Tuesday, May 31, 2011

Virtual Local Area Networks (VLANs)


Virtual Local Area Networks (VLANs)

This paper examines the drivers behind the progression of LAN configurations starting from the days of the repeating hub, progressing through LAN switches, and then focusing on a concept introduced in the mid-nineties, the Virtual LAN (VLAN). The paper examines the perceived benefits of VLANs, how VLANs are configured, and why VLANs may not have lived up to their original lofty expectations.

The evolution of the local area network (LAN) has followed a logical progression of improvements to tackle one problem at a time. LAN switches have essentially replaced repeating hubs in business environments. A conceptual software-driven special application of LAN switches, called Virtual LANs (VLANs), was introduced in the mid-nineties with a lot of hype. They promised cost effective router-like benefits with the added advantage of reduced system administration costs. As we approached and then entered into the 21st century, other technological advances challenged the VLAN, and ultimately displaced it. This paper builds the case for VLANs and then examines some of these alternate technologies.

Virtual LAN or VLAN.

One of prime goals for VLANs was to break up broadcast domains without employing a router. A VLAN uses specialized management and control software to logically divide broadcast domains versus the physical divisions accomplished with a router. Part of the rationale behind the VLAN concept is that VLANs can save money and improve performance over the use of routers. Cost savings were envisioned because LAN switches had come down in price such that the cost per LAN switch port was significantly cheaper than the cost per router port. Performance gains were envisioned because LAN switched VLANs could still operate at Layer 2, while routers had to move up another layer in the protocol stack [Varadarajan, 1997].

Three principle ways are used to segment VLANs [Passmore and Freeman, 1996]. The first way is to assign VLAN membership based on which switch port a node is physically connected to. This brute force method is simplest conceptually, but requires active administration to support user mobility. The second method is to define VLAN membership based on medium access control (MAC) addresses. This solves the mobility problem associated with the port method, but introduces complexities in setting up the initial correlation between MAC address and VLANs in large networks. The third method is to assign membership based on IP subnets. This is functionally equivalent to how a router breaks up broadcast domains, without incurring the cost or performance impacts associated with using traditional routers. Note that routers are still required to communicate between VLANs, just like they are required to communicate between LANs.

VLANs need a way to communicate membership among the multiple switches that make up larger VLANs. Membership may be communicated explicitly or implicitly, depending on the method applied for segmenting the VLAN [Passmore and Freeman, 1996]. If the VLAN is segmented based on physical switch ports, then membership is identified explicitly using special tags embedded in the Ethernet frames sent between the VLAN-smart components. These tags are removed before being forwarded to standard networking equipment. If the VLAN is segmented based on the MAC address, the VLAN determines membership implicitly using lookup tables contained in the switches.

VLANs offer additional advantages besides breaking up the broadcast domain. One widely touted advantage is simplified system administration functions, particularly related to office moves and employee relocations. Take the simple example of a four-story office building, where each floor is segregated into a traditional LAN and isolated by routers. If an employee is reassigned to another floor, then the system administrator has to change the IP number of the employee's relocated computer to correspond to the new subnet. A VLAN could save the system administrator a trip to the employee's new office, because VLAN membership could be reallocated at the main control console. Other situations where VLANs come in particularly useful are those requiring the quick segmentation of LAN membership, like the formation of a proposal team working on a highly proprietary bid.

Other advantages noted for VLANs are consistent with those offered by more expensive and slower routers. One of these secondary advantages is the improved security inherent in breaking up collision and broadcast domains.

Beyond VLANs

The reason I wrote this paper was that I had printed out a VLAN white paper [Passmore and Freeman, 1996] some time ago, but never got around to really reading it. I thought this would be a perfect opportunity to learn about a topic that I was interested in. My first surprise was when I dusted off the white paper to find that it was six years old! My second surprise was that my search for VLAN primers also yielded information primarily from the mid to late-nineties. Further research revealed that while VLANs are still around, they never really lived up to their original hype.

Technology doesn't stand still. While the VLAN concept was one solution to a set of network problems, it was not the only solution. The wide proliferation of Fast, and then Gigabit Ethernet, while not solving collision and broadcast domain problems, certainly offered an easy way to procrastinate the implementation of more drastic measures [Virtual LANS, 1997 (Intel)]. Special Layer-3 switches subsequently evolved to handle the broadcast domain problem [Passmore, 2000]. These switches have packet switching software written to application specific integrated circuits (ASICs) that speed up aggregate throughput rates by an order of magnitude over traditional routers [Layer 3 Switching Demystified, 2000].

Another problem for VLANs was that their highly touted advantage of reducing the system administration burden turned out to be debatable. Microsoft's introduction of Dynamic Host Configuration Protocol (DHCP) lessened the burden of managing TCP/IP networks by having servers allocate IP numbers during client boot-up, versus having to configure IP numbers at the client [McLean, 1998]. There is no getting around that major office moves or reorganizations are disruptive from an IT perspective. While VLANs offered a centralized approach to configuring the network, they did not eliminate the need to carefully plan out subnets based on loading and organizational functions. Computers must be relocated and physically connected to office LAN ports, presuming these ports are even available. This leaves one trying to figure out exactly what the time/cost savings offered by VLANs add up to in relation to the overall IT effort. The realistic utilization of some of the other scenarios discussed for VLAN applications, such as the quick segmentation of LANs for proposal teams, were infrequent at best. Finally, the fact that VLANs themselves add a layer of complexity to network management was often overlooked, and the investment necessary to train administrator's how to configure and operate VLANs could very well wipe out any advantage the VLANs may have offered over standard networks. One could argue that the whole concept of VLANs reducing the system administration burden was a forced problem/solution set fabricated by the marketing department.

VLANs also suffered from a lack of compatibility and standardization [McLean, 1998]. Organizations that deployed early versions of VLANs were handcuffed into using a single manufacturer's equipment. By the time a VLAN standard emerged, IEEE 802.1Q, the VLAN hype was over and the technology, while not forgotten, was often overlooked.

A common thread in all of the VLAN literature I researched for this paper was that VLAN functionality was compared to router. These repeated "like a router" references beg the obvious question, "why not just use a router?" The answer to that question is ultimately what brought VLANs down. The availability of faster, better and cheaper routers and their Layer-3 switch cousins negate many of the advantages of VLANs. While VLANs remain a viable extension of standard LAN switching technology, they cannot replace routers and are therefore relegated to niche applications.

References

Layer 3 switching demystified (2000, July 3).
McLean, R. (1998, May). Why VLANs are virtually useless.
Passmore, D. (2000, October). VLANs reborn. Business Communications Review.
Passmore, D. and Freeman, J. (1996). The virtual LAN technology report.
Stallings, W. (2000). Data and computer communications (6th ed.). Upper Saddle River, NJ: Prentice-Hall.
Steinke, S. (1997, July 1). VLANs and broadcast domains. Network Magazine.
Tyson, J. How LAN switches work.
Varadarajan, S. (1997, August 14). Virtual local area networks.
Virtual LANS. Flexible network segmentation for high-speed LANs (1997).

Beyond Virtual Local Area Networks (VLANs)
Jonathan B. Steele
March 12, 2002
University of Maryland University College
MSIT 610, Section 1131




Comments: