For logical segmenting of packet-oriented networks—often also called LAN, Local Area Network, among experts—an organization form of a virtual LAN is known. Standard IEEE 802.1Q defines a VLAN (Virtual LAN), i.e. a virtual local network within a physical network.
A VLAN is formed by a group of network node units which are combined in a “Broadcast Domain”. A network node unit is conventionally configured here as a switch or bridge, etc. Network node units will hereinafter be described predominantly using the example of switches, without this specific choice of network node units constituting a limitation.
If a virtual LAN is to be expanded over a plurality of network node units then expansion of the MAC addresses (“Media Access Control”) identifying aim and origin in the exchanged data packets by an identification number of the virtual LAN is advantageous. This identification number is usually called a VLAN number or “VLAN ID” or “Virtual LAN Identification Number”.
Using a method called “Frame Tagging” a VLAN ID that marks the VLAN is inserted in a data packet as a “tag” or marker next to the type field of the MAC frame. This method is standardized in said IEE 802.1Q and uses a word length for the tag of 12 bits. Theoretically this results in the values 0 to 4095 for the VLAN ID. The VLAN IDs “0” and “4095” are reserved or not admissible, so the number of possible VLAN IDs is limited to 4094. In 802.1Q networks tag-free data packets can still be exchanged without a tag for reasons of compatibility.
One embodiment of a virtual LAN is what is known as the port-based VLAN. In this case a VLAN is fixed within an IP sub-network (“Internet Protocol”) or across a plurality of IP sub-networks and mapped on a plurality of connections (>>port<<) of a network node unit. The network node unit is conventionally constructed as a switch; mapping of connections or ports of this switch is consequently called >>switchport mapping<<.
Virtually all switches aid recognition and examination of the VLAN tag in an MAC frame. This recognition and examination takes place before each further processing and forwarding of the data packet. A packet arriving at a connection of a network node unit—switchport—that has not yet been tagged is tagged, i.e. provided with a VLAN tag. As soon as a data packet is to be transmitted from a switch to an envisaged communication aim, for example a computer involved in packet-oriented communication, this tag is conventionally taken from the MAC frame by the transmitting switch. This measure ensures inter alia use of network cards in computers which do not assist construction of the MAC frame according to 802.1Q.
In many cases processing software of a network node unit or a switch-provides tagging of data packets even for cases in which the data packets to be processed already contains a tag with a VLAN ID. In this case a new 802.1Q header with a new—in general different—VLAN ID is prefixed to an 802.1Q header with an existing VLAN tag or VLAN ID. The original 802.1Q header remains unchanged in the process even if it is displaced backwards by the length of the new 802.1Q header.
A prefix of this kind is also used in methods that are currently known for connecting to packet-oriented networks on the basis of 802.1Q tunneling methods which are intended to ensure a transparent connection to an Ethernet service.
In the prior art proprietary expansion of the protocol IEEE 802.1Q is known with which expansion of the limited number of 4094 possible VLAN IDs is possible. Here methods are used which are known as cascading of VLAN IDs. This cascading is taken to mean a hierarchical tag in which an additional 802.1Q header is added to the front of the original first 802.1Q header. This is equivalent to the approach where the original first VLAN ID is first of all stored in a data portion of the data packet before the tag field (tag) is overwritten with the second VLAN ID. The above-described tag, i.e. the original, first 802.1Q header, will hereinafter be called the base tag. The method should be analogously continued with a third, fourth, etc. VLAN ID, whereby a correspondingly more deeply hierarchized VLAN ID cascade is produced. A method of this type is used for example by service providers to allow use of one and the same infrastructure for a plurality of customers, wherein as far as possible the data packets exchanged by customers should not influence each other.