No Slide Title
Download
Report
Transcript No Slide Title
VLAN
What Do We Mean by
Bandwidth Management?
Brings back router-oriented benefits into our networks
while improving upon router deficiencies
• Classic router benefits
– Broadcast containment and policy
Enforcement (security)
• Classic router deficiencies
– Change management
– Complex administration
– Cost
• How?
• Layer 3 handling, VLANs, routing, filtering, ...
VLANs for Bandwidth Allocation
There’s More to VLAN Technology than Tagging
Management
Configuration
Membership
Criteria
Spanning
Boxes
Logical
Views
Level of
Automation
Defines Membership Policies
Explicit and Implicit
Policy-Based Virtual LANs
Backbone LAN
• Defines membership policies
• Flexible VLAN policy definition
–
–
–
–
Port grouping
MAC address grouping
Protocol grouping
Application control
• Mature technology
Port Group
Protocol Group
Address Groups
Protocol-Based VLAN Definitions
• VLANs defined by
existing paradigms
– Layer 3 ID,
NetBIOS layer 2 simplicity
IPX
Subnet 2
IP
Subnet 1
Subnet 4
Subnet 7
• Support for routable and
non-routable protocols
– IP subnet, AppleTalk, IPX,
DECnet, NetBIOS,
Netbeui, XNS, SNA,
Vines, X.25, and Wildcard
• Non-proprietary
implementation
How Does Routing Fit In?
Q: Why?
A1: You can’t flatten a network overnight
A2: Routing allows directed unicasts to traverse VLANs
Routing
Bridging
R
1
2
3
4
VLAN-B
IP Subnet A =
VLAN-A
Where Should the Router Reside?
• Inside the Switch: Multinetting, Per-port
configuration, ASIC+RISC preprocessing,
no Hops, no links, lower cost
• Outside the Switch: More routing protocols
Internal
Routing
Bridging
External
Router
R
1
2
B
3
4
Switch
VLAN-A
R
1
5
2
B
3
4
VLAN-B
VLAN-A
VLAN-B
Routing/VLAN Structure
Routing
Engine
• Logical protocol-based
VLAN engines
R
158.101.20.X
VLAN Engine
Switching
Engine
158.101.10.X
VLAN Engine
S
• Route between VLANs
– IP, IPX, Appletalk
• Switch within VLANs
• Flexibly combined with
other definition options
S
• ASIC accelerated
MAC
MAC
MAC
158.101.20.1
158.101.10.2
158.101.10.1
158.101.20.2
158.101.20.3
Using Protocol-Based VLANs
to Allocate Bandwidth
Broadcast Containment
IP-Based
Fileservers
Support
AppleTalk,
but isolate it
VLANs vs. Filters
• VLAN Advantage
– Protocol dependent
– Less maintenance
AT Network
IP Subnet A
IP Subnet A
User Benefits
• Address filter advantage
– Simple, clear
AppleTalk Must Be
Supported on a Majority-IP LAN
•
Support required protocols
•
Optimize response time for other protocols
Using Protocol-Based VLANs to
Allocate Bandwidth
IP-Based
Fileservers
Broadcast Firewalls
Support
AppleTalk,
but isolate it
VLANs vs. Filters
• VLAN advantage
– Easily span boxes
– Protocol dependent
NetBIOS
IP Subnet A
IP Subnet A
User Benefits
Test Lab
Generating NetBIOS Traffic
• Improved application and desktop response time
• Reduce exposure to lab broadcast storms
• Port group
filter advantage
– Simple, clear
Using Protocol-Based VLANs
to Enforce Policy
Restricted Subnet Access
Engineering Server;
IP subnet B
HR Server;
IP Subnet A
VLANs vs. Filters
Only Members of
“IP Subnet A” VLAN
can Access HR Server
IP Subnet B
IP Subnet A
IP Subnet B
User Benefits
•
• VLAN advantage
– Protocol dependent
– Less maintenance
IP Subnet A
Policy enforcement for secure access
• Address group
filter advantage
– Tighter security
Using Protocol-Based VLANs to Ease
the Adds/Moves/Change Problem
Moving an IP Device - No Station Reconfiguration
9
9
7
IP Subnet A
5
4
IP Subnet A
IP Subnet B
User Needs to Move
Across Building
IP Subnet B
User Benefit
•
No workstation changes needed
Relationship between VLANs and ELANs
• ELANs are simply another switch port
– ELANs are flat, fast and simple, but suffer the same
broadcast issues as
• Bandwidth issues addressed by same techniques
– Filters, VLANs, IP Multicasting, Integral Routing
• VLANs particularly sensible in ATM
– Each ELAN is a “Virtual” path to begin with
– ELAN configuration is flexible
– ELANs are meant to be parallel
• The same issues driving high function switching
apply to (LANE-based) ATM networks
TELSYS