Vlan

dargspurΔίκτυα και Επικοινωνίες

27 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

104 εμφανίσεις



VLAN

What Do We Mean by


Bandwidth Management?

Brings back router
-
oriented benefits into our networks
while improving upon router deficiencies


Classic router benefits


Broadcast containment and policy

Enforcement (security)


Classic router deficiencies


Change management


Complex administration


Cost


How?


Layer 3 handling, VLANs, routing, filtering, ...

VLANs for Bandwidth Allocation

Configuration

Membership
Criteria

Management

Explicit and Implicit

Spanning

Boxes

Defines Membership Policies

There’s More to VLAN Technology than Tagging

Level of

Automation

Logical

Views

Policy
-
Based Virtual LANs


Defines membership policies


Flexible VLAN policy definition


Port grouping


MAC address grouping


Protocol grouping


Application control


Mature technology

Backbone LAN

Port Group

Address Groups

Protocol Group

Protocol
-
Based VLAN Definitions

IP

IPX

NetBIOS

Subnet 1

Subnet 4

Subnet 2


VLANs defined by

existing paradigms


Layer 3 ID,

layer 2 simplicity


Support for routable and
non
-
routable protocols


IP subnet, AppleTalk, IPX,
DECnet, NetBIOS,
Netbeui, XNS, SNA,
Vines, X.25, and
Wildcard


Non
-
proprietary
implementation

Subnet 7

How Does Routing Fit In?


Q: Why?

A1: You can’t flatten a network overnight

A2: Routing allows directed unicasts to traverse VLANs


1

2

Routing

Bridging

VLAN
-
B

VLAN
-
A

R

3

4

IP Subnet A =


Where Should the Router Reside?


Inside the Switch: Multinetting, Per
-
port
configuration, ASIC+RISC preprocessing,

no Hops, no links, lower cost


Outside the Switch: More routing protocols

External
Router

Switch

VLAN
-
B

VLAN
-
A

R

5

B

3

4

1

2

Internal
Routing

Bridging

VLAN
-
B

VLAN
-
A

R

B

3

4

1

2

Routing/VLAN Structure


Logical protocol
-
based
VLAN engines


Route between VLANs


IP, IPX, Appletalk


Switch within VLANs


Flexibly combined with
other definition options


ASIC accelerated

Routing

Engine

Switching

Engine

S

S

MAC

MAC

MAC

VLAN Engine

VLAN Engine

158.101.20.X

158.101.10.X

158.101.10.1

158.101.10.2

158.101.20.1

158.101.20.2

158.101.20.3

R

Using Protocol
-
Based VLANs
to Allocate Bandwidth

IP Subnet A

AT Network

IP
-
Based

Fileservers

AppleTalk Must Be

Supported on a Majority
-
IP LAN

Support

AppleTalk,

but isolate it

Broadcast Containment

VLANs vs. Filters


VLAN Advantage


Protocol dependent


Less maintenance


Address filter advantage


Simple, clear

User Benefits



Support required protocols



Optimize response time for other protocols

IP Subnet A

Using Protocol
-
Based VLANs to
Allocate Bandwidth

Broadcast Firewalls

IP
-
Based

Fileservers

VLANs vs. Filters


VLAN advantage


Easily span boxes


Protocol dependent


Port group

filter advantage


Simple, clear

User Benefits


Improved application and desktop response time


Reduce exposure to lab broadcast storms

IP Subnet A

Support

AppleTalk,

but isolate it

IP Subnet A

NetBIOS

Test Lab

Generating NetBIOS Traffic

Using Protocol
-
Based VLANs

to Enforce Policy

Restricted Subnet Access

IP Subnet A

IP Subnet A

HR Server;

IP Subnet A

Only Members of

“IP Subnet A” VLAN

can Access HR Server

Engineering Server;

IP subnet B

IP Subnet B

VLANs vs. Filters


VLAN advantage


Protocol dependent


Less maintenance


Address group

filter advantage


Tighter security

User Benefits



Policy enforcement for secure access

IP Subnet B

Using Protocol
-
Based VLANs to Ease
the Adds/Moves/Change Problem

Moving an IP Device
-

No Station Reconfiguration

IP Subnet A

IP Subnet B

IP Subnet B

7

9

5

9

4

IP Subnet A

User Needs to Move

Across Building

User Benefit



No workstation changes needed

Relationship between VLANs and ELANs


ELANs are simply another switch port


ELANs are flat, fast and simple,
but

suffer the same
broadcast issues as


Bandwidth issues addressed by same techniques


Filters, VLANs, IP Multicasting, Integral Routing


VLANs particularly sensible in ATM


Each ELAN is a “Virtual” path to begin with


ELAN configuration is flexible


ELANs are meant to be parallel


The same issues driving high function switching

apply to (LANE
-
based) ATM networks

TELSYS