What is VLAN & Trunk (Inf)

8/4/2019 What is VLAN & Trunk (Inf)

1/12

Q: What is Trunk and VLAN ?

Ans:

(1)Trunk:

In moderncommunications, trunking is a concept by which acommunications system can provide network access to many clients bysharing a set of lines or frequencies instead of providing them individually.This is analogous to the structure of a tree with one trunk and manybranches. Examples of this include telephone systems and the VHF radioscommonly used by police agencies. More recentlyport trunkinghas beenapplied in computer networking as well.

A trunk is a singletransmissionchannelbetween two points, each pointbeing either theswitching centeror the node.

(2)VLANs

Virtual LAN (VLAN) refers to a group of logically networked devices onone or more LANs that are configured so that they can communicate as ifthey were attached to the same wire, when in fact they are located on anumber of different LAN segments. Because VLANs are based on logical

instead of physical connections, it is very flexible for user/hostmanagement, bandwidth allocation and resource optimization.

There are the following types of Virtual LANs:

1. Port-Based VLAN: each physical switch port is configured with anaccess list specifying membership in a set of VLANs.

2. MAC-based VLAN: a switch is configured with an access list mappingindividual MAC addresses to VLAN membership.

3. Protocol-based VLAN: a switch is configured with a list of mappinglayer 3 protocol types to VLAN membership - thereby filtering IPtraffic from nearby end-stations using a particular protocol such asIPX.

4. ATM VLAN - using LAN Emulation (LANE) protocol to map Ethernetpackets into ATM cells and deliver them to their destination byconverting an Ethernet MAC address into an ATM address.
http://en.wikipedia.org/wiki/Communicationhttp://en.wikipedia.org/wiki/Communicationhttp://en.wikipedia.org/wiki/Communicationhttp://en.wikipedia.org/wiki/Port_trunkinghttp://en.wikipedia.org/wiki/Port_trunkinghttp://en.wikipedia.org/wiki/Port_trunkinghttp://en.wikipedia.org/wiki/Transmission_(telecommunications)http://en.wikipedia.org/wiki/Transmission_(telecommunications)http://en.wikipedia.org/wiki/Channel_(communications)http://en.wikipedia.org/wiki/Channel_(communications)http://en.wikipedia.org/wiki/Channel_(communications)http://en.wikipedia.org/wiki/Switching_centerhttp://en.wikipedia.org/wiki/Switching_centerhttp://en.wikipedia.org/wiki/Switching_centerhttp://en.wikipedia.org/wiki/Switching_centerhttp://en.wikipedia.org/wiki/Channel_(communications)http://en.wikipedia.org/wiki/Transmission_(telecommunications)http://en.wikipedia.org/wiki/Port_trunkinghttp://en.wikipedia.org/wiki/Communication


2/12

The IEEE 802.1Q specification establishes a standard method for taggingEthernet frames with VLAN membership information. The IEEE 802.1Qstandard defines the operation of VLAN Bridges that permit the definition,operation and administration of Virtual LAN topologies within a BridgedLAN infrastructure. The 802.1Q standard is intended to address theproblem of how to break large networks into smaller parts so broadcastand multicast traffic would not grab more bandwidth than necessary. Thestandard also helps provide a higher level of security between segments ofinternal networks.

The key for the IEEE 802.1Q to perform the above functions is in its tags.802.1Q-compliant switch ports can be configured to transmit tagged oruntagged frames. A tag field containing VLAN (and/or 802.1p priority)information can be inserted into an Ethernet frame. If a port has an

802.1Q-compliant device attached (such as another switch), these taggedframes can carry VLAN membership information between switches, thusletting a VLAN span multiple switches. However, it is important to ensureports with non-802.1Q-compliant devices attached are configured totransmit untagged frames. Many NICs for PCs and printers are not 802.1Q-compliant. If they receive a tagged frame, they will not understand theVLAN tag and will drop the frame. Also, the maximum legal Ethernetframe size for tagged frames was increased in 802.1Q (and its companion,802.3ac) from 1,518 to 1,522 bytes. This could cause network interface cardsand older switches to drop tagged frames as "oversized."


3/12

Figure 1 - Typical Routed Network

To understand VLANs, it is first necessary to have an understanding ofLANs. A Local Area Network (LAN) can generally be defined as abroadcast domain. Hubs, bridges or switches in the same physical segmentor segments connect all end node devices. End nodes can communicate witheach other without the need for a router. Communications with devices onother LAN segments requires the use of a router. Figure 1 illustrates atypical LAN environment connected by routers.

In Figure 1, each LAN is separated from the other by a router. Thisrepresents the current UCDNet topology. The individual LANs andbroadcast domains are represented by the areas bounded by the dottedlines and numbered 1 through 5 for future reference. Note that the routerinterface for each LAN is included as part of the LAN and broadcastdomain.
http://net21.ucdavis.edu/newvlan.htm#LANhttp://net21.ucdavis.edu/newvlan.htm#LANhttp://net21.ucdavis.edu/newvlan.htm#BroadcastDomainhttp://net21.ucdavis.edu/newvlan.htm#BroadcastDomainhttp://net21.ucdavis.edu/newvlan.htm#Routerhttp://net21.ucdavis.edu/newvlan.htm#Routerhttp://net21.ucdavis.edu/newvlan.htm#Routerhttp://net21.ucdavis.edu/newvlan.htm#BroadcastDomainhttp://net21.ucdavis.edu/newvlan.htm#LAN


4/12

As networks expand, more routers are needed to separate users intobroadcast andcollision domainsand provide connectivity to other LANs. InFigure 1, LANs 4 and 5 illustrate the use of a router to separate users in asingle building into multiple broadcast domains.

One drawback to this design is that routers addlatency, which essentiallydelays the transmission of data. This is caused by the process involved inrouting data from one LAN to another. A router must use more of the datapacketto determine destinations and route the data to the appropriateend node.

Virtual LANs (VLANs) can be viewed as a group of devices on differentphysical LAN segments which can communicate with each other as if theywere all on the same physical LAN segment. VLANs provide a number ofbenefits over the network described in Figure 1, which we will discuss in thenext section. In order to take advantage of the benefits of VLANs, adifferent network topology is needed.

Figure 2 - Typical Switched Network
http://net21.ucdavis.edu/newvlan.htm#CollisionDomainhttp://net21.ucdavis.edu/newvlan.htm#CollisionDomainhttp://net21.ucdavis.edu/newvlan.htm#CollisionDomainhttp://net21.ucdavis.edu/newvlan.htm#Latencyhttp://net21.ucdavis.edu/newvlan.htm#Latencyhttp://net21.ucdavis.edu/newvlan.htm#Latencyhttp://net21.ucdavis.edu/newvlan.htm#Packethttp://net21.ucdavis.edu/newvlan.htm#Packethttp://net21.ucdavis.edu/newvlan.htm#Packethttp://net21.ucdavis.edu/newvlan.htm#Packethttp://net21.ucdavis.edu/newvlan.htm#Packethttp://net21.ucdavis.edu/newvlan.htm#Latencyhttp://net21.ucdavis.edu/newvlan.htm#CollisionDomain


5/12

Using the same end nodes as in Figure 1, the switched network in Figure 2provides the same connectivity as Figure 1. Although the network abovehas some distinct speed and latency advantages over the network in Figure1, it also has some serious drawbacks. The most notable of these for thepurposes of this discussion is that all hosts (end nodes) are now in the samebroadcast domain. This adds a significant amount of traffic to the networkthat is seen by all hosts on the network. As this network grows, thebroadcast traffic has the potential impact of flooding the network andmaking it essentially unusable.

Switches using VLANs create the same division of the network into separatebroadcast domains but do not have the latency problems of a router.Switches are also a more cost-effective solution. Figure 3 shows a switchednetwork topology using VLANs.

Figure 3 - Switched Network with VLANs

Notice that the initial logical LAN topology from Figure 1 has beenrestored, with the major changes being the addition ofEthernetswitches
http://net21.ucdavis.edu/newvlan.htm#Ethernethttp://net21.ucdavis.edu/newvlan.htm#Ethernethttp://net21.ucdavis.edu/newvlan.htm#Ethernethttp://net21.ucdavis.edu/newvlan.htm#Ethernet


6/12

and the use of only one router. Notice also that the LAN identifiers appearon the single router interface. It is still necessary to use a router whenmoving between broadcast domains, and in this example, the routerinterface is a member of all of the VLANs. There are a number of ways todo this, and most are still proprietary and vendor-based.

Figure 4 - VLAN grouping using traffic patterns

By now you are probably wondering why someone would go to all thiswork to end up with what appears to be the same network (at least from alogical standpoint) as the original one. Consider Figure 4, where we beginto take advantage of some of the benefits of VLANs.

In the previous examples, LANs have been grouped with physical locationbeing the primary concern. In Figure 4, VLAN 1 has been built with trafficpatterns in mind. All of the end devices in 1b, 1c, and 1d are primarily usedfor minicomputer access in 1a. Using VLANs, we are able to group thesedevices logically into a single broadcast domain. This allows us to confinebroadcast traffic for this workgroup to just those devices that need to seeit, and reduce traffic to the rest of the network. There is an increased


7/12

connection speed due to the elimination of latency from router connections.An additional benefit of increased security could be realized if we madethe decision to not allow access to the host from foreign networks, i.e., thosethat originate from anothersubnetbeyond the router.

If we extend this thinking, we can now create a network that isindependent of physical location and group users into logical workgroups.For instance, if a department has users in three different locations, theycan now provide access to servers and printers as if they were all in thesame building. Figure 5 illustrates this concept using the same end devicesas in Figure 1 and logically grouped by function, traffic patterns, andworkgroups.

As in Figure 4, VLAN 1 is a group of users whose primary function is toaccess a database on a minicomputer. VLAN 2 is a comprised of a similargroup of users that require access to local servers and the mainframe.VLAN 3 is a department with servers and user workstations on differentfloors and in the case of the workstations in 3b, different buildings. VLANs4 and 5 represent different departments with workstations and servers insingle buildings.
http://net21.ucdavis.edu/newvlan.htm#Subnethttp://net21.ucdavis.edu/newvlan.htm#Subnethttp://net21.ucdavis.edu/newvlan.htm#Subnethttp://net21.ucdavis.edu/newvlan.htm#Subnet


8/12

Figure 5 Logically grouped VLANsOne problem remains from the picture above. In a campus environmentthe size of UC Davis, it is difficult to scale the model above due to physical

distances and sheer numbers.

Enter ATMand Network 21. The solution to these problems is to install ATMin the cloud and use something called LAN Emulation (LANE) to providebackbone services to the edge devices, or in this case, the Ethernet switchesshown in Figure 5. Without going into detail, LAN Emulation over ATMprovides the means to fully support existing LAN-based applicationswithout changes. Advanced LAN Emulation software providestransparency to the underlying network's move to ATM. In addition, LANEprovides the following benefits:

Higher capacity Superior allocation and management of network capacity Easier management of the constantly changing LAN membership Access to multiple VLANs from the same physical interface Ease of evolution to new applications.

Figure 6 gives us a look at VLANs in an ATM LANE environment. You'llnotice that nothing has changed at the edges of the network, and a littlemore detail has been added at the core.
http://net21.ucdavis.edu/newvlan.htm#ATMhttp://net21.ucdavis.edu/newvlan.htm#ATMhttp://net21.ucdavis.edu/newvlan.htm#LANEhttp://net21.ucdavis.edu/newvlan.htm#LANEhttp://net21.ucdavis.edu/newvlan.htm#EdgeDeviceshttp://net21.ucdavis.edu/newvlan.htm#EdgeDeviceshttp://net21.ucdavis.edu/newvlan.htm#EdgeDeviceshttp://net21.ucdavis.edu/newvlan.htm#LANEhttp://net21.ucdavis.edu/newvlan.htm#ATM


9/12

Figure 6 - VLANs with ATM backbone

We will not discuss ATM LANE in detail here. For the purpose of thisdiscussion, the picture above shows a high level view of an ATM VLAN

environment and closely mirrors the Network 21 architecture.

VLAN Benefits

As we have seen, there are several benefits to using VLANs. To summarize,VLAN architecture benefits include:

Increased performance Improved manageability Network tuning and simplification of software configurations Physical topology independence Increased security options


10/12

Increased performance

Switched networks by nature will increase performance over shared mediadevices in use today, primarily by reducing the size of collision domains.Grouping users into logical networks will also increase performance by

limiting broadcast traffic to users performing similar functions or withinindividual workgroups. Additionally, less traffic will need to be routed, andthe latency added by routers will be reduced.

Improved manageability

VLANs provide an easy, flexible, less costly way to modify logical groups inchanging environments. VLANs make large networks more manageable byallowing centralized configuration of devices located in physically diverselocations.

Network tuning and simplification of software configurations

VLANs will allow LAN administrators to "fine tune" their networks bylogically grouping users. Software configurations can be made uniformacross machines with the consolidation of a department's resources into asingle subnet. IP addresses,subnet masks, and local network protocols willbe more consistent across the entire VLAN. Fewer implementations of localserver resources such as BOOTPandDHCPwill be needed in thisenvironment. These services can be more effectively deployed when theycan span buildings within a VLAN.

Physical topology independence

VLANs provide independence from the physical topology of the network byallowing physically diverse workgroups to be logically connected within asingle broadcast domain. If the physical infrastructure is already in place,it now becomes a simple matter to add ports in new locations to existingVLANs if a department expands or relocates. These assignments can take

place in advance of the move, and it is then a simple matter to movedevices with their existing configurations from one location to another. Theold ports can then be "decommissioned" for future use, or reused by thedepartment for new users on the VLAN.

Increased security options
http://net21.ucdavis.edu/newvlan.htm#IPAddresshttp://net21.ucdavis.edu/newvlan.htm#IPAddresshttp://net21.ucdavis.edu/newvlan.htm#IPAddresshttp://net21.ucdavis.edu/newvlan.htm#SubnetMaskhttp://net21.ucdavis.edu/newvlan.htm#SubnetMaskhttp://net21.ucdavis.edu/newvlan.htm#SubnetMaskhttp://net21.ucdavis.edu/newvlan.htm#BOOTPhttp://net21.ucdavis.edu/newvlan.htm#BOOTPhttp://net21.ucdavis.edu/newvlan.htm#BOOTPhttp://net21.ucdavis.edu/newvlan.htm#DHCPhttp://net21.ucdavis.edu/newvlan.htm#DHCPhttp://net21.ucdavis.edu/newvlan.htm#DHCPhttp://net21.ucdavis.edu/newvlan.htm#DHCPhttp://net21.ucdavis.edu/newvlan.htm#BOOTPhttp://net21.ucdavis.edu/newvlan.htm#SubnetMaskhttp://net21.ucdavis.edu/newvlan.htm#IPAddress


11/12

VLANs have the ability to provide additional security not available in ashared media network environment. By nature, a switched networkdeliversframesonly to the intended recipients, and broadcast frames onlyto other members of the VLAN. This allows the network administrator tosegment users requiring access to sensitive information into separateVLANs from the rest of the general user community regardless of physicallocation. In addition, monitoring of a port with a traffic analyzer will onlyview the traffic associated with that particular port, making discreetmonitoring of network traffic more difficult.

It should be noted that the enhanced security that is mentioned above isnot to be considered an absolute safeguard against security infringements.What this provides is additional safeguards against "casual" butunwelcome attempts to view network traffic.

VLAN Limitations

There are a few limitations to using VLANs, some of the more notablebeing:

Broadcast limitations Device limitations Port constraints

Broadcast limitations

In order to handle broadcast traffic in an ATM VLAN environment it isnecessary to have a special server that is an integrated part of the ATMinfrastructure. This server has limitations in the number of broadcasts thatmay be forwarded. Some network protocols that will be running withinindividual VLANs, such as IPX and AppleTalk, make extensive use of

broadcast traffic. This has the potential of impacting thresholds on theswitches or broadcast servers and may require special consideration whendetermining VLAN size and configuration.

Device limitations

The number of Ethernet addresses than can be supported by each edgedevice is 500. This represents a distribution of about 20 devices per
http://net21.ucdavis.edu/newvlan.htm#Framehttp://net21.ucdavis.edu/newvlan.htm#Framehttp://net21.ucdavis.edu/newvlan.htm#Framehttp://net21.ucdavis.edu/newvlan.htm#Frame


12/12

Network 21 port. These numbers are actual technical limitations that couldbe further reduced due to performance requirements of attached devices.

These limitations are above the recommended levels for high performancenetworking. From a pure performance standpoint, the ideal end-user

device to Network 21 port ratio would be one device per port. From apractical point of view, a single Network 21 port could be shared by anumber of devices that do not require a great deal of bandwidth andbelong to the same VLAN. An example of this would be a desktopcomputer, printer, and laptop computer for an individual user.

Port Constraints

If a departmental hub or switch is connected to a Network 21 port, everyport on that hub must belong to the same VLAN. Hubs do not have thecapability to provide VLANs to individual ports, and VLANs can not beextended beyond the edge device ports even if a switch capable ofsupporting VLANs is attached

What is VLAN & Trunk (Inf)

Documents

Transcript of What is VLAN & Trunk (Inf)