by October 3, 2000 0 comments

Switches have become fairly common in medium to large-scaleorganizations, as they have several advantages over hubs. Switches have portsthat connect all the nodes on a network, and allow communication between them.The most important benefit of switches is that they provide dedicated bandwidthat every port. So a 10 Mbps switch will give 10 Mbps bandwidth on each port. A10 Mbps hub, on the other hand, will share 10 Mbps across all ports. But thatisn’t the only thing you can use switches for. They can also be used forsegmenting your network. We’ll talk about a special form of segmentation withswitches, called VLANs.

VLAN stands for Virtual Local Area Network. You can use VLANsto break up your existing LAN into multiple logical segments, which are isolatedfrom each other so that traffic from one can’t flow into the other. We say”logical” because VLANs are not completely dependent on physicallocation. Implementing VLANs can help control network traffic and manage yournetwork better.

Let’s illustrate the VLAN concept with an example.

Consider a company, the network access in whose officebuilding is given by installing a switch on each floor. In this scenario, allnodes are able to see each other, and are therefore on a single broadcastdomain. This means that if any device on the network sends a broadcast packet,everyone else on that network can see it. Most devices send broadcast packets onthe network to advertise their services, or request for a service. For example,if a node on the network wants an IP address, it’ll send a broadcast askingfor a DHCP server. The nearest DHCP server will then respond and assign an IPaddress to it. Similarly, NetWare sends out SAP (Service Advertisement Protocol)broadcasts on the network to tell everyone about the services it offers.

A very large broadcast domain is not very healthy for anetwork, and can slow your network down. Instead, you can break up your networkinto smaller broadcast domains with VLANs. So, for example, each floor couldbecome a VLAN. This way, the traffic from one floor will not reach other floors.Another way can be to divide the network based on functionality. So, if you havea group of users who need to access the same resources, but are sitting ondifferent floors of the building, you can create a separate VLAN for them. Alltraffic generated by these nodes will be contained within this VLAN.

Making VLANs

A VLAN can be created based on ports, MAC address, Layer 3protocols, or IP multicast. Let’s look at each one in turn.

Port-based VLANs are the most common and easiest to form.Here, you can take several ports from a switch or switches, and put them in oneVLAN. Each VLAN would be isolated from the rest, meaning that the traffic won’tflow out of it.

Though a port-based VLAN is very simple to form, it has itslimitations. For instance, if a user moves from one VLAN to another, theadministrator has no way of finding this out automatically. If it’s a mobileuser who unknowingly moves to a location that falls outside his designated VLAN,he won’t get the necessary access rights to his own VLAN, or may not get anyaccess at all. This is where MAC address-based VLANs come in handy.

A MAC address is the physical address of a network card. Youcan define VLANs based on these addresses. This way, no matter where a usermoves in the network, he will always remain on the same VLAN. However, this formalso has its own limitations. The first problem will be the initialconfiguration. An administrator will have to first assign MAC addresses to aVLAN, which will be especially difficult for a very large network. MACaddress-based VLANs can also pose a problem if you have hubs connected to yourswitches, because then a port on the switch will actually see multiple MACaddresses if there’s a hub connected to it.

Another way to create VLANs is based on Layer 3 protocols,such as TCP/IP, IPX, AppleTalk, etc. In case of TCP/IP, every machine must havea fixed IP address to be part of a VLAN. Protocol-based VLANs can be very usefulif you have applications running on the network that work on a particular Layer3 protocol.

The last form of VLAN creation is based on IP multicastaddresses. In IP multicasting, one IP address acts as a proxy for several IPaddresses. To create multicast groups, broadcast messages are sent on thenetwork, according to which nodes respond and become members of particular IPmulticast groups. Each multicast group will have one multicast IP address. So,all packets addressed to this multicast address would reach all nodes in itsgroup. Each multicast group can therefore form one VLAN. Since all addresses arebeing assigned automatically by responding to broadcast messages, it saves youthe trouble of assigning them manually.

VLAN switches

Not all switches provide VLAN capability. Therefore, you mustcheck whether the one you’re buying supports this capability. For example, weuse the Intel 510T 10/100 Mbps switch for this feature. These switches are alsoavailable from other vendors like 3Com, Cisco, Xylan, Cabletron.

Standardization

Standardization is a problem with VLANs. It’s stillavailable as proprietary single vendor solutions. So, if you want to implementVLANs across your organization, you must purchase all switches from a singlevendor. Efforts to bring about standardization are underway, and two standardshave been proposed–the IEEE 802.10 protocol for VLAN communication, andanother from the 802.1 Internet working subcommittee. For now, however, you’llhave to zero in on single-vendor solutions.

Anil Chopra

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<