IEEE 802.1Q

History and standardization

Before the standardization by the IEEE consortium, there were various proprietary tagged VLAN solutions such as Cisco's Inter-Switch Link Protocol (ISL) or 3Com's VLT (Virtual LAN Trunk) tagging, which have now been combined in the IEEE 802.1Q standard to form a manufacturer-independent standard . The standard describes a mechanism that allows several virtual networks to share a common physical or logical interface without compromising security aspects or enabling unhindered data exchange between the VLANs. The standardization has the advantage that all LAN switches in which 802.1Q is implemented can be integrated into a common virtual network structure and also exchange administrative information relating to the VLAN with one another.

Tags in the ethernet frame

802.1Q tag in an Ethernet frame

The 802.1Q standard defines data fields for VLAN tagging that are inserted into the data area of ​​an Ethernet packet. This has the advantage that older switches can usually also forward such packets. The inserted tag consists of four fields with a total length of 32 bits. Two bytes are used for the protocol ID, three bits for the priority field, one bit for the canonical format indicator and twelve bits for the VLAN ID.

The Protocol ID data field is always set to the value 8100 _hex for 802.1Q VLANs . This value is reserved. The following priority field regulates the priority of the Ethernet frame (see traffic shaping ).

The Canonical Format Indicator (CFI) is a 1-bit data field that ensures compatibility between Ethernet and Token Ring. This data field indicates whether the MAC address is in a recognized or unrecognized format. If the set bit has a 0, then it is not in accordance with the regulations, if it is 1 it is in accordance with the regulations. It is always set to 0 for Ethernet switches. If an Ethernet port receives a 1 as CFI information, the switch does not connect the tagging frame to a non-tagged port.

Function according to IEEE 802.1Q

A unique number is assigned to each VLAN. This number is called the VLAN ID. A device that belongs to the VLAN with ID = 1 can communicate with any other device in the same VLAN, but not with a device in another VLAN such as B. ID = 2, 3, ...

In order to differentiate between the VLANs, the Ethernet frame is expanded by four bytes (= 32 bits) according to IEEE 802.1Q . Of these, 12 bits are provided for the VLAN ID, so that (without using the canonical format bit) a total of 4096 - 2 = 4094 VLANs are possible (the VLAN IDs "0" and "4095" are reserved and not permitted).

• TPID - Tag Protocol Identifier: Fixed value 8100 _hex . Frame carries the 802.1Q / 802.1p tag information.
• TCI - Tag Control Information:
  • PCP - Priority Code Point: User priority information.
  • DEI - Drop Eligible Indicator: Can be used separately or in conjunction with PCP to indicate that frames can be dropped in the presence of congestion. (formerly CFI).
  • VID - VLAN identifier: Identification of the VLAN to which the frame belongs.

Prioritization with VLAN is also possible. One of 8 (3 bit) priorities can be specified for each frame ( IEEE 802.1p ). This makes it possible, for. B. to forward voice data preferentially, while HTTP data is slowed down. This functionality is becoming more and more important , especially in relation to the increasing use of VoIP (IP telephony). In this way, interference when telephoning can be avoided even with a 'limited' bandwidth. (see also Quality of Service )

Switch types

• Older switches : They do not evaluate VLAN tags, but can as a rule - since all OSI Layer 2 information is set normally for all tagged packets according to 802.1Q and the tag is in the data area from a Layer 2 point of view - but anyway Forward packets with set VLAN tags.
• Simple switches without a management interface: Current models understand the meaning of the VLAN tags and process the tags correctly; they work in the so-called automatic learning mode, but cannot define any tagging functions themselves (no tag insert or remove).
• Manageable devices: Such switches understand the meaning of the VLAN tags and process the tags correctly; you can also define tagging functions yourself (tag insert, tag remove). Of course, these switches also optionally work in automatic learning mode (see above). Older and other, even not 802.1Q VLAN-capable end devices can only be operated on such switches within a VLAN infrastructure.

Types of LAN cards

• Simple and older cards: these cannot handle VLAN tags, either due to hardware restrictions or due to a lack of software; they will discard packets with VLAN tags set. Therefore, these cards must be connected to 802.1Q-enabled switches, which can analyze tags and remove and insert them if necessary.
• Higher-quality cards: These were previously mainly used in the server area. Current 100 Mbit and Gigabit cards are usually VLAN-capable. A suitable, VLAN-capable operating system (current list of operating systems such as AIX , Solaris or Linux , current Windows Server editions and many more) and suitable drivers provided, these cards can also handle VLAN tags (tag detect, insert, remove ) and process them correctly.

Remarks

1. ↑ CFI - Canonical Format Indicator: Value 0: the format of the MAC addresses was canonical ( LSB first); Value 1: Format was non-canonical. Use in the token ring / source-routed FDDI media access to identify the bit or address information of the encapsulated frame. For Ethernet switches it should always be set to "0". It would also be used for compatibility between Ethernet and Token Ring. If this bit was set to "1" in the Ethernet, it should not be output to an untagged port.

literature

Individual evidence

1. ↑ IEEE 802.1Q-2011 Clause 9.6
2. ↑ IEEE 802.1Q-2011 Clause 6.9.3
3. ↑ IEEE 802.1Q-2005 Clause 9.6

Footnotes

1. ↑ compare VLAN