Cisco IOS VLAN Service
New Cisco IOS VLAN Services Make “Virtual” a Reality
Virtual networking has rapidly become one of the major new areas in the internetworking industry. Virtual networking refers to the ability of switches and routers to configure logical topologies on top of the physical network infrastructure, allowing any arbitrary collection of LAN segments within a network to be combined into an autonomous user group, appearing as a single LAN.
Virtual LANs (VLANs) offer significant benefits in terms of efficient use of bandwidth, flexibility, performance, and security. VLAN technology functions by logically segmenting the network into different broadcast domains so that packets are only switched between ports that are designated for the same VLAN. Thus, by containing traffic originating on a particular LAN only to other LANs within the same VLAN, switched virtual networks avoid wasting bandwidth, a drawback inherent in traditional bridged/switched networks where packets are often forwarded to LANs that do not require them. This approach also improves scalability, particularly in LAN environments that support broadcast- or multicast-intensive protocols and applications that flood packets throughout the network. Figure 1 depicts a typical VLAN, where traffic is only switched between LAN interfaces that belong to the same VLAN. Here, the criteria for VLAN membership is departmental function; however, users could also be combined in VLAN topologies based upon a common protocol or subnet address.
Figure 1: A Typical VLAN
The degree of flexibility and control that virtual networking offers is unprecedented. Regardless of physical location or interface type, network managers can define workgroups based on logical function rather than physical location through simple port configuration. Using switches and routers that have embedded VLAN intelligence obviates the need for expensive, time-consuming recabling to extend connectivity in switched LAN environments.
However, the real power of virtual networking comes from its ability to affect VLAN topologies that extend beyond single sites to combine multiple LANs across an organization’s backbone network. Cisco Systems now offers a comprehensive VLAN solution that can bring together geographically dispersed users across an enterprise network to form VLAN workgroup topologies. Regardless of whether the network comprises Asynchronous Transfer Mode (ATM), Fiber Distributed Data Interface (FDDI), Ethernet/Fast Ethernet, Token Ring, or serial links, the Cisco product line now offers the advantages of virtualization.
VLANs over ATM Switched Backbones
Where the backbone network is an ATM switching environment, VLANs are achieved via the ATM Forum’s LAN Emulation (LANE) standard, which is fully supported in Cisco Internetwork Operating System(tm) (Cisco IOS) Release 11.0, scheduled to ship in calendar Q3 1995. LANE preserves the functionality of a LAN on the ATM network itself so that the ATM backbone is transparent to the user and appears as a single, connectionless, broadcast-capable LAN segment.
Each LAN or native ATM host connecting to an ATM network does so via a software interface known as a LAN Emulation Client (LEC). When users from disparate LANs need to be joined together to form a VLAN, they do so by connecting to the same emulated LAN within the ATM backbone. Within an emulated LAN, the LAN Emulation Server (LES) handles control protocol messages for all the LAN Emulation Clients (LECs), while the Broadcast and Unknown Server (BUS) can forward traffic to all LECs, as shown in Figure 2.
Figure 2: VLANs via LAN Emulation
The LANE specification defines a LAN Emulation Configuration Server (LECS) that resides within the ATM network and enables network administrators to control which LANs are combined to form VLANs.
VLANs over Switched LAN Networks
For virtual networking in switched LAN networks, Cisco offers two VLAN protocols that are appropriate to different environments. The first of these, Inter-Switch Link (ISL), is available on Cisco’s Catalyst(tm) 5000 and the Kalpana ® ProStack LAN switches. ISL is designed for very high-performance, localized workgroup VLANs. Implemented in custom ASIC hardware to maximize throughput and minimize latency, the ISL trunk protocol identifies traffic as belonging to a particular VLAN using a technique known as frame tagging. Packets originating on a LAN port designated as belonging to a logical VLAN topology acquire a VLAN identifier (ID) as they are switched onto the shared backbone network. This ID enables receiving switches to make intelligent forwarding decisions and switch the packets to only those interfaces that are members of the same VLAN. The Cisco Catalyst platform can support up to 1024 distinct VLANs.
In the case of large multivendor networks, the benefits and wide-scale adoption of distributed VLAN solutions have been constrained by the apparent lack of an interoperable VLAN standard. In such environments, network administrators need end-to-end VLANs across multivendor FDDI backbones, Token Ring, Ethernet, and Fast Ethernet LANs, as well as high-speed WAN links. Achieving this goal has required a standard interoperable protocol.
Cisco has pioneered the use of the IEEE 802.10 standard to address this need. This established standard, which focuses on LAN security, incorporates a mechanism whereby traffic on any LAN can carry a VLAN identifier. Also, by functioning at the data-link layer, the 802.10 standard is well suited to switch implementation.
Cisco Systems now supports IEEE 802.10 standard-VLANs on the Cisco 7000, Cisco 4500, and Cisco 2500 router platforms as well as the Catalyst platforms across FDDI, Fast Ethernet, Ethernet, Token Ring, and serial interfaces. This capability protects users’ investment by bringing VLAN technology to existing network infrastructures.
The 802.10 header bears a 4-byte VLAN ID field, thus scaling to over billions of distinct VLANs across a network. For LAN segments configured together as a VLAN, packets originating from stations attached to these LANs acquire an 802.10 header carrying the appropriate VLAN ID as they are forwarded onto the shared backbone network. The receiving router or switch then performs a VLAN ID match against the VLANs it is configured to support to determine whether it should remove the 802.10 header and forward the original packet to any ports that belong to the same VLAN. A server with a direct FDDI, Ethernet, or Token Ring backbone connection could also use the VLAN ID to join one or several VLANs.
When combining LANs into a VLAN, a Spanning Tree algorithm must be used to eliminate the possibility of loops and to determine the best path through the network. There is considerable advantage in running a separate Spanning Tree across each VLAN topology, as opposed to sharing a common topology throughout; the former provides much better network resilience and stability. Because each VLAN operates auto nomously, its data flow need not be interrupted by physical changes or Spanning Tree recomputations that go on elsewhere in the network topology. Also, supporting a separate Spanning Tree for each VLAN enables optimal path determination for each VLAN and extends the diameter of the network.
By definition, VLANs perform traffic separation within a shared network environment. Communication between VLANs is performed through routing functionality and, for nonroutable protocols, switching. The integrated solution of high-speed, scalable VLAN switching of local traffic and efficient routing and switching of inter-VLAN traffic is becoming increasingly attractive in large networks. Cisco routers address this requirement with their ability to connect between 802.10, ISL, and ATM LANE-based VLANs.
Virtual networking capabilities allow for much improved bandwidth utilization, performance, and scalability. When combined with centralized configuration management, they facilitate flexible workgroups and ease the chore of making network additions and changes. Complementing VLAN functionality across the Cisco IOS, Catalyst and the Kalpana ProStack LAN switch, and the LightStream(tm) ATM switch product families, Cisco is now adding a graphical user interface (GUI)-based network management application that enables the creation and management of VLANs across the enterprise network. VLANview manages widely distributed VLANs by assigning physical switching ports to logical VLAN groups. Users attached to switched ports can be added or moved using a simple drag-and-drop interface. Network managers simply assign a user to a VLAN by dragging a port into VLANView’s graphical configuration tool. VLANView also provides a graphical view of VLAN memberships and link types.
Cisco’s comprehensive VLAN strategy addresses the growing need for an integrated VLAN solution that can be optimized for each networking scenario. In LAN workgroup environments, the ISL protocol delivers VLAN functionality with full switching performance. Where enterprise-wide virtual networking is required, multivendor interoperability resulting from standards-based implementation, such as that provided by Cisco Systems, is key. Cisco supports VLANs over ATM via LAN Emulation and, in large LAN and serial link environments, has adopted the ratified IEEE 802.10 protocol.
Pingback: How-to-Become-an-Ethical-Hacker-Phase-1