Virtual Lans by rahul rk(9986510206)

8/14/2019 Virtual Lans by rahul rk(9986510206)

1/8

Virtual LANsFlexible network segmentation for high-speed LANs

Intel Networking Information Series

For todays networking professionals who need fast,

concise information to help them understand new

technologies that can make their networks more

efficient and cost-effective.


2/8

2

V i r t u a l L A N s

Contents

Executive Summary 3

The Need for VLANs 4

VLANs: A Semi-Technical Discussion 5

An Industry-Wide VLAN Standard 6

The Intel VLAN Solution 6

Summary and Conclusion 7

For More Information 7

Glossary of Terms 7


3/8


3

Executive

Summary

Few people experience the rapid changes

of todays business environment more

than Information Technology (IT)

managers. Employees move, businessoperations are restructured and new tech-

nologies emerge. All of these changes

add pressure to networks already straining

under the requirements of more users,

more powerful workstations and more

demanding applications.

Virtual LANs (VLANs) can help IT

managers adapt to these changes more

easily and effectively, while increasingoverall network performance. By offering

a highly flexible means of segmenting a

corporate network, VLANs reduce the

performance bottlenecks that occur when

traditional backbone routers cant meet

the demands of fast, switched networks.

A VLAN is a group of PCs, servers

and other network resources that behave

as if they were connected to a single,network segment even though they

may not be. For example, all marketing

personnel may be spread throughout

a building. Yet if they are all assigned to

a single VLAN, they can share resources

and bandwidth as if they were connected

to the same segment (see Figure 1).

The resources of other departments can

be invisible to the marketing VLAN

members, accessible to all, or accessible

only to specified individuals, at the IT

managers discretion.

This logical grouping of network

nodes helps free IT managers from the

restrictions of their existing network

design and cabling infrastructure.

It offers a fundamental improvement

in the ease with which LANs can be

designed, administered and managed.

And since VLANs are software-based,

they allow the network structure to

quickly and easily adapt to the addition,

relocation or reorganization of nodes.

No longer does each change require a

visit to the wiring closet.

Equally important, VLANs help meet

performance needs by segmenting the net-

work more effectively. Unlike standard

switching, they restrict the dissemination of

broadcast as well as node-to-node traffic,

so the burden of extraneous traffic is

reduced throughout the network. Security

can also be improved. Since all packets

traveling between VLANs may also pass

through a router, standard router-based

security measures can be implemented

to restrict access as needed.

Despite the advantages of a well-

designed VLAN solution, the newness

of the technology and the large number

of proprietary implementations have

created confusion in the marketplace.

Some industry pundits have charged

that VLANs may eventually become

unnecessary as routing becomes faster

and high-bandwidth technologies such

as Fast Ethernet and Gigabit Ethernet

emerge. They also note a slow, industry-

wide trend toward protocols that depend

less upon broadcast traffic.

These changes may, to some extent,

reduce the importance of VLAN solutions

in the future, but they wont eliminate

many of the key advantages of the tech-

nology. And VLANs offer an immediate

and cost-effective solution to several very

real networking challenges a solution that

can be integrated into existing networks

without costly overhauls. The potential

benefits should not be ignored.

Figure 1:VLANs allow highly flexible, efficient network segmentation, enabling users and resources to be

grouped logically, without regard to physical location.

Switch

2nd Floor

Switch

Router

Ist Floor

Switch

Hub

3rd Floor

Printer

Printer

Marketing

Engineering

Administration

WAN

The VLAN Solution


4/8

The Need

for VLANs

By the 1980s, most networks consisted

of a simple, hierarchical arrangement in

which multiple, shared-media networks

were connected by a router (see Figure 2).With their sophisticated packet handling,

routers allowed communication between

networks when necessary, while effectively

segmenting traffic so that large shared

networks were not swamped by excessive

traffic. Unfortunately, traditional routers

were slow, complicated and expensive.

As the need for faster networks emerged,

a new solution was needed.Switches spearheaded the next

evolution of network structure. By

segmenting the network and providing

dedicated bandwidth where needed,

they greatly increased performance,

while reducing cost and complexity

(see Figure 3). However, traditional

switches segment only unicast, or

node-to-node, traffic. Unlike routers,they do not limit broadcast traffic

(packets that are addressed to all

the nodes within the network) or multicast

traffic (packets that are distributed to a

group of nodes).

As networks have grown and traffic has

increased, IT managers have been forced

to segment their networks into more andmore switched subnets to meet increasing

performance demands. With these changes,

broadcast and multicast traffic have placed

a greater burden on network bandwidth.

In the worst case scenario, broadcast

traffic can spiral out of control, creating

broadcast storms that can bring down

the network.

As switched networks have become

more common, routers have continued to

exist within the network. But theyve been

forced toward the periphery, where speed

is generally less critical.

VLANs offer an effective solution to

swamped routers and broadcast storms.

By limiting the distribution of broadcast,

multicast and unicast traffic, they can

help free up bandwidth, reduce the need

for expensive and complicated routing

between switched networks, and eliminate

the danger of broadcast storms. With these

advantages, VLANs revive many of the

key advantages of LAN routing, but with

greater flexibility, performance, simplicity

and affordability.


4

Figure 2:Traditional LAN routers segment the network and provide logical

structure, but are slow, complicated and expensive.

CorporateLAN Router

Server

PCsPCsPCs

ServerServer

Hub Hub Hub

A Traditional Fully Routed Network

Figure 3:Standard switches are much faster than routers and provide dedicated

bandwidth where needed, but are vulnerable to broadcast storms.

CorporateLAN Router

Servers

PCs

Hub

PCs

Hub

PCs

Hub

PCs

Hub

SwitchSwitch

WAN

A Standard Switched Network

Flexible network segmentation

Users and resources that communicate most

frequently with each other can be grouped into

common VLANs, regardless of physical location.

Each groups traffic is largely contained within the

VLAN, reducing extraneous traffic and improvingthe efficiency of the whole network.

Simple management

The addition of nodes, as well as moves and

other changes, can be dealt with quickly

and conveniently from the management console

rather than the wiring closet.

Increased performance

VLANs free up bandwidth by limiting node-to-node

and broadcast traffic throughout the network.

Better use of server resources

With a VLAN-enabled adapter, a server can be a

member of multiple VLANs. This reduces the need

to route traffic to and from the server.Enhanced network security

VLANs create virtual boundaries that can only be

crossed through a router. So standard, router-based

security measures can be used to restrict access

to each VLAN as required.

Benefits of VLANs


5/8


5

In general, there are three basic models

for determining and controlling how

a packet gets assigned to a VLAN.

Port-based VLANs In this imple-mentation, the administrator assigns

each port of a switch to a VLAN. For

example, ports 1-3 might be assigned

to the Sales VLAN, ports 4-6 to the

Engineering VLAN and ports 7-9 to

the Administrative VLAN (see Figure 4).

The switch determines the VLAN

membership of each packet by noting

the port on which it arrives.

When a user is moved to a different port

of the switch, the administrator can simply

reassign the new port to the users old

VLAN. The network change is then

completely transparent to the user, and

the administrator saves a trip to the wiring

closet. However, this method has one

significant drawback. If a repeater is

attached to a port on the switch, all of

the users connected to that repeater

must be members of the same VLAN.

MAC address-based VLANs

The VLAN membership of a packet in

this case is determined by

its source or destination

MAC address. Each

switch maintains a table

of MAC addresses and

their corresponding

VLAN memberships.

A key advantage of

this method is that the

switch doesnt need

to be reconfigured

when a user moves to

a different port.

However, assigning VLAN membership

to each MAC address can be a time con-

suming task. Also, a single MAC address

cannot easily be a member of multiple

VLANs. This can be a significant limitation,

making it difficult to share server resources

between more than one VLAN. (Although

a MAC address can theoretically be assigned

to multiple VLANs, this can cause serious

problems with existing bridging and

routing, producing confusion in switch

forwarding tables.)

Layer 3 (or protocol)-based VLANs

With this method, the VLAN membershipof a packet is based on protocols (IP, IPX,

Netbios, etc.) and Layer 3 addresses. This

is the most flexible method and provides

the most logical grouping of users. An IP

subnet or an IPX network, for example,

can each be assigned their own VLAN.

Additionally, protocol-based membership

allows the administrator to assign non-

routable protocols, such as Netbios or

DECNET, to larger VLANs than routable

protocols like IPX or IP. This maximizes

the efficiency gains that are possible

with VLANs.

Another important distinction between

VLAN implementations is the method

used to indicate membership when a

packet travels between switches. Two

methods exist implicit and explicit.

Implicit VLAN membership is

indicated by the MAC address. In this

case, all switches that support a particular

VLAN must share a table of member

MAC addresses.

Explicit A tag is added to the packet

to indicate VLAN membership. Cisco

ISL and the IEEE 802.1q VLAN

specifications both use this method.

To summarize, when a packet enters

its local switch, the determination of its

VLAN membership can be port-based,

MAC-based or protocol-based. When

the packet travels to other switches, the

determination of VLAN membership

for that packet can be either implicit

(using the MAC address) or explicit

(using a tag that was added by the first

switch). Port-based and protocol-based

VLANs use explicit tagging as their

preferred indication method. MAC-based

VLANs are almost

always implicit.

The bottom line is

that the IEEE 802.1q

specification is going

to support port-based

membership andexplicit tagging,

so these will be

the default VLAN

model in the future.

Figure 4:In a Port-based VLAN, each port of a switch can be assigned to a particular VLAN.

SwitchMarketing

Engineering

Administration

1 2 3 4 5 6 7 8 9

Port-Based VLANs

VLANs:A Semi-Technical Discussion


6/8


6

An Industry-Wide

VLAN Standard

Many vendors have already developed

their own proprietary VLAN solutions

and products. Although these can provide

significant benefits, an industry standardis clearly needed to ease the confusion

and make the benefits of VLANs more

accessible to IT managers.

At present, the IEEE is still working

on the 802.1q specification, which will

help ensure the interoperability of VLAN

implementations between switches and

NICs from different vendors. Ratification

of 802.1q is expected in the spring of 1998,but products based on the specification

will start to appear on the market in early

1998. A second IEEE specification, 802.1p,

defines the use of priority bits, which are

part of the explicit VLAN tag as defined

in 802.1q.

There are two different VLAN

models which will both be specified

in the 802.1q specification: the shared

model and the independent model.

Both are explicit tagging implementa-

tions. They will generally work together,

but problems can arise. Specifically, if

you have a bridge router in your net-

work, you would probably do well to

adopt the independent model. If not,

either option would work. Some switches

will support both models, but you mustchoose one when configuring the switch

for your network.

The Intel

VLAN Solution

A proprietary VLAN solution can

provide significant benefits. But once the

IEEE specifications have been finalized,

most future networking products will bedesigned to support and extend that new

industry standard. So a standards-based

VLAN solution is more likely to retain

and extend its value as your network

grows and you incorporate new products

and technologies.

Intel currently offers network adapters

that are hardware-compatible with the

upcoming IEEE VLAN specifications.Once the specifications are ratified, simple

software upgrades will be available by

disk or from the Intel Web page to estab-

lish compliance. Adapters that support

this simple upgrade path include:

sIntel EtherExpressTM Server Adapter

sIntel EtherExpress PRO/100

PCI Adapter

sIntel EtherExpress PRO/100+

PCI Adapter

Since the industry standards are not

yet finalized, Intel switches currently

support a proprietary VLAN solution,

using the MAC address-based method

with Layer 3 extensions. This is an

extremely flexible approach, enabling

an efficient, high-performance VLAN

solution. The Intel EtherExpress

PRO/100 Server Adapter compliments

the implementation in Intel switches

with its support for Ciscos proprietary

ISL VLAN protocol.

In the future, Intel intends to offer

strong support for the IEEE VLAN

specifications in both switches and

adapters. Both port-based and MAC

address-based VLANs will be supported

using an implicit model. Explicit tagging

will be also be supported using both the

shared and independent models. This

support for multiple implementationswill make it as easy as possible for IT

managers to create their own VLAN

solutions, and help ensure compatibility

with other VLAN implementations

within their network.

Flexible VLAN support is only

one way in which Intel switches and

adapters help ensure maximum per-

formance and adaptability in changingnetwork environments. (For more infor-

mation, see the Adaptive Technology

and Layer 3 Switching briefs in the

Intel Network Information Series,

FaxBack 1758 and 1769.)

Intels support for emerging VLAN

technologies derives naturally from

Intels commitment to delivering high-

performance connectivity solutions toPCs and servers.

Intel now offers a complete line of

industry-leading networking products

and network management software.

All offer high-performance, cost-

effective networking solutions, designed

to empower users at the desktop while

easing the burden on IT managers.

Intel has also played a leading role

in shifting the industry toward simplified

PC and server management. The Wired

for Management (WfM) initiative was

launched by Intel in September of 1996.

One result of this wide-ranging effort

is the Wired for Management Baseline

Specification. This defacto industry

standard is already helping to make


7/8


7

the next generation of networked PCs

easier to manage and support. The goal

is nothing less than a network of PCs

that can be fully managed from a

central location.

Intel is strongly committed to devel-oping and supporting other industry-wide

standards as well, through cooperation

with other key vendors and standards

organizations. Because in todays het-

erogenous networking environments,

a solution can only be cost-effective if

it interoperates readily with existing

components and software. To safeguard

your investment, Intel continually tracksand supports trends and specifications

relating to VLANs and other emerging

networking technologies.

Summary and

Conclusion

By segmenting the corporate network

with a new level of flexibility, VLANs

offer a fundamental improvement tothe network by working to simplify

management, while increasing

performance and enhancing security.

Desktops, servers and other network

resources can be organized according

to the needs of the business, rather

than the restrictions of the wiring closet.

VLANs also address the limitations

of standard switch segmentation bycontaining broadcast as well as node-to-

node traffic. This helps eliminate router

bottlenecks and reduces the danger of

broadcast storms. Also, as a software-

based solution, VLANs allow IT

managers to adapt more easily to the

inevitable network changes that occur

in a fast-paced business environment.

Intels current VLAN solution offers

a highly flexible approach, using explicit

tagging so that each node can be assigned

to multiple VLANs. In future switches

and adapters, Intel will provide multiple

VLAN solutions to better meet thespecific needs of individual networks,

while also supporting the upcoming

IEEE specifications.

For More

Information

Visit Intel on the World Wide Web

at http://www.intel.com/network

for more information on Intels

complete line of LAN adapters,switches and other high-performance

networking solutions.

Broadcast Network traffic that is disseminated to all the nodes on a shared-

media segment

Explicit model VLAN membership is indicated by adding a tag to each packet

Implicit model VLAN membership is determined by examining information

that already exists within each packet (the MAC address)

Independent Model One of two explicit VLAN models specified in the

IEEE 802.1q specification

Layer 3 (or protocol)-based VLANs Each packets protocol or Layer 3 addressing

is examined individually by the switch to determine VLAN membership

MAC Address-based VLANs VLAN membership is determined by the MAC

address of each individual node

Multicast Network traffic that is disseminated to selected nodes

Node Each of the individual computers or other devices on a network

Packet A chunk of data bits and associated information, including source address

and destination address, formatted for transmitting from one node to another

Port-based VLANs Each port of a switch is assigned to a particular VLAN

Router A device that connects two networks at the Network Layer (Layer 3) of the

OSI model; operates like a bridge, but also can choose routes through a network

Segmentation The division of a network into separate shared-media subnets

Shared Model One of two explicit VLAN models specified in the IEEE 802.1q

specification

Switch A device that connects multiple network segments at the Data Link Layer

(Layer 2) of the OSI model. They operate more simply and at higher speeds than routers.

Unicast Network traffic between two nodes

VLAN Virtual LAN; a logical grouping of network nodes that act as if they are

connected to a single, shared-media network

Glossary of Terms


8/8

NP0995

Intel Corporation, 1997.

* Third party trademarks are the property of their respective owners. Please Recycle.

Intel Services

NORTH AMERICAN SERVICE CENTER: OREGON, USA

Intel BBS 1-503-264-7999

FaxBack* 1-800-525-3019 or 503-264-6835

Product Information 1-800-538-3373 or 503-264-7354

Technicians

Network and ProShare

Conferencing/Video Products 1-916-377-7000

CPU, OverDrive Processors

and Math Processors 1-800-321-4044

Phone Hours: 7:00 5:00 M-W, F

7:00 3:00 Th (US Pacific Time)

EUROPEAN SERVICE CENTRE: SWINDON, UK

Intel BBS +44-1793-432-955

FaxBack +44-1793-432-509

Product Information +44-1793-431-155

Technicians Hours (British Time)

English +44-1793-404-900 (08:00 midnight)

French +44-1793-404-988 (08:00 17:00, Tu 08:00 16:00)

German +44-1793-404-777 (08:00 17:00, Tu 08:00 16:00)

Italian +44-1793-404-141 (08:00 17:00, Tu 08:00 16:00)

ASIA-PACIFIC SERVICE CENTER: SYDNEY, AUSTRALIA

Product Information +61-2-9937-5800

Technicians +1-800-649-931 Hours: 05:00 15:00

ASIA-PACIFIC SERVICE CENTER: SINGAPORE

Product Information +65-735-3811

Technicians +65-831-1311 Hours: 05:00 15:00

ASIA-PACIFIC SERVICE CENTER: HONG KONG



ASIA-PACIFIC SERVICE CENTER: KOREA


Technicians +822-767-2595 Hours: 05:00 15:00

ASIA-PACIFIC SERVICE CENTER: TAIWAN



JAPAN SERVICE CENTER: TSUKUBA, JAPAN

Product Information and Technicians

Network and ProShare

Conferencing/Video Products +81-298-47-0800

OverDrive Processors and Math Processors 03-5454-1886

Hours: 09:00 17:00 M-F

modem settings: 8-N-1, up to 14.4Kbps Or contact your dealer or distributor.

Intel PC & LAN Products Customer Information and Support Phone Numbers

or find us on the World Wide Web at http://www.intel.com/network

FOR ALL OTHER INTERNATIONAL SALES

AND TECHNICAL SUPPORT QUESTIONS

Contact your local dealer or distributor or call the NorthAmerican Service center at +1-503-264-7354.

SUPPORT FILES ON THE INTERNET

Support information for Intel Brand products is availableon the Internet for downloading by Anonymous FTP andfor viewing or downloading on the World Wide Web.

World Wide Web address (URL)

Corporate: http://www.intel.comCustomer Support: http://support.intel.com

Intel FTP Server

Hostname: ftp.intel.comFile directory location: /pub/support/enduser_reseller(For FTP Server access instructions, order document #9051)

MAILING ADDRESS

North American Service Center

Intel Customer SupportJF3-3335200 NE Elam Young ParkwayHillsboro, OR 97124-6497USA

European Service Centre

Branded Products Support CentreIntel Corporation (UK), Ltd.Pipers WaySwindon, WiltshireEngland SN3 1RJ

NOTE: Call our FaxBack service and order document #9089 for a current list of phone numbers.

CUSTOMER SUPPORT

Intel Customer Support Services offers a broad selection of programs including extended phone support, upgrades, parts replacement, on-site

services and installation. For more information, contact us on the World Wide Web at http://support.intel.com or call 800-538-3373, ext. 276.Service and availability may vary by country.

Documents

Virtual Lans by rahul rk(9986510206)