One article explains what is VLAN, Layer 3 switch, gateway, DNS, subnet mask, MAC address

Last time we published what is arp address? What is arp attack? How to use arp command to solve network problems. Many friends have repeatedly asked what are gateway, dns, subnet mask, three-layer switch, and their positioning purposes. Indeed, because network technology is indeed widely used in weak electricity, we usually discuss gateway, VLAN, three-layer switch or subnet mask and other issues in the VIP technical group. Today, let's understand them all at once in a popular way.

1. What is VLAN?

VLAN is "Virtual Local Area Network" in Chinese. A LAN can be a network consisting of a few home computers or a corporate network consisting of hundreds of computers. The LAN referred to by VLAN specifically refers to a network divided by routers, that is, a broadcast domain.

After listening to the above concepts, many friends must be confused. What is a virtual LAN? Why do we need to divide VLANs?

1. Here is an example: common understanding

A high school enrolled 800 students in the first grade of the new semester. If these 800 students were put in one class, it would be impossible to manage them. Facing 800 people, the teacher would have a headache. One side was teaching, but the other side could not hear at all. What tasks the teacher assigned would not be transmitted. If the teacher wanted to find the information of a certain student, he had to look through 800 pieces of information, which was extremely troublesome and a waste of time.

In reality, it is the same. If computer A wants to communicate with computer B, then computer A needs to send an ARP request. There are many computers in the network, and the ARP request will eventually be forwarded to all computers in the same network to find computer B. In this way, in order to find computer B, the overall network bandwidth is consumed, and the computer that receives the broadcast information also consumes some CPU time to process it, resulting in a large amount of unnecessary consumption of network bandwidth and CPU computing power.

2. So what to do?

The school divided these 800 students into 10 classes, with 80 students in each class. They were named Class 1(1), Class 1(2), ..., and Class 1(10). Each student was given a class number.

• 1101 means student No. 01 in class 1.
• 1102 means student No. 02 in class 1.
• 1201 means student No. 01 in Class 2.

The last digits of the student numbers in the same class are different, but the rest of the numbers are the same.

Then it will be much easier for the teacher to manage. He can manage the 80 students in Class 1 well. He doesn't care about Class 1 even if Class 2 and Class 3 next door are in chaos. He just wants the 80 students in this class to have a good class.

This is VLAN, each class is equivalent to a VLAN, and each class name is equivalent to the name of the VLAN, and each student's number is the IP address; classmates (IP of the same VLAN) are in the same classroom, spend every day together, and can communicate with each other, while students from different classes find it difficult to communicate with each other without doing other work.

Therefore, devices in the same VLAN can communicate with each other; devices in different VLANs cannot communicate with each other without configuration.

So how do different VLANs communicate? This requires single-arm routing and a three-layer switch.

2. One-arm router and layer 3 switch

We know that in order to achieve communication between different VLANs, routing function is required. There are two ways for different VLANs to communicate with each other (single-arm routing and three-layer switch).

1. What is a one-arm router?

The implementation method of one-arm routing is actually an ordinary layer 2 switch plus a router, so that different VLANs can communicate with each other.

2. What is a Layer 3 switch?

For small networks, one-arm routing can cope with it, but as the traffic between VLANs continues to increase, it is likely that the router will become the bottleneck of the entire network, resulting in packet loss or communication congestion.

In order to solve the above problems, three-layer switches came into being. A three-layer switch is essentially a "(two-layer) switch with routing function". Routing belongs to the function of the third layer network layer in the OSI reference model, so a switch with the third layer routing function is called a "three-layer switch".

For the internal structure of a three-layer switch, please refer to the simplified diagram below.

In one main body, the switch module and the router module are set separately; and the built-in routing module is the same as the switching module, using ASIC hardware to process routing. Therefore, compared with traditional routers, high-speed routing can be achieved. In addition, the routing and switching modules are linked together, and because they are internally connected, a considerable bandwidth can be ensured. Therefore, for formal projects, a three-layer switch is required to achieve communication between networks.

3. What is a Gateway?

After understanding VLAN and Layer 3 switches, whether they can communicate depends on whether the gateway is correct.

1. What is a Gateway?

Gateway, also known as network connector or protocol converter, realizes network interconnection at the transport layer. It is the most complex network interconnection device and is only used for interconnection between two networks with different high-level protocols.

2. How to understand the gateway

As we all know, to walk from one room to another, you must go through a door. Similarly, to send information from one network to another, you must also go through a "gateway", which is a gateway. As the name suggests, a gateway is a "gateway" that connects one network to another.

There are many types of gateways according to different classification standards. The gateway in the TCP/IP protocol is the most commonly used. Here, the "gateway" we are talking about refers to the gateway under the TCP/IP protocol.

3. Gateway IP address

So what exactly is a gateway?

The gateway is essentially an IP address that connects one network to other networks. The gateway selects one of the available IP addresses in the network segment, but the first and last ones are generally used.

For example:

For example, there are network A and network B.

Network A: The IP address range is "192.168.1.1~192.168.1.254", subnet mask 255.255.255.0;

If it needs to communicate with other network segments, its gateway can be set to 192.168.1.1, or it can be set to another IP address in the network segment.

Network B: The IP address range is "192.168.2.1~192.168.2.254", and the subnet mask is 255.255.255.0.

If it needs to communicate with other network segments, its gateway can be set to 192.168.2.1, or it can be set to another IP address in the network segment.

4. How does the gateway achieve communication?

Without a router, TCP/IP communication between two different networks is impossible. Even if the two networks are connected to the same switch (or hub), the TCP/IP protocol will determine that the hosts in the two networks are in different networks based on the subnet mask (255.255.255.0). To achieve communication between the two networks, a gateway is required.

If the host in network A finds that the destination host of the data packet is not in the local network, it will forward the data packet to its own gateway, which will then forward it to the gateway of network B, and the gateway of network B will then forward it to a host in network B (as shown in the figure). The process of network B forwarding data packets to network A.

Therefore, only by setting the IP address of the gateway can the TCP/IP protocol realize mutual communication between different networks.

5. What is the default gateway?

If you understand what a gateway is, the default gateway will be easy to understand. Just like a room can have multiple doors, a host can have multiple gateways. The default gateway means that if a host cannot find an available gateway, it will send the data packet to the default gateway, which will process the data packet. The gateway currently used by the host generally refers to the default gateway.

4. What is DNS

DNS is a Domain Name System, which is a server that converts URLs into IP addresses.

To put it simply, DNS is used to translate domain names into IP addresses. Here is an example so that everyone can understand it clearly.

For example, when we enter www.baidu.com in the browser, the machine needs to communicate with the Baidu website, and the machine needs to send a data packet to the outside. The data packet needs to contain the IP address of the Baidu server. We don’t know what the IP address is, so the host needs to ask the DNS server, and the DNS server automatically helps us translate the domain name www.baidu.com into the IP address 61.135.169.105. Then write it into the destination IP address of the data packet to communicate.

Just like when we write a letter, you have to write the recipient's address before the post office can send it to you. If you write a letter to a foreign country, the post office will not recognize the Chinese address, so someone will need to translate it into English for you. This is the role of DNS, so you need to write DNS in the local connection to browse the web normally. If you don't set DNS, you can't access the web normally.

5. MAC address

When talking about MAC addresses, we have to mention IP addresses, so let’s talk about IP addresses here as well.

IP and MAC:

Although ipv6 is now available, most of us still use ipv4 protocol. The so-called ip is the number of your computer's entire network. Other computers need this number to access your computer. However, this number is always changing in many cases. The only thing that remains unchanged is your MAC address: physical address.

MAC is a unique network address used to identify network card devices on the network. It is uniformly assigned by the relevant hardware manufacturers, and the MAC address of each computer is unique.

For example, if you move frequently, you will have an address every time you move, such as XX community, XX unit, XX number, which is the IP address. However, your name does not change, which is the MAC address. The difference is that our MAC addresses do not allow duplicate names.

Our IP is divided into two parts: the network part and the host part as shown in the figure above. The network part is like you are in XX town, XX city, XX province, which is fixed by the state. However, the XX unit, XX number of XX community is set by the developer. The sum of the two numbers is your IP. The difference is that in reality, the length of the two numbers is fixed, but on the Internet, the IP addresses of A, B, C, and D are changing. This was discussed in detail the day before yesterday.

6. Subnet Mask

The subnet mask is used to distinguish the network bit from the host bit. As we mentioned above, an IP address consists of a network part and a host part, just like a person's name consists of a surname and a first name.

We can compare the IP address to a person's name, and the subnet mask is like a list, which can quickly tell which people have the same surname and which have different surnames, and group people with the same surname together so that they can communicate with each other.

For example:

There is a network segment 192.168.1.0-192.1.254. This network segment is like a village, so we call it Security Village. This network segment has an IP address 192.168.1.1, and we call him Security One. The other one is Security Two, and its IP address is 192.168.1.2. As soon as we see them, we know that they are from the same village.

There is another network segment, 192.168.0.0-192.168.255.254, which we call An Village. There is also a village with two IP addresses, 92.168.1.1 and 192.168.1.2, also called Security 1 and Security 2. So the question is, how do we distinguish which village they belong to?

At this time, the subnet mask is needed to determine which network segment they belong to. You need to bring Security One and Security Two to the village to identify them, and then you will know which village they belong to. The network segment of Security Village is 255.255.255.0, and the network segment of Security Village is 255.255.0.0.

There will also be IP addresses with the same name or surname on the network. To distinguish which network segment they belong to, we need to rely on the subnet mask.

Replenish:

Finally, Mr. Weak Current would like to add that in order to help everyone understand network knowledge more deeply, this picture will help everyone clarify the application of network knowledge.