In simple terms, a VLAN (Virtual LAN) is a set of workstations within a LAN that can communicate with each other as though they were on a single, isolated LAN.
Question: What does it mean to say that they "communicate with each other as though they were on a single, isolated LAN"?
Answer:
- broadcast packets sent by one of the workstations will reach all the others in the VLAN
- broadcasts sent by one of the workstations in the VLAN will not reach any workstations that are not in the VLAN
- broadcasts sent by workstations that are not in the VLAN will never reach workstations that are in the VLAN
- the workstations can all communicate with each other without needing to go through a gateway. For example, IP connections would be established by ARPing for the destination IP and sending packets directly to the destination workstation - there would be no need to send packets to the IP gateway to be forwarded on.
- the workstations can communicate with each other using non-routable protocols.
The purpose of VLANs
The basic reason for splitting a network into VLANs is to reduce congestion on a large LAN. To understand this problem, we need to look briefly at how LANs have developed over the years.
Initially LANs were very flat - all the workstations were connected to a single piece of coaxial cable, or to sets of chained hubs. In a flat LAN, every packet that any device puts onto the wire gets sent to every other device on the LAN.
As the number of workstations on the typical LAN grew, they started to become hopelessly congested; there were just too many collisions, because most of the time when a workstations tried to send a packet, it would find that the wire was already occupied by a packet send by some other device.
This section describes the three solutions for this congestion that were developed:
1. Using routers to segment LANs
2. Using switches to segment LANs
3. Using VLANs to segment LANs
1. Using routers to segment LANs
The early solution to this problem was to segment the network using routers. This would split the network into a number of smaller LANs. There would be less workstations on each LAN, and so less congetion.
Of course, routable data being send between LANs would have to be routed, so the layer 3 addresses would have to be organized so that each LAN had an identifiable set of addresses that could be routerd to - such as an IP subnet. Non-routable protocols would have to be bridged, which is not quite so congestion-reducing, because bridges forward all broadcasts. But, at least for unicast packets, a bridge only forwards packets if it knows that the destination address is not in the originating LAN.
2. Using switches to segment LANs
As switches became more available, there was a move from chained hubs to a set of hubs connected to a switch. A switch only send traffic to a given port if the traffic has to go to that port. So switches have the effect of reducing congestion at workstations, by stopping the workstations from seeing all the traffic from other ports of the switch.
A simple switched network, though, still needs routers to set the boundaries of where broadcasts are sent (referred to as "broadcast containment"). So, the typical LAN was set up as shown in the following figure:
The above figure introduces the concept of a LAN segment. This is also referred to as a collision domain, because when a device is trying to send a packet, it can only collide with packets sent by other devices on the same segment. Each LAN segment consists of all the devices attached to a single switch port - the switch stops packets from different ports from collidig with each other.
The LAN itself is referred to as a broadcast domain, because if any device within the LAN sends out a broadcast packet, it will be transmitted to all devices in that LAN, but not to devices beyond the LAN.
3. Using VLANs to segment LANs
As LANs became larger, data rates became faster, and users desired greater flexibility, the routers in a network started to become a bottleneck. This is because:
- routers typically forward data in software, and so are not as fast as switches
- splitting up a LAN using routers meant that a LAN typically corresponded to a particular physical location. This became limiting when many users had laptops. and wanted to be able to move between buildings, but still have the same network environment wherever they plugged in.
So, switch vendors started implementing methods for defining "virtual LANs" - sets of switch ports, usually distributed across multiple switches, that somehow interacted as though they were in a single isolated LAN. This way, workstations could be separated off into separate LANs without being physically divided up by routers.
At about the same time, hubs became less popular and have been largely replaced by L2 switches. This has made the whole concept of a collision domain somewhat historical. In modern networks, a "collision domain" mostly consists of a single device attached to an L2 switch port, or possibly a PC with something like an IP phone attached to it.
So, the layout of the LAN has become more like:
So, instead of the LANs corresponding to physical areas divided from each other by routers, there are virtual LANs distributed across the network. For example, all the devices in the various areas labelled "VLAN A" all belong to a single virtual LAN - i.e. a single broadcast domain.
Follow on:
1. Facebook
2. Google+
0 comments:
Post a Comment