Sunday, July 12, 2009

VLAN .. Complete Introduction ...

What are VLANs?

VLAN which stands for Virtual LAN is defined in the IEEE802.1q standard. It is a technology allowing a company or an individual to extend their LAN over the WAN interface, breaching the physical limitations of regular LANs.
VLAN technology also allows having several VLANs over a single switch in such a manner that all the LANs will operate in parallel and may not be even aware of each other.
VLAN as can be inferred from the name allows you to create a virtual LAN as which as far as the users are concerned behaves the same way as a regular LAN does. For instance someone in New York could access a printer located in Tel-Aviv using a LAN IP address - as if the printer were just in the next room!
To understand VLANs, it is first necessary to have an understanding of LANs. A Local Area Network (LAN) can generally be defined as a broadcast domain. Hubs, bridges or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Communications with devices on other LAN segments requires the use of a router.
TYPES
There are several types of VLANs that are defined:

1.Port Based VLANs (Layer 1) -
all the traffic which arrives at a given port of a switch is associated with some VLAN. In such a manner you could connect several VLANs to a single switch and have them operate concurrently - this is very convenient in a static environment where the members of the different VLANs stay the same ones over large amounts of time and change very infrequently. When you use port based VLANs the data frame received on a given port is not altered but is simply forwarded to the correct output port as configured in the switch.

2.MAC Based VLANs (Layer 2) -
all the traffic received is inspected for the source and destination MAC addresses and the appropriate VLANs are determined by them. This type of VLAN allows to connect all the computers to all the ports of a switch and the switch will associate each one to the appropriate VLAN as it is defined. This type of VLANs is much easier to manage as it removes the physical requirement of connecting a specific device to a specific port. However, the management overhead is much greater in this type of VLANs as each computer needs to be manually associated to some VLAN in the first place. The frames in this type of a VLAN may be edited to accommodate the VLAN they belong to, this is achieved by using VLAN tags - more on that later.

3.Protocol Based VLANs (Layer 2)
- this type of VLANs is based on the protocol transmitted, each protocol can be assigned a different port for example IP traffic will go through port 1 and all other traffic through a different port. This kind of flexibility allows for logical segmentation of the network based on the type of traffic used in each network part.
4.IP Subnet Based VLANs (Layer 3) -
all the traffic in this type of VLAN is split according to the IP subnet of each source/destination, although this involves access to layer 3 data which could be considered as routing data this is not the case as the IP subnet is used to merely map the exit port of each VLAN based on the subnet. This allows great network flexibility as users are able to move computers from different locations and retain the same VLAN membership at zero effort. The drawback of this VLAN segmentation is that it requires additional processing for the layer 3 header and thus adds more latency than the other VLAN segmentation methods.

VLAN Tags:
The VLAN tag is a 2 byte tag used to identify the VLAN to which and from which the frame is transmitted, in case of a VLAN aware computer. The first 3 bits of the VLAN tag indicate the priority of the traffic which is included in the packet to allow for some basic QOS to ensure that critical data can pass through the network quickly with as little delays as possible. The value of this field can be generated at the end station and updated on every switch (VLAN aware) on the way as well. More on the usage of these 3 bits can be found in IEEE 802.1p standard.
The 4th bit is CFI - Canonical Format Indicator which is used mainly for 802.3 source routing information.The last 12 bits are the VLAN Identifier - VID, these enable the creation of 4094 VLANs

VLAN Protocols:

1.GVRP - GARP VLAN registration protocol

For understanding GVRP, it is necessary to understand GARP. What GVRP enables us is that VLAN Bridges will dynamically be able to learn their VLAN membership.
Therefore, minimum VLAN configuration at a bridge is sufficient; when a switch receives a GVRP message, if GVRP is enabled and dynamic VLAN registration is enabled, than the ports will be added as either tagged or untagged VLAN members according to the VLAN aware or unaware devices attached to it.
The second application that uses the GARP is the Multicast group information exchanges protocol with the help of GARP multicast registration protocol (GMRP).

2.GARP - generic attribute registration protocol

The IEEE 802.1D MAC bridges defined GARP as the solution for manually configuring all of the devices and application. GARP enables configuring few devices and applications while the rest of them learn the required information dynamically.
GARP define that any group of applications that share a common attribute can declare and register their state information related to the attribute. A GARP applicant can choose whether to participate in declaring and registering the attribute value.
When an applicant declares an attribute with a GARP message, the other applicants that receive the message know that the sender is either associated to that attribute, or that the sender wants to know about other applicants associated with that attribute.

3.VTP - VLAN Trunking Protocol

With VLANs, the network is segmented into smaller collision domains. But when working in a large environment where there are many switches involved, it becomes difficult to maintain VLANs across the LAN. In this environment, the VTP protocol makes administration of VLANs easier.
Interconnected switches are configured to belong to the same VTP domain, which is a logical group of switches that shares VLAN information. Every switch can belong to only one VTP domain, and the links connecting the switches must be configured for trunk mode.
There are three setting modes for connecting a switch to a VTP domain:
1. VTP Server: maintains the VLAN database - VLANs can be created, deleted and edited on the server.
2. VTP Client: only Maintains the database - VLANs cannot be created, deleted and edited on clients.
3. Transparent: does not participate in the VTP domain. VTP advertisements are forwarded.

VLAN Benefits
As we have seen, there are several benefits to using VLANs. To summarize, VLAN architecture benefits include:
* Increased performance
* Improved manageability
* Network tuning and simplification of software configurations
* Physical topology independence
* Increased security options

VLAN Limitations
There are a few limitations to using VLANs, some of the more notable being:

* Broadcast limitations
* Device limitations
* Port constraints

Broadcast limitations

In order to handle broadcast traffic in an ATM VLAN environment it is necessary to have a special server that is an integrated part of the ATM infrastructure. This server has limitations in the number of broadcasts that may be forwarded. Some network protocols that will be running within individual VLANs, such as IPX and AppleTalk, make extensive use of broadcast traffic. This has the potential of impacting thresholds on the switches or broadcast servers and may require special consideration when determining VLAN size and configuration.

Device limitations

The number of Ethernet addresses than can be supported by each edge device is 500. This represents a distribution of about 20 devices per Network 21 port. These numbers are actual technical limitations that could be further reduced due to performance requirements of attached devices.
These limitations are above the recommended levels for high performance networking. From a pure performance standpoint, the ideal end-user device to Network 21 port ratio would be one device per port. From a practical point of view, a single Network 21 port could be shared by a number of devices that do not require a great deal of bandwidth and belong to the same VLAN. An example of this would be a desktop computer, printer, and laptop computer for an individual user.

Port Constraints
If a departmental hub or switch is connected to a Network 21 port, every port on that hub must belong to the same VLAN. Hubs do not have the capability to provide VLANs to individual ports, and VLANs can not be extended beyond the edge device ports even if a switch capable of supporting VLANs is attached.

No comments:

Post a Comment