Tutorial 5 - SDN & VLANs

Submission process:

  • Submission deadline is January 22, 14:00 CET (before the lecture) .
  • Commit and push your solution as separate notebook files per subtask via git as ./tutorial/tutorial5/tutorial5_3.ipynb. Please take care of the correct subfolder/filename since submission is denied otherwise.
  • During the first lecture after the deadline we will discuss a sample solution in class.
  • Afterwards, you have time until January 27, 16:00 CET (before the lecture) to submit a corrected version of your submission:
    1. Rework your solution according to our discussion in class.
    2. Commit and push the corrected version as a separate file per subtask via git as ./tutorial/tutorial5/tutorial5_3.ipynb. Please take care of the correct filename since submission is denied otherwise.

Remarks:

  • Grading is done based on both versions of your submission.
  • If the first submission is missing or contains major flaws a deduction of up to 50% of the achieved points will be applied
  • A sample solution is provided after January 27, 16:00 CET eventually.
  • Do NOT duplicate cells or change the type of cells, otherwise you might receive zero points for your submission
  • Please use acn@net.in.tum.de for questions regarding lecture, tutorial, and project of ACN.

This cell is used to verify the structure of the submission

DO NOT DELETE OR CHANGE THIS CELL, otherwise the task will be graded with 0 points

Problem 3- VLANs (2.5 credits)

a) [0.5 credits] There are two different kinds of ports on VLAN capable switches. Name them and give a brief description.

  • Access ports: Usually end hosts are attached to these ports, which expect packets arriving/sent on these ports to have no VLAN tag (packets are untagged).
  • Trunk ports: Other VLAN capable switches or hosts expecting tagged packets are attached to these ports.

b) [0.5 credits] A VLAN tagged packet has a TCI of 0x00d1 (given big endian).

  • Shortly explain the parts of the TCI and their meaning.
  • Determine the value for every component for the given TCI.

  • TCI (Tag Control Information) consists of three parts:
    • PCP - Priority Code Point (3 bits): Priority class of the according to IEEE 802.1p. PCP value of 0 is the best effort class.
    • DEI - Drop Eligible Indicator (1 bit): Indicates if the frame can be dropped in case of congestion. In this case 0 means that it should not be dropped.
    • VID - VLAN Identifier (12 bits): Identifier of the VLAN. In this case the VLAN has ID 0xd1 or 209.

c) [0.5 credits] Write a function which encapsulates an IPv6 packet in a VLAN Ethernet frame.

In [1]:
import binascii
import pprint

pp = pprint.PrettyPrinter(indent=4, width=39)
def prtyprnt(dump):
    pp.pprint(binascii.hexlify(dump))

   
hxdump = bytearray(b'\x60\x0f\xb5\x9a\x00\x20\x06\x40\x20\x01\x4c\xa0\x20\x01\x00\x11\x64\x7b\x8a\x83\x6d\x44\xb8\x80\x20\x01\x06\x7c\x04\xe8\xf0\x02\x00\x00\x00\x00\x00\x00\x00\x0a\xcc\xe6\x01\xbb\x7a\x77\xdc\xf2\xf6\x08\xff\x8a\x80\x10\x10\x04\xbd\x0f\x00\x00\x01\x01\x08\x0a\x81\x9a\x45\xd6\x99\x48\x06\x08')

def create_vlan_forv6(srcmac, dstmac, tci, dump, fcs):
    # begin insert code
    # Ethernet frame:
    #   destination MAC
    #   source MAC
    #   TPID – Tag Protocol Identifier fixed value of 0x8100
    #   TCI
    #   Ethertype IPv6
    #   payload
    #   FCS
    dump = dstmac + srcmac + bytearray(b'\x81\x00') + tci + bytearray(b'\x86\xdd') + dump + fcs
    # end insert code
    return dump

src = bytearray(b'\x00\x25\x90\x57\x22\x4a')
dst = bytearray(b'\x68\x5b\x35\xae\x0b\x32')
tci = bytearray(b'\x00\xd1')
fcs = bytearray(b'\x22\x11\x00\x99') # you can assume this FCS to be correct without checking


prtyprnt(create_vlan_forv6(src, dst, tci, hxdump, fcs))

(b'685b35ae0b3200259057224a810000d1'
 b'86dd600fb59a0020064020014ca02001'
 b'0011647b8a836d44b8802001067c04e8'
 b'f002000000000000000acce601bb7a77'
 b'dcf2f608ff8a80101004bd0f00000101'
 b'080a819a45d69948060822110099')
In [ ]:

d) [0.5 credits] A company gets its Internet access from an end user Internet Service Provider (ISP) and wants to connect its data centers located at two different sites using VLANs. What problems arise and how can these problems be mitigated?

  • Typically, end user Internet service providers operate on Layer 3, i.e., the user hands over IP packets to the network of the ISP. In this case the VLAN information is lost when handing over IP packets from the customer to the provider. The provider has exclusive control over its L2 network and might use VLANs by himself.
  • If the company wants to control its VLAN tags there are several possibilities:
    • renting a L1 access (i.e. a cable/fiber) from the provider to get full control over L2
    • the provider offers an Ethernet access utilizing QinQ so the company still can use its own VLANs
    • using some kind of tunnel technique conserving the L2 information, e.g., MPLS, VXLAN

e) [0.5 credits] Why is it a bad idea for that company to only use VXLAN as a tunnel technology over the Internet?

VXLAN has no encryption included in the protocol. The company has to employ other protocols such as IPsec to provide some form of encryption.

Advanced Computer Networking by Prof. Dr.-Ing. Georg Carle

Teaching assistants: Christian Dietze, Sebastian Gallenmüller, Marcel Kempf, Lorenz Lehle, Nikolas Gauder, Patrick Dirks