If, across the same building, I have two physically separate networks to connect devices together via simple switches, my understanding is that I could save myself some hardware-complexity if I were to instead use smart-switches, connect them to each other via trunk-ports, and have them assign their different ports which connect to the devices to one of two VLANs depending on which "physical" network the device should belong to.
In the scenario of the two independent physical networks, if I wanted to combine them into one physical network, all I would need to do on the hardware side is to connect a switch between the two. If I understand correctly, I could equivalently plug a linux router between the two and bridge the two ports that two networks are connected to.
To do the same thing in the scenario of the VLANs, I could connect a router to the switch via a trunk port, create the virtual interfaces eth0.10 and eth0.20 (for example) and bridge those two together. Would this work as expected?
Reason I am asking is because I was just thinking about how traffic would be forwarded by the switches. In the case of a physical network, each switch builds an ARP table that tells it which MAC addresses can be reached by which port. And if one port is connected to another switch, that port should eventually get sent all traffic for all MAC addresses that are connected to that other switch.
Let's say I have the following physical network layout:
____________ ___________ __________ ___________ ____________
| | | | | | | | | |
| Device 1 |___| Network 1 |___| "Bridge" |___| Network 2 |___| Device 2 |
| MAC ...:01 | | Switch | | Switch | | Switch | | MAC ...:02 |
|____________| |___________| |__________| |___________| |____________|
Now, if Device 1 wants to send a packet to Device 2, Switch 1 knows that MAC …:02 is connected somewhere to its right port, so it passes the packet to the bridge-switch, etc.
If I were to change the network to the following layout instead:
____________ ________ ____________
| | | | | |
| Device 1 |_____________| Smart |_____________| Device 2 |
| MAC ...:01 | VLAN ID 1 | Switch | VLAN ID 2 | MAC ...:02 |
|____________| |________| |____________|
||
|| Trunk
____||____
| |
| "Bridge" |
| Router |
|__________|
Then, if Device 1 wanted to send a packet to Device 2, the smart switch should not just send the packet out of its right port, simply because that's where the destination MAC address matches. Instead it needs to forward the packet out the bottom port to the bridge-router, which should then send it back out of its top port, but tagged for VLAN 2 now, rather than VLAN 1.
This would imply that both, the smart switch and the bridge-router would need to maintain two (or more) independent ARP tables, one for each VLAN, and, in the case of the smart switch, MAC …:02 should be linked to the right port iff the traffic belongs to VLAN 2 and it should be linked to the bottom port iff the traffic belongs to VLAN 1.
Is that what's happening? Or can this setup not work as the smart switches would get confused?
Also, is my understanding as described above correct at all? 🙂
Best Answer
The term "smart switch" that you're using isn't a standard term. I think you mean "switch that supports VLANs" when you say "smart switch".
Switches maintain layer 2 adjacency tables. These tables identify physical port and MAC address associations and allow the switch to direct traffic only to the intended destination. These aren't actually "ARP tables"-- they have nothing to do with mapping layer 3 addresses to layer 2 addresses. These are actually tables that map layer 2 addresses to what, arguably, are layer 1 addresses.
In a switch that supports VLANs the adjacency table will also take into account port VLAN memberships to prevent direct layer 2 communication between adjacent devices that aren't connected to ports that are members of the same VLAN, and to limit flooding of frames (non-unicast frames and frames destined for unknown destinations) to a single VLAN.
Routers don't maintain layer 2 adjacency tables, but they do maintain ARP tables. A router will typically maintain at least one ARP table for each logical interface, mapping layer 3 addresses to layer 2 addresses for that interface's media. A router doesn't specifically "care" about VLANs, per se. A VLAN will be presented to a router as a logical sub-interface of a physical interface (
eth0.1on a Linux machine, for example, representing VLAN 1 on theeth0interface), and an ARP table will be maintained if that logical sub-interface has an IP address assigned.