Virtual Local Area Networks - Essay Example

Virtual Local Area Networks Virtual Local Area Networks Local Area Network is a group of computers and associated devices that share a common communication line or a wireless link to a server. For many years in the past, LANs were developed as single broadcast domains. The rise of virtualization has fueled the development of Virtual Local Area Networks which allow the network administrators to logically group network nodes and partition their networks without the need for major infrastructure changes. This essay seeks to cover Virtual Local Area Networks (VLANs), focusing on their concept and operation of VLANs, properties of LANs and broadcast domains, the advantages of using VLANs compared with older router based networks and finally discuss the situations in which VLANs are not appropriate or indispensable. Virtual Local Area Network (VLAN) is a logical group of workstations, servers and network devices that share the same broadcast domain without need to be geographically located in the same area (Chowdhury and Boutaba, 2009). This means that the network administrator can logically divide the LAN into different VLANs each with its own broadcast domain instead of having one broadcast domain shared between all devices in the network. For instance, an organization with different physically separated departments can segment its network into multiple VLANs based on the departments for special purposes. Hence, only hosts that belong to the same particular VLAN can exchange data or share network resources. In addition, different VLANs can communicate only through a router which has to be connected to both of them, hence reduced congestion of traffic in the network that originates from a broadcast frame (Hartpence, 2011). Therefore, splitting a network into VLANs boost the performance, security and reduce the clogging on a large LANs (Yadav et al., 2013). The enhancement of today’s Virtual LAN has been achieved through different stages. According to (Cullen, 2001) the development of LAN switches began in 1990; bridges were used as a layer 2 devices to segment networks and to solve the consumption of bandwidth used in broadcast traffic. After that, it was replace by segmenting networks at layer 3 using a number of routers between segments and a chain of hubs inside each segment to forward frames between devices (Hartpence, 2011). The problem of using hubs is that, it deals with all frames as a broadcast frame and forward incoming frames to all devices in the shared segment. Therefore, the increased number of hosts in each segment leads to increased demand of bandwidth and affect the throughput efficiency of networks (Hartpence, 2011). As a result, the network switches emerged which forward incoming uncast frames only to the desired destination. This improves the network efficiency by using the full bandwidth between two pairs of hosts. Nonetheless, there was a need to reduce the bandwidth used in a broadcast requests particularly in LAN with high number of workstations. Therefore, VLANs were introduced instead of the traditional LANs which group devices according to their physical areas and connect different LANs by means of routers. According to Yadav et al. (2013), there are three types of VLANs: Port-based VLANs, MAC address-based VLANs and Protocol-based VLANs. In a Port-based VLAN (layer 1), a particular port in a switch is assigned to individual VLAN of a LAN switch. Because of the physical assignment of ports, this makes troubleshooting easier while it does not support user’s mobility. For instance, if a user moves to another location, the network administrator must configure the new port to the previous user’s VLAN. In MAC address-based VLANs (layer 2); a table of workstations’ MAC addresses and their VLANs membership are kept in each switch. Therefore, no more configurations are needed when a station moves within the same VLAN. The Protocol-based VLANs (layer 3) is based on the protocol type used in the header field of a frame. Therefore, all devices that use the same protocol are grouped to the same VLAN. In other words, the Protocol-based VLANs are based on a tag that is inserted into the header of an Ethernet frame; this method is used in IEEE 802.1Q and Inter-Switch Link (ISL). Conlan et al. (2009) define ISL (CISCO’s protocol) as an encapsulation protocol that encapsulates the entire Ethernet frame and add a new ISL header. While IEEE 802.1Q does not encapsulate the whole frame; it inserts a 4 bytes tag to the original frame header. However, (Simulationexams.com, 2015), mentions another type of VLANs membership called subnet-based VLAN (layer 3 VLANs); the network IP subnet address is used to specify the VLANs membership. However, using such technique brings several advantages compared to traditional LANs. The primary advantage is that VLANs help in reducing the need to send a broadcast traffic to unnecessary destinations (Hartpence, 2011).This helps to enhance the performance of networks and decreases the bandwidth conception due to the use of broadcast domains. Conlan (2009) defines a broadcast domain as the number of workstations in a network that will receive a broadcast frame and read the data even if the data is unnecessary for some devices. In VLANs, each VLAN has different broadcast domain to reduce the traffic generated from a broadcast request. In contrast, implementing VLANs with broadcast domains may conflict with Windows network devices discovery and Dynamic Host Configuration Protocol (DHCP), since these applications are broadcasts and the router that connects VLANS drops any broadcast traffic. For instance, if a DHCP server running on VLAN1 and there is no DHCP server running on VLAN2, thus any request for IP addresses from VLAN2 will be dropped by the router. This confliction particularly occurred in the subnet-based VLANs type but in MAC-based VLANs, a new device must be assigned an IP address from DHCP server which depends on its particular VLAN (Cullen, 2001). Another advantage is that using VLANs and broadcast domains reduce the costs due to the logical assignment of workstations to different (Yadav et al., 2013). Moreover, segmenting large VLAN to smaller VLANs by means of switches eliminate the costs associated with expensive routers. While Cullen (2001) mentions that the most important reason of implementing VLANs is the cost-effectiveness in time and money of the process of adding or moving stations in an organization. Additionally, sensitive data may be propagated through a network that could be accessed by unwanted users. Therefore, grouping users who can have access to a specific data on a VLAN reduces the chance of attackers to reach that data. As a result, isolating groups in VLANs improve the security at low level, thus users on a different VLANs cannot communicate with each other directly. On the other hand, VLANs improve the performance of networks and help network administrator to manage networks easily, since the workstations on a VLAN usually have the same IP subnet, this facilitate the management of a network (Conlan, 2009). This is in the case of subnet-based IP address where users can move their location without need to reconfigure their network addresses. However, this method used layer 3 information only, to specify the membership in VLANs at layer 2 but it does not do network routing (Simulationexams.com, 2015). The basic idea of VLANs is connecting a group of devices logically which might be located in different physical locations of a LAN and behave as if they are physically connected to the same network. This section will describe the operation of VLANs based on IEEE 802.1Q standards. The discretion below is based on Packet Guide to Routing and Switching book (Hartpence, 2011). A simple topology is shown in Figure 1 in which two VLANs are implemented in one switch. PC1 and PC2 belong to the same VLAN and located in the same floor, PC3 and PC4 are assigned to VLAN2 and located in the second floor. A group of devices in each VLAN have the same network address and a router is used to connect the two VLANs. Figure 1: In this case, a VLAN behave as a layer 3 of OSI model whereas packets from users in 192.168.1.0 network (VLAN1) should go through the router to reach a destination on 192.168.2.0 network (VLAN2). However, a broadcast and multicast from VLAN1 will not propagate to devices on VLAN2.The above topology represent a static VLAN in which a network administrator configure each port to a particular VLAN. In some cases, there is a need to move devices to another VLAN or department. A dynamic VLAN could be used, in which the administrator does not need to configure each port in the switch. Thus, a central server called Member Policy Server (VMPS) could be used as shown in Figure 2. Figure 2: Figure 3 represents a network topology of multiple VLANs which belong to more than one switch. All devices belong to the same VLAN and have the same network address. The router is connected to Switch 2 and its Ethernet interfaces are connected to VLAN1 and VLAN2. A trunk line is used to connect the two switches and transfer VLANs information between them. However, a trunk line should be connected to a trunk interface (T) in a switch; this will eliminate the need for multiple interfaces to connect the router to each VLAN. The trunk interface does not belong to any VLAN or other devices in a switch connected to an access ports. Since all ports of a switch are access ports by default, a trunk port can be configured using a mode command in CISCO switches. Figure 3 Using a trunk line requires the use of tagging technologies such as IEEE 802.Q1 protocol that modifies the Ethernet frames in order to send VLANs information between switches. IEEE802.Q1 protocol does not encapsulate the original frame, it adds 4 bytes after the source MAC address to the Ethernet frame. Applying such mechanism brings many advantages compared to the physical LANs joined by routers. Using VLANs does not require multiple switches for different networks. This means that one switch can be used to create more than one Virtual Local Area Networks. While in traditional LANs all nodes geographically located in same LAN and routers are used to connect different LANs. This adds more delay in transmitting data via different routers. Therefore, the use of VLANs reduces the latency and cost of expensive routers as well as increasing the performance due to the use of broadcast domains. This is because of the role of routers in VLANs which is to send traffic between different VLANs using IP subnet and broadcast traffic propagated through switches (layer 2) of a network. Moreover, network management is eased in VLANs because it does not require physical administration when a stations move between different LANs. In addition, using broadcast domains improve the security compared to physical LANs where sensitive data can be accessed only by devices on the same VLAN. However, IPv6 does not support broadcast addresses, instead it uses a multicast group address. According to (Brocade.com, 2015) IPv6 VLANs can be implemented by Protocol-based VLAN. In this case a layer three switch forward the received IPv6 multicast packets to all ports on the switch without differentiating to which subnet address it is directed. However, there are some criteria that should be taken into account before deciding to implement VLANs. According to (Menga, 2004) the maximum number of devices in each VLAN depends on the Layer 3 protocol used. For instance, IP and IPX protocol support up to 500 and 300 devices respectively. Therefore, for those networks that need more than 500 devices to have access to the same network resources (to be in the same VLAN), it is recommended to use physical VLAN for easier network management. However, the number mentioned above is guideline by CISCO but in case the network administrator decides to implement them in one VLAN, there is a need to observe the network performance in a regular basis. In addition, if the organization has a large number of departments and there is a need to separate them in different LANs, it is suggested to a void deploying a VLAN because of the overhead on routers. This is due to the need of sending Service Advertising Protocol (SAP) packets by the router for every VLAN in the network (VLAN Best Practices, 2015). In case of small networks, if the security is not necessary by using VLAN to isolate traffic between departments and all of devices in the network need to access all servers and network resources, implementing VLAN is not necessary. Moreover, if the network is small with one switch with less than 100 devices and all in the same network address, it is easy to manage the network without need for VLANs. References Chowdhury, N and Boutaba, R. (2009) Network Virtualizations: State of the Art and Research Challenges, IEEE Communications Magazine, 47(7). Hartpence, B. (2011) Packet Guide to Routing and Switching, O’Reilly Media.Inc Conlan, J. (2009) Advanced Internetworking Guide, Willey Publishing. Inc Menga, J. (2004) CCNP Practical Studies: Switching, Pearson Education, Indiana 46240. Brocade.com. (2015) Network OS Layer 2 switching configuration guides, Brocade communication systems. Inc, 53-1003657-01 Yadav, M. et.al (2013) Discovery Engineering: VLAN & Its Implementation over ATM by using IP, 2013, 2(8), 105-10. Read More