VLAN or Virtual Local Area Network is a phenomenon which is used to
logically separate or combine a network. It is used to configured one or
more devices, so that they can communicate, as if they were attached to
the same wire, when in fact they are located on a number of different
LAN segments. Because VLANs are based on logical instead of physical
connections, they are extremely flexible.
What is VLAN
VLAN is a concept of partitioning of a physical network, so that distinct broadcast domains
are created. This is usually achieved on switch or router devices.
Simpler devices only support partitioning on a port level, so sharing
VLANs across devices requires running dedicated cabling for each VLAN.
Grouping hosts with a common set of requirements regardless of their
physical location by VLAN can greatly simplify network design. A VLAN
has the same attributes as a physical local area network (LAN), but it
allows for end stations to be grouped together more easily even if they
are not on the same network switch. Without VLANs, a switch considers
all interfaces on the switch to be in the same broadcast domain.To
physically replicate the functions of a VLAN would require a separate,
parallel collection of network cables and equipment separate from the
primary network.
How VLAN's work
When a LAN bridge receives data from a workstation, it tags the data
with a VLAN identifier indicating the VLAN from which the data came.
This is called explicit tagging. It is also possible to determine to
which VLAN the data received belongs using implicit tagging. In implicit
tagging the data is not tagged, but the VLAN from which the data came
is determined based on other information like the port on which the data
arrived. Tagging can be based on the port from which it came, the
source Media Access Control (MAC) field, the source network address, or
some other field or combination of fields. VLAN's are classified based
on the method used. To be able to do the tagging of data using any of
the methods, the bridge would have to keep an updated database
containing a mapping between VLAN's and whichever field is used for
tagging. For example, if tagging is by port, the database should
indicate which ports belong to which VLAN. This database is called a
filtering database. Bridges would have to be able to maintain this
database and also to make sure that all the bridges on the LAN have the
same information in each of their databases. The bridge determines where
the data is to go next based on normal LAN operations. Once the bridge
determines where the data is to go, it now needs to determine whether
the VLAN identifier should be added to the data and sent. If the data is
to go to a device that knows about VLAN implementation (VLAN-aware),
the VLAN identifier is added to the data. If it is to go to a device
that has no knowledge of VLAN implementation (VLAN-unaware), the bridge
sends the data without the VLAN identifier.
Why use VLAN's?
VLAN offer a number of advantages over traditional LAN.
Physical topology independence
VLANs provide independence from the physical topology of the network by
allowing physically diverse workgroups to be logically connected within a
single broadcast domain. If the physical infrastructure is already in
place, it now becomes a simple matter to add ports in new locations to
existing VLANs if a department expands or relocates. These assignments
can take place in advance of the move, and it is then a simple matter to
move devices with their existing configurations from one location to
another. The old ports can then be "decommissioned" for future use, or
reused by the department for new users on the VLAN.
Performance
In networks where traffic consists of a high percentage of broadcasts
and multicasts, VLAN's can reduce the need to send such traffic to
unnecessary destinations. For example, in a broadcast domain consisting
of 10 users, if the broadcast traffic is intended only for 5 of the
users, then placing those 5 users on a separate VLAN can reduce traffic.
Compared to switches, routers require more processing of incoming
traffic. As the volume of traffic passing through the routers increases,
so does the latency in the routers, which results in reduced
performance. The use of VLAN's reduces the number of routers needed,
since VLAN's create broadcast domains using switches instead of routers.
Switched networks by nature will increase performance over shared media
devices in use today, primarily by reducing the size of collision
domains. Grouping users into logical networks will also increase
performance by limiting broadcast traffic to users performing similar
functions or within individual workgroups. Additionally, less traffic
will need to be routed, and the latency added by routers will be reduced
Formation of Virtual Workgroups
Nowadays, it is common to find cross-functional product development
teams with members from different departments such as marketing, sales,
accounting, and research. These workgroups are usually formed for a
short period of time. During this period, communication between members
of the workgroup will be high. To contain broadcasts and multicasts
within the workgroup, a VLAN can be set up for them. With VLAN's it is
easier to place members of a workgroup together. Without VLAN's, the
only way this would be possible is to physically move all the members of
the workgroup closer together.
Despite this saving, VLAN's add a layer of administrative complexity,
since it now becomes necessary to manage virtual workgroups.
Reduced Cost
VLAN's can be used to create broadcast domains which eliminate the need for expensive routers.
Security
Periodically, sensitive data may be broadcast on a network. In such
cases, placing only those users who can have access to that data on a
VLAN can reduce the chances of an outsider gaining access to the data.
VLAN's can also be used to control broadcast domains, set up firewalls,
restrict access, and inform the network manager of an intrusion.
Improved manageability
VLANs provide an easy, flexible, less costly way to modify logical groups in changing environments. VLANs make large networks more manageable by allowing centralized configuration of devices located in physically diverse locations.
0 comments:
Post a Comment