Last time, we learned how to set up a dormitory LAN through the physical layer and the link layer through the requirement of playing warcraft online in the dormitory. Today, let’s switch to a slightly more complicated scene, the office.

In this scene, unlike in the dormitory, get a few lines, pull a pull, pull a pull can be. Each person in an office has one network port, or more if you count the entire floor or even the entire building.

Topology is a technical term for the wiring of networks in complex scenarios such as offices.

What is topology?

Before we explain topology, we need to understand what topology is. Topology is the transliteration of Topology. The literal translation of Topology is geography, which originally refers to the study of landforms and geomorphology. It is now the study of properties of a geometric figure or space that remain unchanged after continuous changes in shape.

The topological structure of computer network refers to the method of topology to study the relationship between point and line, which has nothing to do with size and shape. The computer and communication equipment in the network are abstracted as a point, and the transmission medium is abstracted as a line. The geometric figure composed of points and lines is the topological structure of computer network.

The formation of the office topology

As mentioned above, each office will have dozens or even hundreds of network ports. At this point, one switch is definitely not enough, and multiple switch connections form a slightly complex topology.

Let’s start with two switches. The two switches are connected to three Lans, each with multiple machines. If machine 1 only knows the IP address of machine 4, it must know the MAC address of machine 4 when it wants to send packets to machine 4. Let’s look at the process:

  • Machine 1 broadcasts, and machine 2 and switch A receive the broadcast. When Machine 2 received the broadcast, it knew it was not for him, so it had nothing to do.
  • Switch A does not know any topology information at first. After receiving the broadcast, switch A adopts the policy of forwarding the broadcast packet to all other ports in addition to the direction from which it came.
  • Machine 3 and switch B receive the broadcast message, and machine 3 also knows that it has nothing to do with it.
  • Switch B receives the broadcast message and at this point does not know any topology information, so it also broadcasts and forwards the packet to LAN 3, machines 4 and 5.
  • Machine 4 receives a broadcast and, realizing it is for it, responds, “This is for me. My MAC address is XXX.”

After machine 1 receives machine 4’s MAC address, an ARP request completes successfully.

In the above process, both switch A and switch B can learn the following information:

  • Machine 1 is this port on the left.

When this information is known, if machine 2 visits machine 1 and machine 2 makes an ARP request to obtain the MAC address of machine 1, the broadcast message is sent to machine 1 and switch A. At this point switch A already knows that machine 1 is the nic on the left, so it does not broadcast requests to Lans 2 and 3.

In this way, after all the topology information is learned, the two switches work better and better.

But as offices get bigger, there will be more and more switches. When the topology is complex and there are so many network cables going around, it’s inevitable that some unexpected problems will occur. The most common problem is loop problems.

Loop and broadcast storm

The diagram below. Do you know what happens when two switch loops connect two Lans?

So let’s imagine machine 1 accessing machine 2.

  • Machine 1 initiates an ARP broadcast
  • Machine 2 receives the broadcast and returns the MAC address.

Gee, the whole process went smoothly, no problem.

But we neglected to note that both switches can also receive broadcast packets. Let’s look at the broadcast process of two switches:

  1. Switch A does not know the topology information at first and broadcasts the information to LAN 2
  2. The message is broadcast on LAN 2, the right nic of switch B receives the broadcast message and puts the message on LAN 1
  3. The message is broadcast on LAN 1. The left network port of switch A receives the message and puts the broadcast message on LAN 2
  4. .

Can you see that? This will create a loop that will eventually become a broadcast storm until the network crashes.

In the above process, some people may say, after the two switches gradually learn the topology, is it ok? Let’s take a look at how they learn:

  1. On LAN 1, after receiving broadcast packets from machine 1, switches A and B know that machine 1 is on the left network port
  2. When the broadcast was placed on LAN 2, the right port of switch B received the broadcast packet from machine 1, so it misunderstood that machine 1 changed its position and remembered that machine 1 was on the right port, so the information learned before was cleared
  3. Similarly, the right network port of switch A received the broadcast packet from machine 1 and also misunderstood it, so it also learned that machine 1 was on the right network port, not the left network port

In this way, the two switching opportunities constantly refresh the “three views”, machine 1 is in the left network port, after a while, found wrong, machine 1 is in the right network port, after a while, found wrong, is in the left network port. Thus, another “broadcast storm” was formed.

So, what’s the solution to the loop problem? This is where STP comes in.

Difficult concepts in STP

In data structures, there is a method called minimum spanning tree. A ring is often called a graph. By breaking the ring in the graph, the tree is generated. On a computer network, the Spanning Tree Protocol (STP) algorithm is used.

STP protocol is complicated and difficult to understand at the beginning. Let’s take a look at the spanning tree process by deciding the leader of the Wuyue Alliance through Huashan Sword.

STP has a lot of concepts that are difficult to translate. Let’s use the position of the class to help you understand.

  • Root Bridge, also known as the Root switch. Can be likened to a “master” switch, is the boss of a tree.
  • Designated Bridge is a Designated switch. This is difficult to understand, you can think of it as a “little brother”, for a tree, is a branch of a tree. The so-called “designated” means that I am the elder brother of the switch and other switches reach the root switch through this switch, which is equivalent to the elder brother of the switch. This is the branch, not the leaf, because the leaf is often the host.
  • Bridge Protocol Data Units (BPDUs) It can be likened to an agreement to compare strengths. Walking rivers and lakes, than is martial arts, spelling is strength. When two switches meet, that is, when connected, they need to compare internal forces with each other. Only the master can send bPDUs. Switches belonging to a master can only send instructions from the master.
  • Priority Vector: a Priority Vector. It can be likened to strength (the smaller the ox). What is strength? Is a set of ids, Root Bridge ID, Root Path Cost, Bridge ID, and Port ID. Why is it designed this way? This is because it depends on how to compete. The Root Bridge ID is the same as the elder brother ID. Compare the Root Path Cost, that is, the distance between me and my boss, that is, compare the relationship with the boss to see who has a close relationship with the boss in the same faction. Finally, compare Bridge ID, compare my own ID, compare my own ability.

With the concepts in place, let’s take a look at how STP works.

STP working process

At the beginning, the river’s lake disputes, abnormal chaos. Everyone felt that he was in charge, and no one would accept him. Therefore, all switches consider themselves masters, and each bridge is assigned an ID. This ID contains the priority assigned by the administrator. Of course, the administrator assigns a higher priority to the switches as specified by the administrator. This kind of exchange was born with high martial arts, starting is Qiao Feng.

Since we are both masters, we can send BPDU to each other. This ratio is found, someone is Yue Not group, someone is uneven seal. The winner will be the boss, and the loser will have to be the junior. When the leader will continue to send BPDUs, and the loser has no chance, they can only forward the BPDUs sent by the leader to show obedience.

The number indicates the priority. Just like in the picture above, 5 meets 6, and 6 has a lower priority (the smaller the number, the higher the priority), so be a good boy. Thus, a small school formed, 5 is the leader, 6 is the younger brother. Other smaller groups such as 1-7, 2-8 and 3-4 were also born. Then, these smaller factions merge with each other.

The process of merging can occur in four ways.

Situation one: Master meets master

When 5 meets 1, the master meets the master, 1 feels that he is the master, 5 has just PK with others, become the master. The two masters competed in kung fu, and 1 won, so 5 led all the younger brothers to submit. The result is a successful boss.

Case two: Meet at the same door

The encounter of the same door can be the encounter of the master and his younger brother, which shows the existence of a “ring”. This younger brother has been through other doors to worship under your door, the results you do not know, but also PK. As a result, the boss found that the younger brother’s kung fu is good, and should not be so low, he recruited it to the door personally, and that the younger brother is equivalent to a promotion.

Let’s see, let’s say 1 meets 6. 6 is the boss of 1, but 6 is the boss of 5, and 5 is the boss of 1. 1 finds that 6 is only 2 away from me, much closer than 5 (=4+1) coming from 5, so 6 reports to me directly. So, 5 and 6 report to 1.

Same door meet also can be the younger brother meet. This is the time to compare who is close to the boss. Close when big brother. Just now, 5 and 6 reported to 1 at the same time. Later, when 5 and 6 met and had a competition, they found that if 5 reported directly to 1, the distance was 4. If 5 reported to 6 and then to 1, the distance was only 2+1=3.

Situation three: the boss meets with other gang members

The younger brother took this to help the leader and the leader than, won, the leader will worship under the entry, lost, will worship the new leader, and the main key to draw and their connected brothers, together “turn over”.

For example, when 2 meets 7, although 7 is the younger brother and 2 is the master, 2 is better than 7 in terms of individual martial arts skills, but 7’s master is 1 and superior to 2, so 2 has no choice but to worship 7’s school and worship his younger brother together.

Situation four: Different younger brothers meet

Take the master to compare, the lost worship into the winning faction, and gradually pull their brothers connected to the new faction.

For example, 5 meets 4. Although 4 is better than 5 in martial arts, 5’s leader is 1, which is better than 4, so 4 is a disciple of 5. Later, when 3 and 4 met, 3 found that 4 had “defected”, 4 said, “NOW I am the boss of 1, better than you, why don’t you join me?” so 3 also worshiped 1.

The most red, the generation of a tree, Wu-Lin unification, the world peace. However, if the world is unified for a long time, there will be corresponding problems. Broadcasting and security issues are common.

Broadcasting and security issues

The machine is more, the switch is more, even if the switch is more intelligent than the Hub, but there is still a broadcasting problem. A lot of machines, related departments, unrelated departments, broadcast a lot of performance down.

Just like a company, when starting a business, more than ten people sit in a conference room, we can discuss things, very convenient. If it had been 50, all in a conference room, it would have been a real mess.

On the other hand, some departments in a company need to be kept confidential, such as the hr department, and promotions and raises will definitely be discussed. But if you’re in a broadcast domain, and you run into a programmer who can grab packets, you can look at sensitive unencrypted information.

To do that? What can we do? Separate departments, separate meeting rooms. Let’s see how.

There are two ways to divide. One is physical isolation. Each department has a separate meeting room. For the network, each department has a separate switch and a separate subnet. Routers are needed to communicate between departments.

The problem is that some departments have a large number of employees and some departments have a small number of employees. In addition, the number of employees in each department changes frequently. If each department has a separate switch, the number of network ports is wasted, but the number of network ports is insufficient.

At this point, the virtual quarantine comes out. Virtual isolation is often referred to as a VLAN, or virtual LOCAL area network.

With vlans, a switch can be connected to machines belonging to multiple Lans. How does the switch distinguish which machines belong to which LAN?

We only need to add a TAG to the original layer 2 header, which contains a VLAN ID with 12 bits in total and can be divided into 4096 vlans. For an ordinary office, this amount should be sufficient.

If we buy a switch that supports VLANS, the switch will recognize the VLAN ID when it removes the layer 2 header. In this way, only packets of the same VLAN are forwarded to each other. Packets of different vlans are invisible.

In this way, broadcasting and security problems can be solved.

Thus, we took care of the complex office network wiring with the switch and VALN.

Reference:

  1. Baidu Encyclopedia – Topology structure
  2. Liu Chao – Interesting discussion of network protocol series