Virtual Local Area Network (VLAN)

– Penfold –

Download this article as a self-extracting text file
View this article in printer-friendly plain-text format
E-mail this article to a friend

For more great technical info on networking, check out DaLanTech.com

 

Virtual Local Area Network (VLAN)

You may be wondering just what is a Virtual Local Area Network (VLAN) and what is the big deal about them? I’m glad you asked.

Broadcast Domains

A switch is a broadcast domain. When a broadcast comes in any port, it will be replicated over every single port. A router, on the other hand, receives a broadcast and does not replicate it on any port. As a result, you can think of a broadcast domain as a subnet. For traffic to get from one broadcast domain to another, it must travel through a router.

For those that are unfamiliar with broadcasts, let me take a moment and describe them and why they exist. The best analogy I can think of for a broadcast is a public announcement system. It’s like walking around in the mall and you hear over the music system an announcement that a lost little boy has been found and his parents can collect him at the security desk. That message was broadcast to everyone in the mall, who had to stop and listen to the entire message. Now all the people that were there without any children, or just little girls immediately ignored the message. Everyone that DID have a little boy had to make sure the little rascal was firmly chained to the shopping cart.

Well, that’s pretty much the way Computers use broadcasts. They are looking for something, or they are announcing a service to everyone on the network. (“Is there a server on this network?”, “What is the layer two address of this IP address?” or “I am a router and this is the routing table I have.”, etc.) Every station has to receive it, so the switch(es) send it out every port. Every computer has to take in the packet and process it, then either discard it or respond to it. However, the more stations and protocols on a network, the more broadcasts you will have. This means that much more traffic will cross the entire network, and each and every station has to spend CPU cycles processing it. Newer NIC cards are now off-loading as much of this processing as they can (such as ARPs and Reverse-ARPs), but there are still plenty of broadcasts the requires the attention of the CPU.

Topology

VLANs allow you to assign multiple broadcast domains to a switch. Think of it as “color coding” your ports. Green ports can only pass traffic with other green ports, and blue ports can only pass traffic to other blue ports. To get from a green port to a blue port you HAVE to go through a router.

Now some (big) companies may have several subnets and have them assigned to different departments. Accounting may be subnet A and Sales may be subnet B. If everything was plugged into the same switch, there would be a lot of useless traffic crossing the subnets. If management decided to place the different subnets on separate switches, then there is a lot of extra expense involved. The router(s) would require multiple Ethernet ports to link the different switches with different backbones. Also connecting to these different switches from the end user may now become an issue because the best switch available is not the network the user needs access to. Finally, there is always the potential to have too many ports for one network and not enough for the other.

VLANs would allow a company to build one network with no duplication of resources. Backbone and router connections can be configured as “trunks”, which tag each packet with a VLAN header. The switches also determine what VLANs are where and will not forward traffic to trunks that do not need it.

Since all broadcasts are sent out every port, there is a possibility of wiring up the switches in a loop. This is undesirable because it will create “broadcast storms” in which one broadcast is sent out and in a matter of seconds, the network is saturated with duplicates of the broadcasts and replies because each switch replicates it to the other. To prevent broadcast storms, and to allow for redundant links between switches, the Spanning tree protocol was developed.

Spanning Tree Protocol

Spanning Tree listens to the layer two (MAC) addresses of the incoming traffic on each port and compares it to a table it has built. If it receives the same MAC address on multiple ports, they are considered to be redundant links and are disabled. If the primary link goes down, Spanning tree immediately enables the secondary port to preserve network connectivity. Spanning tree has what is considered the “root” bridge which is viewed as the center of the network. The root bridge can be configured, or the switches will elect one automatically. The root bridge is important because redundant links are identified and disabled from it’s perspective.

For example, if there are 5 switches, all of which are interconnected, the root bridge will decide that all links directly connected to it are primary and will remain active. The links interconnecting the other switches are redundant and are to be disabled.

A separate Spanning Tree is run for each VLAN. Different switches can be the root of spanning tree and control each network from that perspective. This can make the network highly configurable and dynamic. It will also allow redundant trunks, which would normally be disabled, to actually load balance different VLAN traffic over the separate links.

Security

Finally, access-lists can be implemented on the router to allow or dis-allow access to servers and or services. For example, the sales network might need access to the accounting server, but not the admin network. Meanwhile, the IT department needs access to all networks and servers. These rules can be implemented on the router that ties all of the networks together.

Rappin’ it up

To sum it up, VLANs can improve network performance, reduce costs, increase scalability, and provide additional security.

– Penfold –

Download this article as a self-extracting text file
View this article in printer-friendly plain-text format
E-mail this article to a friend

For more great technical info on networking, check out DaLanTech.com

Leave a Comment: