/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsA network segment can be considered to be a single line being shared by multiple nodes. If you increase the number of nodes, or some of the nodes generate more traffic, then the time each node gets to use this line gets reduced. With lesser time available, some nodes might try to use the line simultaneously, thereby causing packet collisions. This is where network
segmentation comes into the picture, so that you can create multiple lines and logically arrange nodes on it. So segmenting a network is breaking it up into logical and more manageable parts. This could be to improve reliability and performance, to make it more secure, or to manage it better (because its growing size makes manageability difficult). In this article, we’ll look at some situations where you need to segment, and how to do it.
Using multiple network cards
This sort of network segmentation is a simple way to segment your network. Sometimes it may happen that you get a slow response from your server over the network, and yet the server itself is underutilized. The bottleneck here might be the server’s network card. First, check whether it’s a 10 Mbps card, and whether changing to 100 Mbps will help. If this doesn’t help, then you might like to put in another network card and move one network segment to it. This will create two network segments. This configuration has its own merits and demerits. If one of the links fails, then that entire segment will go down. However, there are solutions, such as certain multiport network cards, to counter this problem. These will aggregate the bandwidth of all four ports. You can connect all four ports to the central switch, and also connect all the different network segments to it as well. This way, each segment gets aggregated bandwidth, and in case any of these ports goes down, the remaining ports take the load.
Segmenting with switches
If you’re primarily using hubs for your network connectivity, then maybe it’s time you moved over to switches. These devices provide dedicated connectivity between its various ports. So a packet going from one port will only go to the destination port it’s meant for. Whereas in a hub, a packet from one port will be sent to all ports, and only the destination port will pick it up. Since packets are broadcasted to each port on a hub, the chances of packet collisions become more probable as you increase the number of clients on it. Most hubs have indicators for packet collisions, and you can determine the performance by analyzing them. If there are consistent packet collisions, then the network might be congested. Other indicators of congestion could be slow network response. Files may take ages to copy from the server, or the application server may take a long time to respond.
/pcq/media/post_attachments/8142d8382871dbe23c4479f0a71d4024732d3a429bb24c0f9cbcf12f3cdce80a.jpg)
To segment a network with switches, get a switch and keep it as the center of your network. Connect all other hubs and additional switches to it if required. Next identify the nodes that generate the maximum traffic on your network. The server is definitely one of them, and it should go on a separate port on the switch. Similarly, other commonly shared devices, such as an Internet connection or a network printer, should also be placed on separate ports on the switch. The next major step is to identify which nodes on the network talk to each other the most. Keep these together. If you have multiple servers, then identify which users use which servers most frequently. Try to group them together either on the same hub or switch. This will create multiple network segments.
Segmentation with VLANs
When we spoke of segmentation with switches above, we created multiple physical segments. One problem with this setup is that all nodes can see and communicate with each other. If one node sends a broadcast packet, it gets transmitted to all the nodes. Suppose you have a group on your network, which you want to isolate from the rest of the network, but don’t want to spend money on buying equipment for doing so. Or suppose, there’s so much broadcast happening on your network, and you want to control it without using a router. Enter
VLANs.
VLAN stands for Virtual Local Area Network, and are another way of segmenting a network. To create VLANs, you must have a switch with VLAN support. VLANs break up your existing LAN into multiple logical segments, which are isolated from each other, so that traffic from one cannot flow into the other. This can help better manage the network and control your network traffic. We say logical because VLANs are not completely dependant upon physical location. You can create a VLAN between nodes on different segments on your network. You can create a VLAN based on switch ports, MAC address, layer 3 protocols, or IP Multicast. Port-based VLANs take several ports from a switch(s), and put them in one VLAN. The limitation of this VLAN is that if a user moves from one VLAN to another, the administrator has no way of finding this out automatically. This can happen in the case of mobile users, who will not be able to get their network access privileges if they move outside the VLAN. MAC-address based VLANs come in handy here. A MAC address is the physical address of a network card. Here, no matter where a user moves on the network, he will always remain on the same VLAN. While it’s convenient, configuring this type of VLAN can be troublesome, especially for large networks. Alternately, layer 3 protocol-based VLANs can group nodes-based on protocols like TCP/IP, IPX and AppleTalk. In the case of TCP/IP, every machine must have a fixed IP address to be a part of a VLAN. Protocol-based VLANs can be very useful if you have applications running on the network that work on a particular layer 3 protocol.
The last form of VLAN creation is based on IP multicast addresses. In IP multicasting, one IP address acts as a proxy for several IP addresses. To create multicast groups, broadcast messages are sent on the network allowing to which nodes respond and become members of particular IP multicast groups. Each multicast group will have one multicast IP address. So all packets addressed to this multicast address will reach all nodes in its group. Each multicast group can therefore form one VLAN. Since all addresses are being assigned automatically by responding to broadcast messages, it saves the hassles of manually assigning them.
There are other methods of segmenting a network, such as using routers inside a network to control broadcast traffic. Choosing the one that’s right for your network can help optimize its performance.
Anil Chopra