By Art Reisman, CTO, www.netequalizer.com
Why am I writing a post on VLAN tags ?
VLAN tags and Bandwidth Control are often intimately related, but before I can post on the relationship I thought it prudent to comment on VLAN tags, I definitly think they are way over used and hope to comment on that also in a future post.
I generally don’t like VLAN tags, the original idea behind them was to solve the issue with Ethernet broadcasts saturating network segment. Wikipedia explains it like this…
After successful experiments with voice over Ethernet from 1981 to 1984, Dr. W. David Sincoskie joined Bellcore and turned to the problem of scaling up Ethernet networks. At 10 Mbit/s, Ethernet was faster than most alternatives of the time; however, Ethernet was a broadcast network and there was not a good way of connecting multiple Ethernets together. This limited the total bandwidth of an Ethernet network to 10 Mbit/s and the maximum distance between any two nodes to a few hundred feet.
What does that mean and why do you care?
First lets address how an Ethernet broadcast works and then we can discuss Dr Sincoskies solution and make some sense of it.
When a bunch of computers share a single Ethernet segment of a network separated by switches everybody can hear each other talking
Think of 2 people in a room yelling back and forth to communicate, that might work if one person pauses after each yell to give the other person a chance to yell back. Now if you had three people in a room they can still yell at each other and pause and listen for other people yelling and that might still work, but if you had 1000 people in the room and they are trying to talk to people on the other side of the room the pausing technique waiting for other people to talk does not work very well. And that is exactly the problem with Ethernet as it grows everybody is trying to talk on the same wire at once. VLAN tags work by essentially creating a bunch of smaller virtual rooms where only the noise and yelling from the people in the virtual room can be heard at one time.
Now when you set up a VLAN tag (virtual room ) you have to put up the dividers. On a network this is done by having the switches, the things the computers plug into, be aware of what virtual room each computer is in. The Ethernet tag specifies the identifier for the virtual room and so once set up you have a bunch of virtual rooms and everybody can talk.
This sort of begs the question
Does everybody attached to the Internet live in a virtual room ?
No virtual rooms (VLANs) were needed so a single organization like a company can put a box around their network segments to protect them with a common set of access rules ( firewall router), the Internet works fine without VLAN tags.
So a VLAN tag is only appropriate when a group of users sit behind a common router ?
Yes that is correct , Ethernet broadcasts ( yelling as per our analogy) do not cross cross router boundaries on the Internet.
Routers handle public IP addresses to figure out where to send things. A router does not use broadcast (yelling), it is much more discrete , it only sends on data to another router if it knows that the data is supposed to go there.
So why do we have two mechanisms one for local computers sending Ethernet broadcasts and another for routers using point to point routing ?
This post was supposed to be about VLAN tags….. I’ll take it one step further to explain the difference.
Perhaps you have heard about the layers of networking, layer 2 is Ethernet and Layer 3 is IP.
Answers.com gave me the monologue below, which is technically correct, but does not really make much sense unless you already had a good understanding of networking in the first place , so I’ll finish by breaking down this into something a little more relevant with some in-line comments.
Basically a layer 2 switch operates utilizing Mac addresses in it’s caching table to quickly pass information from port to port. A layer 3 switch utilizes IP addresses to do the same.
What this means is that an Ethernet switch looks at MAC addresses which are used by your router for local addressing to a computer on your network. Think back to people shouting in the room to communicate, the MAC address would be a Nick name that only their closest friends would use when they shout at each other. At the head end of your network is a router, this is where you connect to the Internet, and other Internet users send data to you from your IP address and this is essentially the well known public address at your router. The IP address could be thought of as the address of the building where everybody is inside shouting at each other. The routers job is to get information,sent by IP address destined for some body inside the room to the door. If you are a Comcast home user you likely have a Modem where you cable plugs in the Modem is the gateway to your house and is addressed by IP address by the outside world.
Essentially, A layer 2 switch is essentially a multiport transparent bridge. A layer 2 switch will learn about MAC addresses connected to each port and passes frames marked for those ports.
The above paragraph is referring to how an Ethernet switch sends data around, everybody in room registers their Nick-Name to the switch so it can shout in the direction of the person in the room when new data comes in.
It also knows that if a frame is sent out a port but is looking for the MAC address of the port it is connected to and drop that frame. Whereas a single CPU Bridge runs in serial, todays hardware based switches run in parallel, translating to extremly fast switching.
I left this paragraph in because it is completely unrelated to the question I asked that Answers.com responded to, so ignore it. This is a commentary about how modern switches can be reading and sending from multiple interfaces at the same time.
Layer 3 switching is a hybrid, as one can imagine, of a router and a switch. There are different types of layer 3 switching, route caching andtopology-based. In route caching the switch required both a Route Processor (RP) and a Switch Engine (SE). The RP must listen to the first packet to determine the destination. At that point the Switch Engine makes a shortcut entry in the caching table for the rest of the packets to follow.
More random stuff unrelated to the question “What is the difference between layer 3 and layer 2 ”
Due to advancement in processing power and drastic reductions in the cost of memory, today’s higher end layer 3 switches implement a topology-based switching which builds a lookup table and and poputlates it with the entire network’s topology. The database is held in hardware and is referenced there to maintain high throughput. It utilizes the longest address match as the layer 3 destination.
This is talking about how a Router translates between the local address Nick-Name of people yelling in the room and the public address of data leaving the building.
Now when and why would one use a l2 vs l3 vs a router? Simply put, a router will generally sit at the gateway between a private and a public network. A router can performNAT whereas an l3 switch cannot (imagine a switch that had the topology entries for the ENTIRE Internet!!).
May 17, 2011 at 9:47 PM
I guess I don’t follow your argument about why VLANs are bad?
I always figured that a VLAN == IP Subnet. If you “break” this assumption, then certain protocols will break (DHCP being the one that comes first to mind).
Additionally once you have computers divided into different subnets your firewall can then protect access between subnets.
Or did I misunderstand the gist of your post?
May 17, 2011 at 10:04 PM
I don’t think they are bad, I just don’t like them, I don’t like taxes either but I understand without them roads and bridges would not get built. I don’t like that you have to physically set up ports to control them, and I think most of the problem of broadcast traffic was solved with smart switches without the needs for tags. It just bugs me that IP routing is so independent and elegant and when we design a local network VLAN tags come into play. The DHCP segmentation is a valid point
May 18, 2011 at 8:20 PM
[…] VLAN tags made simple […]