Friday, April 12, 2013

Logical Network Segmentation - VLANs


Unmanaged Edge and Managed Layer 2 Edge switches are being used in hardened environments such as industrial, transportation, oil fields and Intelligent Transportation Systems (ITS).  These manufactures have seriously engineered those switches for sustainability in rugged environments.  Similar to the enterprise application, the switches are being used for high-speed connectivity between end nodes at the data link layer.  

Unlike an Unmanaged Edge switch, the Layer 2 switch uses bridging technology to segment the local area networks (LANs) at the data link layer level and intelligently control the flow of data traffic in an organized way.  A multiport switch typically learns about the Media Access Control (MAC) addresses on each of its ports, stores those MAC addresses in the MAC address table and then transparently passes Layer 2 data frames destined to those ports.  When a switch receives a message sent from an end node (host) the switch checks its MAC address table for the destination address. The switch ensures that the unicast frames destined for MAC addresses that lay on a port can only receive the frames and not forward them to all of the other ports.  Therefore, the Layer 2 switch transfers the appropriate data frames to the appropriate network devices efficiently and helps to increase network bandwidth.  The Layer 2 switch creates a separate collision domain (segment) per switch port and each port provides dedicated bandwidth.  Whereas, an unmanaged edge switch or hub has a single collision domain (segment) that allows data frames to be sent to all of the ports except the port that originally received it.  In addition, the Layer 2 switch offers many advance features for network redundancy, logical LANs segmentation, and security. In this blog, I am going to talk about network logical LANs segmentation and introduction to Inter-VLANs network design consideration.

By default, the Layer 2 functions as single network segmentation typically designed as a broadcast domain network.  Within this network design, every broadcast packet transmitted is seen by every device on the network regardless of whether the device needs to receive that data or not.  It works for a small home and office network but is not recommended for medium to large size networks of multi-level devices types, reliability and security applications. The figure below shows how basic Layer 2 switch works in this particular design.  Host A sent a broadcast package into the network that all of the devices within the same network segment receive.
  
The key benefit of using LAN segmentation within Layer 2 switch networks is to create more and smaller LANs to reduce network collision and broadcast storms in the same segment. Virtual LAN (VLAN) is a method of logically segmenting a network by grouping network devices into different sub-networks.  One of the advance features in Layer 2 switches allows us to group switch ports to sub-group without the limitation of physical location. This logical segmentation increases security and broadcast management.  In a VLAN, broadcasts and any other type of communication data are VLAN specific to the same VLAN.  Members of VLAN A will not receive broadcast or send data to a member of VLAN B.  The figure below shows the logical segmentation on the Layer 2 switch network design by using VLANs.
  
VLANs can span multiple switches by using VLAN trunking protocol (Cisco ISL or IEEE 802.1Q) on each switch in the network.  Figure below shows the logical segmentation on multiple Layer 2 switches.


Since VLANs are separate network segments, members in a VLAN require a router or Layer 3 switch to communicate to other members in different VLANs.  Layer 3 switches are routers with fast forwarding done via hardware instead of software like router does. IP forwarding typically involves a route lookup in the routing table.  Similar to bridges, switch routers create separate collision domains on each segment connected to the router, but unlike bridges or switches, routers do not forward broadcast traffic by default.  Therefore, routers create separate collision domains and also separate broadcast domains on each segment.  Figure below shows the VLANs network with a Layer 3 switch or router.  Now all members of different VLANs can communicate to each other via the routing table.


In conclusion, this typical network design is being used mostly in Intelligent Transportation Systems.  More and more legacy hardware and software are being used in transportation. Components such as ATMS software, signalized traffic controllers, vehicle detection, video surveillance, and dynamic message signs with real-time traveler information etc. are a few examples.  These ITS technologies depend on  reliable network communication systems for real-time data communication between Traffic Management Center (TMC) software and field legacy network devices to increase efficiently and improve air quality by reducing traffic congestion,  travel time, and fuel consumption.  ITS network communication systems are designed to meet performance, reliability, scalability, availability, and security standards.

   



COMING May 3, 2013

Technical Operations Manager Chuck Metzger tells us about the importance of Firmware updates, and shines some insight on his retirement plan...