What Is Virtual Local Area Network (VLAN)

What Is Virtual Local Area Network (VLAN)

Support 0 Comments

Virtual Local Area Network (VLAN) technology logically divides a physical LAN into multiple broadcast domains, each of which is called a VLAN.

Each VLAN functions as a separate broadcast domain, with devices in the same VLAN able to directly communicate with one another, while those in different VLANs cannot. As a result, broadcast packets are confined within a single VLAN.

 

Why Do We Need VLAN?

Early Ethernet allows data communication over shared media through Carrier Sense Multiple Access/Collision Detection (CSMA/CD). When an Ethernet network has a large number of hosts, collision becomes a serious problem and can lead to broadcast storms. This degrades network performance or even causes a complete breakdown. Using Layer 2 devices to connect LANs can restrict data transmission within a LAN. However, this resolves only the conflicts.

 

This is where VLAN technology comes in. VLAN technology allows a physical LAN to be divided into multiple logical LANs (multiple VLANs). Each VLAN functions as a separate broadcast domain, with hosts in the same VLAN able to directly communicate with one another, while those in different VLANs cannot. As a result, broadcast packets are confined within a single VLAN. The following figure shows an example.

figure shows an

 

VLAN technology offers the following benefits:

Confines each broadcast domain to a single VLAN. This conserves bandwidth and improves network processing capabilities.

Enhances LAN security. Frames in different VLANs are separately transmitted so that hosts in a VLAN cannot directly communicate with those in another VLAN.

Improves network robustness. A fault in one VLAN does not affect hosts in another VLAN.

Allows for flexible virtual groups. VLAN technology allows hosts in different geographical locations to be added to different groups, simplifying network construction and maintenance.

VLAN vs Subnet

A network can be divided into multiple subnets to conserve IP address space and support flexible IP addressing.

 

Similar to a VLAN, a subnet can also isolate hosts. Hosts in different subnets cannot communicate with each other. The following figure shows the comparison between VLANs and subnets.

 

following figure shows the comparison between VLANs and subnets

The companies connect to different interfaces of the same Layer 2 switch and access the Internet through the same egress router.

witch and access the Internet through the same egress router
Networking diagram of interface-based VLAN assignment

To isolate the services of different companies and ensure service security, assign interfaces connected to the company networks to different VLANs. In this way, each company has a virtual router, and each VLAN works as a virtual work group.

In the following figure, a company has two departments assigned with fixed IP network segments. The employees often move between locations, but the company requires that their network resource access rights remain unchanged.

Networking diagram of subnet-based VLAN assignment

To ensure that employees retain access to network resources after changing locations, assign VLANs based on subnets on Switch_1. In this case, servers on different subnets are assigned to different VLANs to isolate data flows for accessing application services on the servers, improving security.

Inter-VLAN Layer 3 Communication

In the following figure, departments 1 and 2 of a small-scale company belong to VLAN 2 and VLAN 3, respectively, and connect to a Layer 3 switch (Switch_3) through Layer 2 switches. Packets exchanged between the two departments need to pass through the Layer 3 switch.

Inter-VLAN Layer 3 communication through VLANIF interfaces

Assign VLANs on Switch_1 and Switch_2, configure Switch_1 and Switch_2 to transparently transmit VLAN frames to Switch_3, and configure a VLANIF interface for each VLAN on Switch_3 to allow communication between VLAN 2 and VLAN 3.

VLAN-related Protocols
IEEE 802.1Q

IEEE 802.1Q, often referred to as Dot1q, defines the VLAN implementation standard for Virtual Bridged Local Area Networks. Compared with a standard Ethernet frame, a VLAN-tagged frame has an extra 4-byte VLAN tag.

LNP

Link-type Negotiation Protocol (LNP) is used to dynamically negotiate the link type of an Ethernet interface. The negotiated link type can be accessed or trunk.

  1. When the link type on an Ethernet interface is negotiated as access, the interface joins VLAN 1 by default.
  2. When the link type on an Ethernet interface is negotiated as the trunk, the interface joins VLANs 1 to 4094 by default.
QinQ

The 802.1Q-in-802.1Q (QinQ) protocol is known as an amendment to the IEEE 802.1ad protocol. It expands VLAN space by adding an additional 802.1Q tag to 802.1Q-tagged packets and allows packets in a private VLAN to be transparently transmitted over a public network.

A packet transmitted on the backbone network carries two 802.1Q tags: a public VLAN tag and a private VLAN tag.

What Are Disadvantages of VLAN in Cloud-based Scenarios

Cloud computing, relying on its high system utilization rate, low manpower, and management costs, and flexible and expandable performance advantages, has already become the current new form of enterprise IT construction. As a core technology of cloud computing, server virtualization has a wide range of applications.

VLAN is a traditional network isolation technology. In accordance with standards, a maximum of about 4096 VLANs are available, which cannot meet the tenant isolation requirements of large data centers. In addition, each VLAN is a small and fixed Layer 2 domain, and as such is not suitable for large-scale dynamic virtual machine (VM) migration.

To solve this problem, a Virtual eXtensible Local Area Network (VXLAN) was introduced. Defined in RFC, VXLAN is a Network Virtualization over Layer 3 (NVO3) technology that uses MAC-in-User Datagram Protocol (MAC-in-UDP) encapsulation. VXLAN overcomes the preceding disadvantages of VLAN. VXLAN uses the 24-bit VXLAN Network Identifier (VNI) field to identify up to 16 million tenants, compared to a maximum of 4096 tenants in VLAN. VXLAN establishes a virtual tunnel between two switches across the basic IP network of the data center and virtualizes the data center network into a large Layer 2 virtual switch to meet the requirements of large-scale dynamic VM migration.

 

 

Related Posts

https://www.telecomate.comHow to check if devices fail to be connected through link aggregation
02Feb

How to check if devices fail to be connected through link aggregation?

1. Checking Whether the Physical Status of a Member Interface Is Working Properly Run the display interface command to check whether the... read more

02Dec

Huawei 10G PON ONTs Introduction

The user-side rate of a Huawei 10G PON ONT can reach up to 1000 Mbit/s, meeting requirements of home... read more

08Jan

Analysis on the similarities and differences of service boards XGHD, CGHF and CGID

XGHD, CGHF and CGID are all service boards of the MA5800 series of Huawei OLT. This article will lead... read more

The-difference-between-PPPoE-and-DHCP
22Feb

The difference between PPPoE and DHCP

What is DHCP? DHCP (Dynamic Host Configuration Protocol) is a standardized client/server network protocol that dynamically assigns IP addresses and... read more