Cisco: Bridge

From OnnoWiki
Revision as of 07:11, 24 December 2018 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

sumber: https://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html


Agar VLAN memperluas span router, router harus mampu meneruskan frame dari satu interface ke interface lainnya, sambil mempertahankan header VLAN. Jika router dikonfigurasikan untuk merutekan protokol Layer 3 (layer jaringan), itu akan menghentikan lapisan VLAN dan MAC pada interface di mana frame tersebut tiba. Header layer MAC dapat dipertahankan jika router melakukan bridging protokol lapisan jaringan. Namun, bridging biasa masih mengakhiri header VLAN. Menggunakan fitur IRB di Cisco IOS® Release 11.2 atau lebih tinggi, sebuah router dapat dikonfigurasikan untuk routing dan melakukan bridging protokol layer jaringan yang sama pada interface yang sama. Ini memungkinkan header VLAN dipertahankan pada frame saat transit router dari satu interface ke interface lainnya. IRB menyediakan kemampuan untuk merutekan antara domain yang di bridging dan domain yang dirutekan dengan Bridge Group Virtual Interface (BVI). BVI adalah antarmuka virtual di dalam router yang bertindak seperti interface yang diarahkan secara normal yang tidak mendukung bridging, tetapi mewakili kelompok bridge yang sebanding dengan interface yang diarahkan di router. Nomor interface BVI adalah nomor group bridge yang diwakili oleh interface virtual. Nomor tersebut adalah tautan antara BVI dan grup bridge.

Saat mengonfigurasi dan mengaktifkan routing BVI, paket yang masuk pada interface yang dituju, yang diperuntukkan bagi host di segmen dalam bridge group, akan dialihkan ke BVI. Dari BVI, paket diteruskan ke bridge engine, yang meneruskannya melalui interface bridge. Ini diteruskan berdasarkan alamat MAC tujuan. Demikian pula, paket-paket yang datang pada interface yang di di bridgedi, tetapi ditujukan untuk host pada jaringan yang dituju, pertama-tama dikirim ke BVI. Selanjutnya, BVI meneruskan paket-paket ke mesin routing sebelum mengirimnya keluar dari interface yang diarahkan. Pada satu interface fisik, IRB dapat dibuat dengan dua sub-antarmuka VLAN (penandaan 802.1Q); satu sub-antarmuka VLAN memiliki alamat IP yang digunakan untuk routing, dan sub-interface VLAN lainnya mem-bridge antara sub-interface yang digunakan untuk routing dan interface fisik lainnya pada router.

Karena BVI mewakili bridge group sebagai interface yang diarahkan, itu harus dikonfigurasi hanya dengan karakteristik Layer 3 (L3), seperti alamat network layer. Demikian pula, interface yang dikonfigurasi untuk mem-bridging protokol tidak boleh dikonfigurasi dengan karakteristik L3.

VLAN Routing and Bridging Concept with IRB

In Figure I, PCs A and B are connected to VLANs that are in turn separated by a router. This illustrates the common misconception that a single VLAN can have a router-based connection in the middle.

router_vlan1.gif

This figure also shows the flow of the three layers of headers for a frame traversing the links from PC A to PC B.

As the frame flows through the switch, the VLAN header is applied because the connection is a trunk link. There may be several VLANs communicating across the trunk.

The router terminates the VLAN layer and the MAC layer. It examines the destination IP address and forwards the frame appropriately. In this case, the IP frame is to be forwarded out of the port toward PC B. This is also a VLAN trunk and so a VLAN header is applied.

Although the VLAN connecting Switch 2 to the router can be called the same number as the VLAN connecting Switch 1 to the router, it is actually not the same VLAN. The original VLAN header is removed when the frame arrives at the router. A new header may be applied as the frame exits the router. This new header may include the same VLAN number that was used in the VLAN header that was stripped when the frame arrived. This is demonstrated by the fact that the IP frame moved through the router without a VLAN header attached, and was forwarded based on the contents of the IP destination address field, and not on a VLAN ID field.

Because the two VLAN trunks sit on opposite sides of the router, they must be different IP subnets.

In order for the two PCs to have the same subnet address, the router would have to be bridging IP on its interfaces. However, having the devices on VLANs share a common subnet does not mean that they are on the same VLAN.

Figure II shows what the VLAN topology looks like.

router_vlan2.gif

The need to readdress IP end stations during moves can be avoided by bridging IP on some or all interfaces in the router connecting the VLANs. However, this eliminates all of the benefits of building router-based networks to control broadcasts at the network layer. Figure III shows what changes occur when the router is configured for bridging IP. Figure IV shows what happens when the router is configured for bridging IP with IRB.

Figure III shows that the router is now bridging IP. Both PCs are now on the same subnet.

Note: The router (bridge) now forwards the MAC layer header across to the outward-bound interface. The router still terminates the VLAN header and applies a new header prior to sending the frame out to PC B.

router_vlan3.gif

Figure IV shows what happens when IRB is configured. The VLAN now spans the router, and the VLAN header is maintained as the frame transits the router.

router_vlan4.gif IRB Sample Configuration

This configuration is an example of IRB. The configuration allows bridging IP between two Ethernet interfaces, and routing IP from bridged interfaces using a Bridged Virtual Interface (BVI). In the following network diagram, when PC_A attempts to contact PC_B, the router R1 detects that the destination's (PC_B) IP address is in the same subnet, so the packets are bridged by router R1 between interface E0 and E1. When PC_A or PC_B attempt to contact PC_C, the router R1 detects that the destination's (PC_C) IP address is in a different subnet, and the packet is routed using the BVI. This way, IP protocol is bridged as well as routed on the same router. Network Diagram

router_vlan5.gif Configuration Sample Configuration

Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R1 ! ! ip subnet-zero no ip domain-lookup bridge irb

!-- This command enables the IRB feature on this router.

! ! ! interface Ethernet0 no ip address no ip directed-broadcast bridge-group 1

!-- The interface E0 is in bridge-group 1.

! Interface Ethernet1 no ip address no ip directed-broadcast bridge-group 1

!-- The interface E1 is in bridge-group 1.

! Interface Serial0 ip address 10.10.20.1 255.255.255.0 no ip directed-broadcast no ip mroute-cache no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown ! interface BVI1 ip address 10.10.10.1 255.255.255.0

!-- An ip address is assigned to the logical BVI for routing


!-- IP between bridged interfaces and routed interfaces.

no ip directed-broadcast ! ip classless ip route 10.10.30.0 255.255.255.0 10.10.20.2 ! bridge 1 protocol ieee

!-- This command enables the bridging on this router.

bridge 1 route ip

!-- This command enable bridging as well routing for IP protocol.

! line con 0 transport input none line aux 0 line vty 0 4 ! end

show Command Outputs

show interfaces [interface] irb

This command displays the protocols that can be routed or bridged for the specified interface, as follows:

   R1#show interface e0 irb



Referensi


Pranala Menarik