No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Understanding VCMP

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Understanding VCMP

Understanding VCMP

Introduction

This document describes the VLAN Central Management Protocol (VCMP) definition, basic concepts, application scenarios, protocol packets, and implementation mechanism.

Definition

The VCMP is used to implement centralized VLAN management and maintenance. VCMP is a Huawei proprietary protocol that works at the link layer to transmit VLAN information and ensures consistent VLAN information on the Layer 2 network. Compared with manual configuration, VCMP reduces the configuration workload and ensures VLAN information consistency.

Basic Concepts

VCMP uses a VCMP domain to manage switches and determine attributes of switches in the VCMP domain based on roles. VCMP defines four roles: server, client, transparent, and silent. Figure 1-1 shows VCMP domains and roles in the VCMP domains.

Figure 1-1 VCMP domains and roles

VCMP domain

A VCMP domain is composed of switches that have the same VCMP domain name and are connected through trunk or hybrid interfaces. All switches in the VCMP domain must use the same domain name, and each switch can join only one VCMP domain. Switches in different VCMP domains cannot synchronize VLAN information.

A VCMP domain specifies the scope for the administrative switch and managed switches. Switches in a VCMP domain are managed by the administrative switch. There is only one administrative switch and multiple managed switches in a VCMP domain.

VCMP role

VCMP determines attributes of switches based on VCMP roles. Table 1-1 describes VCMP roles.

Table 1-1 VCMP roles

VCMP Role

Function

Description

Server

The VCMP server synchronizes VLAN information to other switches in the local VCMP domain.

If VLANs are created or deleted, or VLAN names or descriptions are changed on the VCMP server, the configurations are synchronized to the other switches in the VCMP domain.

Client

A VCMP client belongs to a specified VCMP domain and synchronizes VLAN information with the VCMP server.

If VLANs are created or deleted, or VLAN names or descriptions are changed on a VCMP client, the configurations are not synchronized to the other switches in the VCMP domain. VLAN information on the VCMP client is overwritten by that sent by the VCMP server.

Transparent

A VCMP transparent switch does not affect other switches in the local VCMP domain and is not affected by VCMP management behaviors.

A VCMP transparent switch transparently forwards VCMP packets to only trunk or hybrid links.

If VLANs are created or deleted, or VLAN names or descriptions are changed on a VCMP transparent switch, VLAN information on the VCMP transparent switch is not affected by that on the VCMP server and is not synchronized to the other switches in the VCMP domain.

In this way, some switches that do not need to be managed by VCMP can forward VCMP packets.

Silent

Deployed at the edge of a VCMP domain, a VCMP silent switch does not affect other switches in the local VCMP domain and is not affected by VCMP management behaviors. The VCMP silent switch prevents VCMP packets in a VCMP domain from being transmitted to other VCMP domains.

A VCMP silent switch directly discards received VCMP packets.

If VLANs are created or deleted, or VLAN names or descriptions are changed on a VCMP silent switch, VLAN information on the VCMP silent switch is not affected by that on the VCMP server and is not synchronized to the other switches in the VCMP domain.

NOTE:
  • VCMP transparent and silent switches do not belong to any VCMP domain.
  • If an edge switch in a VCMP domain needs to be managed, configure the edge switch as a VCMP client. To prevent VCMP packets in the local VCMP domain from being transmitted to other VCMP domains, disable VCMP on the edge switch interface connected to other VCMP domains.

Application Scenarios

On a small-scale enterprise network, the network administrator can log in to each switch to configure and maintain VLANs. On a large-scale enterprise network, a lot of switches are deployed, so a large amount of VLAN information needs to be configured and maintained. If the network administrator manually configures and maintains all VLANs, the workload is heavy and VLAN information may be inconsistent.

VCMP is used to implement centralized VLAN management. The network administrator simply needs to configure and maintain VLANs (for example, creating and deleting VLANs) on one switch. Then the changes will be automatically synchronized to all the switches in the specified domain without manual intervention. In this way, the configuration workload is reduced and VLAN information consistency is ensured.

NOTE:
  • VCMP can only help the network administrator synchronize VLAN information but not dynamically assign VLANs. VCMP is often used with Link-type Negotiation Protocol (LNP) to simplify user configurations.

  • Generic VLAN Registration Protocol (GVRP) can reduce VLAN configurations and dynamically assign interfaces to VLANs. GVRP creates dynamic VLANs, but VCMP creates static VLANs.

Figure 1-2 Typical VCMP networking

As shown in Figure 1-2, departments A and B of an enterprise belong to different Layer 2 networks. The departments are large and a lot of VLANs need to be configured and maintained. To facilitate VLAN configuration and maintenance, deploy VCMP domains VCMP1 and VCMP2 for departments A and B respectively, and configure AGG1 as the VCMP server in VCMP1, ACC1 and ACC2 as VCMP clients in VCMP1, AGG2 as the VCMP server in VCMP2, and ACC3 and ACC4 as VCMP clients in VCMP2. The network administrator simply needs to create or delete VLANs or change VLAN names or descriptions on AGG1 and AGG2. ACC1 to ACC4 synchronize VLAN information with AGG1 and AGG2 respectively. This implements centralized VLAN configuration and management.

VCMP Packets

VCMP enables switches of different roles to exchange VCMP packets to implement centralized VLAN management. VCMP packets can be only transmitted in VLAN 1 on trunk or hybrid interfaces. To retain the same VLAN information on the VCMP server and clients, VCMP defines three types of multicast packets: Summary-Advert, Subset-Advert, and Advert-Request. Table 1-2 describes the functions and triggering scenarios of the three types of packets.

Table 1-2 VCMP packets

Packet Type

Function

Applicable Scenario

Sent By

Summary-Advert

The VCMP server sends Summary-Advert packets to other devices in the local VCMP domain to notify them of the domain name, device ID, configuration revision number, and VLAN information.

  • The VCMP server sends a Summary-Advert packet every 5 minutes to ensure real-time synchronization of VLAN information on the VCMP server and clients and prevent VLAN information loss due to packet loss.

  • The VCMP server configuration is changed. For example, VLANs are created or deleted, the VCMP domain name or device ID is changed, the authentication password is changed, and the VCMP server restarts.

  • The VCMP server receives Advert-Request packets from VCMP clients in the same VCMP domain.

Server

Subset-Advert

The VCMP server sends Subset-Advert packets to other devices in the VCMP domain to notify them of the non-default VLAN names or descriptions.

Non-default VLAN names or descriptions are configured on the VCMP server, and either of the following conditions is met:
  • The VCMP server configuration changes, including creating VLANs, deleting VLANs, and changing the VLAN name, VLAN description, VCMP domain name, device ID, or authentication password.

  • The VCMP server receives Advert-Request packets from VCMP clients in the same VCMP domain.

The VCMP server sends a Subset-Advert packet to ensure real-time synchronization of VLAN information on the VCMP server and clients and prevent VLAN information loss due to packet loss.

Server

Advert-Request

A VCMP client sends Advert-Request packets to the VCMP server to request VLAN information.

  • A VCMP client is added.

  • A VCMP client restarts or a client interface becomes Up.

Client

Summary-Advert and Subset-Advert packets sent by the VCMP server carry the configuration revision number. A VCMP client uses it to determine whether VLAN information sent from the VCMP server is newer than the local VLAN information. If so, the VCMP client synchronizes VLAN information with the VCMP server. A configuration revision number is represented by an 8-digit hexadecimal number. The four left-most bits indicate the change of the VCMP domain or device ID and the four right-most bits indicate the VLAN change. Upon a VLAN change on the VCMP server, the configuration revision number is automatically increased. When the VCMP domain name or device ID changes, the four left-most bits of the configuration revision number are recalculated and the four right-most bits are reset.

VCMP Implementation

VLAN Synchronization When the VCMP Server Configuration Changes

When the VCMP server configuration changes, for example, creating and deleting VLANs, changing the VLAN name, VLAN description, VCMP domain name, or device ID, or restarting the VCMP server, the VCMP server sends a Summary-Advert packet and a Subset-Advert packet to instruct VCMP clients in the local VCMP domain to synchronize VLAN information.

VLAN Information Synchronization When a VCMP Client Is Added

To ensure VLAN information synchronization between the VCMP server and clients, the VCMP server sends a Summary-Advert packet every 5 minutes to notify switches in the local VCMP domain of the domain name, device ID, and configuration revision number. The VCMP server also sends a Subset-Advert packet to notify switches of the VLAN names and descriptions that change. When a VCMP client is added or a VCMP client restarts, the VCMP client sends an Advert-Request packet to the VCMP server to request VLAN information on the VCMP server.

Multi-Server Trap

Only one VCMP server exists in a VCMP domain. To prevent attacks of bogus VCMP servers, the VCMP server matches the VCMP domain name, device ID, and source MAC address in the received Summary-Advert packets with local ones. If the VCMP domain name and device ID match local ones but the source MAC address in the packet is different from the system MAC address, the VCMP server sends a trap about the multi-server event to the NMS.

To prevent the VCMP server from being affected by too many traps, the VCMP server sends traps to the NMS once every 30 minutes.

VCMP Authentication

When an unauthorized switch joins a VCMP domain, VLAN information on the switch may be synchronized in the VCMP domain, affecting network stability. To prevent unauthorized switches from joining a VCMP domain and enhance VCMP domain security, configure a VCMP domain authentication password on the VCMP server and clients.

If the VCMP domain authentication password is configured on the VCMP server or a VCMP client, the VCMP server or VCMP client uses the password character string (empty character string is used by default) as the key and performs SHA-256 for the VCMP domain name and device ID to obtain a digest. The digest is sent in a Summary-Advert, a Subset-Advert, or an Advert-Request packet. When each VCMP client in the VCMP domain receives a Summary-Advert packet or a Subset-Advert packet from the VCMP server, the VCMP client uses the locally configured password to perform SHA-256 for the VCMP domain name, device ID, and configuration revision number, and compares the calculated digest with the digest in the Summary-Advert or Subset-Advert packet. If the calculated digest matches the digest in the Summary-Advert or Subset-Advert packet, the Summary-Advert or Subset-Advert packet passes authentication and further VCMP processing is performed. Otherwise, the Summary-Advert or Subset-Advert packet is discarded. When the VCMP server receives an Advert-Request packet from a VCMP client, authentication and processing are similar.

If no domain authentication password is set, VCMP packets pass without authentication.

NOTE:
  • In a VCMP domain, the VCMP domain authentication password on the VCMP server and clients must be the same.

  • To ensure device security, change the password periodically.

Translation
Download
Updated: 2019-06-29

Document ID: EDOC1100088113

Views: 521

Downloads: 22

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next