSMA/CD) governed the way the computers shared the channel. This scheme was simpler than the competing token ring or token bus technologies. When a computer wanted to send some information, it used the following algorithm:
Main procedure
1.Frame ready for transmission.
2.Is medium idle? If not, wait until it becomes ready and wait the interframe gap period (9.6 µs in 10 Mbit/s Ethernet).
3.Start transmitting.
4.Did a collision occur? If so, go to collision detected procedure.
5.Reset retransmission counters and end frame transmission.
Collision detected procedure
1.Continue transmission until minimum packet time is reached (jam signal) to ensure that all receivers detect the collision.
2.Increment retransmission counter.
3.Was the maximum number of transmission attempts reached? If so, abort transmission.
4.Calculate and wait random backoff period based on number of collision
5.Re-enter main procedure at stage 1.
This can be likened to what happens at a dinner party, where all the guests talk to each other through a common medium (the air). Before speaking, each guest politely waits for the current speaker to finish. If two guests start speaking at the same time, both stop and wait for short, random periods of time (in Ethernet, this time is generally measured in microseconds). The hope is that by each choosing a random period of time, both guests will not choose the same time to try to speak again, thus avoiding another collision. Exponentially increasing back-off times (determined using the truncated binary exponential backoff algorithm) are used when there is more than one failed attempt to transmit.
訂閱:
意見 (Atom)