Communication of devices in IP networks
Hello!
Let's take a look at how two computers can transmit information to each other in IPv4 networks. Yes, we will only talk about the fourth version of IP, we will not touch the sixth, after all, these are the basic basics.
For one computer to send data and another computer to receive it, one of two conditions must be met:
Both computers have IP addresses in the same IP network and are in the same broadcast domain.
Both computers know the route to the subnet of their "interlocutor" and there is a configured router(s) between them.
Let's take a closer look at the first condition. First, we need the IP addresses of both computers to be on the same subnet. What does it mean? Remember, please, what parameters you enter in the network settings: address, netmask, default gateway. Let's look at an example (so far without gateways).
First computer
Address: 192.168.0.10
Net mask: 255.255.255.0
Second computer
Address: 192.168.0.11
Net mask: 255.255.255.0
As we can see, both the address and netmask are divided into four parts. Each part is one byte with possible values from 0 to 255. If we translate the number 255 into the binary system, then we get a number of eight units in a row (11111111), and zero will remain zero (00000000). "Why should I know this?!" - you may ask. In order to understand how the network address is obtained from the IP address of a computer and its netmask. Don't run away from the screen, please, there will be pictures soon. Honestly!
Let's quickly calculate these network addresses for our example and find out why they are needed. To do this, we need to perform a "bit logical and" operation of each byte of the IP address with the corresponding byte of the netmask. If you do not know how this operation works, then here is a small hint (and you can calculate more complex examples on the calculator in the "programmer" mode):
X & 255 = X;
X & 0 = 0.
Let’s write this for out example:
Network address 1 = (192 & 255).(168 & 255).(0 & 255).(10 & 0) = 192.168.0.0
Network address 2 = (192 & 255).(168 & 255).(0 & 255).(11 & 0) = 192.168.0.0
As you can see, both network addresses are the same, which means that the data sent by computer 1 will be accepted by computer 2 as data from the correct source to the correct destination. That is, the data exchange will be possible.
Now let's move on to the second part of our condition – our computers must be in the same broadcast domain. In fact, this means that no device in between will block their data. For example, if you connect one computer to the WAN port of your home router, and the second to the LAN port, then the first will not be able to start a connection with the second on its own initiative (and they will have addresses from different networks). This is due to the fact that the router does not allow information to be distributed freely – it controls it. If you connect both computers to the LAN ports of your router, then they can exchange data without any problems.
To put it simply, computers should be able to send data to each other directly. The term itself, however, assumes that computers will be able to receive broadcast packets from each other. Broadcast packets are data that, according to their sender, everyone should know. For example, “I’m online now” or “who has the address 192.168.0.11, please reply urgently to the address 192.168.0.10”.
And now about routing. If it so happened that the addresses of computers networks do not match, then they have no right to send data to each other directly. They must first send them to their router, and that router must already think about what to do with this data. In the simplest case, we have only one router on the computer's network – the default gateway. The address of this default gateway must be on the same network as the computer, otherwise the computer will not be able to send anything even to the gateway itself. It is important not to forget that the gateway must be configured on both the first and second computers, otherwise data exchange will not work.
It doesn't have to be a default gateway. It is acceptable to configure multiple routers on a network that can send data to different networks. It will only be necessary to enter them into the routing table on each computer.
Virtual Local Area Networks (VLAN)
Virtual Local Area Networks (VLAN) – it is a way of combining computers into different broadcast domains. That is, we take our network of, for example, one hundred computers, and divide it into two parts, 50 computers in each. After that, without the help of routers (gateways), only two independent groups of 50 computers will be able to communicate inside themselves. And for communication between groups (VLANs), they will send data to routers, routers will send them to another group from their ports, which have an address in the desired network (do not worry for now, if you don’t understand anything, then I will explain in more detail).
Dumb Mode Switches
If we do not configure the switches to which the computers are connected in any way, then they will not use VLANs (in fact, they will treat all devices as devices in VLAN 1).
Connecting without configuring a VLAN on the switch
In this case, the computers from our example will fall into the same broadcast domain and will be able to communicate with each other.
Huawei Switch Port Modes
If we firmly decided to divide and rule, then we will have to first explain to the switch which computers are in which VLAN. Let's consider the simplest way – assigning a VLAN for a switch interface. We have three standard port type options: Access, Trunk and Hybrid. The operating mode of the interface is changed with the command:
port link-type {access | trunk | hybrid}
As soon as you change the operating mode of the interface, be prepared for the fact that communication on this interface may be cut off. That is, if you connected to the switch remotely and configure its interface through which, in fact, you connect to it, be prepared to run to it to correct the configuration on site or reboot it.
Let's consider in detail the types of ports. Let's start with Access.
Access operating mode
In this mode, we tell the switch which VLAN the devices that connect to a specific interface should belong to. In the example above, the switch is configured so that the first interface and all devices connected to it belong to VLAN 10 (VLAN number "10"). And the fourth interface, with all its devices, is assigned to VLAN 20. As we can see, before the data gets into the switch, they do not belong to any VLAN, and the switch already "puts tags on them."
After the data inside the switch was tagged with VLAN tags, they can no longer just take and move from one VLAN to another. Therefore, our computers will not be able to send memes with cats and Boromir to each other. Sorry!
Configuring such interfaces on a Huawei switch looks like this (it needs to be done in the interface configuration mode):
port link-type access // select the interface operation mode port default vlan <VLAN number> // assign the VLAN number for the interface port discard tagged-packet // if you run this command, then all data that comes to the interface with already tagged VLAN tags will be deleted
Let's look at a more complex scheme with ports in Trunk mode.
Trunk Port Switching Diagram
We can see the already familiar Access ports to which computers are connected. VLAN tags are added to data from computers inside the switch. The switches are connected to each other using ports in Trunk mode. This is a special port mode for connecting switches together. It assumes that data will be transmitted with an indication of which VLAN it belongs to. This is called tagged traffic. Using these ports, you can transmit traffic together from several VLANs at once. And them won't mix because every data packet is signed with a VLAN tag.
In our example, the left switch is configured so that it is ready to send and receive data from the right switch in two VLANs – the second and the third. And the right switch is ready to work only with the second VLAN. Thus, the left switch will send all data from VLANs 2 and 3 to the right one and process the received traffic in the same VLANs. And the right one will do this only with VLAN 2. As a result, the exchange will be carried out only within VLAN 2.
Consider the data path from the first computer to the second:
The data packet from the computer 192.168.0.10 goes to the left switch.
The left switch tags this packet as VLAN 2.
Having read to whom the packet is addressed, the switch decides that it needs to be sent through the fourth interface.
The packet leaves the left switch along with the VLAN 2 tag and enters the first port of the right switch.
The right switch checks the VLAN tag of the incoming packet. It is on the allowed list, so the packet is accepted.
The packet enters the switch along with its VLAN 2 tag.
Having read to whom the packet is addressed, the switch decides that it needs to be sent through the fourth interface.
Since the VLAN tag of the packet matches the VLAN of the fourth port, it is successfully sent through it to the addressee. Before that, the VLAN tag is removed from it.
Configuring an interface in Trunk mode on Huawei switches:
port link-type trunk // tell the switch the interface mode port trunk allow-pass vlan <List of allowed VLANs> // We tell which VLANs are allowed port trunk pvid vlan <VLAN number> // This tag will be assigned to packets that arrive without a VLAN tag
Now quickly story about the Hybrid. By default, all interfaces on the Huawei switch will be in this mode. The Hybrid mode allows you to customize the interface most flexibly, combining the capabilities of Access and Trunk. And even a little more! To understand it better, let's take a look at its configuration:
port link-type hybrid // tell the switch the interface mode port hybrid untagged vlan <List of untagged VLANs> // data from this VLAN list will be sent without specifying VLAN tag port hybrid tagged vlan <VLAN tagged list> // data from this VLAN list will be sent with VLAN tags port hybrid pvid vlan <VLAN number> // This tag will be assigned to packets that arrive without a VLAN tag
Static routing via VLANIF
Let's imagine that we have divided our network into several VLANs. Let's consider how computers communicate with each other now. First of all, remember that they definitely need a router for this. Even a switch from Huawei S1700 series can also act as a router. Its task will be to receive packets in one VLAN and send them to another VLAN.
VLANIF routing scheme
In order for everything to work, you need to configure special VLANIF virtual interfaces on the switch, which we will designate as a router. These are software interfaces that are, as it were, connected to a network with their own VLAN. VLANIF 1 is connected to VLAN 1, VLANIF 2 is connected to VLAN 2, and so on. These interfaces can be assigned IP addresses (with network masks). Once you do this, the switch will automatically be able to forward data from one VLAN where it has an IP address to others (where it also has IP addresses). All that remains is to configure the computers so that the corresponding switch VLAN address (VLANIF address) is specified as the default gateway. Do not forget to do this on all computers, otherwise the data can only go in one direction. Each computer participating in the exchange of information must know the address of its gateway. Configuration on Huawei switches:
interface vlanif <VLAN number> // specify which interface to configure description <Interface description> // in order not to forget what it is – you can add a description ip address <IP-address> <mask in the form of X.X.X.X or its length in bits> // specify the address
This configuration will be sufficient to transfer information within the local network. But if you need communication with other networks or the Internet, you need to configure the routing table on the switch router. In fact, it will route all the data that came to it if it knows where it can be sent. Between VLANs, he learns this by the parameters of the VLANIF addresses. However, you can add additional routing entries. Consider only static ones (you can read in detail in the documentation).
ip route-static <destination IP> <destination network mask or its length> <gateway IP address>
Example for setting the default gateway on a Huawei switch:
ip route-static 0.0.0.0 0 192.168.0.10
After we enter this command, the switch will send all packets that it “could not attach anywhere” to the 192.168.0.10 gateway. But if it finds a more specific route (that is, with a longer netmask), it will use it.
