The Research And Implementation Of Private VLAN Based On Linux

With the emergence of VLAN technology, users in the same physical LAN are divided into different broadcast domains logically and managed in terms of business semantics. Each VLAN contains a set of computer workstations with the same requirements, and has the same properties as the physical LAN.Due to user security and account management, etc, users are usually isolated in tier2. One general means of isolation is one VLAN per user. The maximum number of VLANs in an equipment is4094according to IEEE802.1Q. For the core devices,4096VLANs are far from being enough if one VLAN per user. So, the concept of Private VLAN is introduced. Private VLAN has a2-tier structure of Private VLAN and Secondary VLAN. Upstream device only recognizes Private VLAN, and does not care the Secondary VLAN. Therefore, it saves VLAN resources, and simplifies network configuration.This thesis explores the principles of Private VLAN. Linux platform is chosen as the implementation platform. After studying the relationship between VLAN subsystems and the other subsystems of switch software system, this thesis proposed the VLAN subsystem design. In addition, according to the functional requirements of VLAN, this thesis also presents the modular design and discusses the relationships among the modules.The VLAN subsystem is developed on the basis of Linux kernel and implemented in two parts, i.e., user space and kernel space, such that good maintainability and stability is achieved.The subsystem supports distributed devices, and reduces the complexity of message communication and processing by using multi-threading. This subsystem completely supports master board, slave board and interface board. Even single interface board can be used to forward network packets. If a main board is out of order, a slave board will replace it. Thus, the efficiency and stability of packet forwarding is enhanced.If the Linux-based VLAN subsystem is installed on the switches and routers supporting Private VLAN hardware features, Private VLAN are able to be configured on these devices, realizing the reliable forwarding of packets saving IP addresses, and VLANs, and simplifying network configuration. Equipments based on our developed scheme have been widely used on campus networks and enterprise networks.