|
VLAN (Virtual Local Area Network) A virtual (or logical) LAN is a local area network with a definition that maps workstations on some other basis than geographic location (for example, by department, type of user, or primary application). The virtual LAN controller can change or add workstations and manage loadbalancing and bandwidth allocation more easily than with a physical picture of the LAN. Network management software keeps track of relating the virtual picture of the local area network with the actual physical picture. Companies that provide products with VLAN support include Cisco, Bay Networks, and 3Com. There are several approaches to implementing a VLAN. One of these is described in an official standard, Cisco VLAN As an integral part of its CiscoFusion[tm]architecture, Cisco Systems is aggressively moving forward to provide VLAN-capable solutions across its suite of internetworking switches and routers. Cisco realizes that not only do VLANs solve many of the immediate problems associated with administrative changes, they also provide the scalability, interoperability, and increased dedicated throughput required as users evolve toward Asynchronous Transfer Mode (ATM) networks. Throughout 1995, Cisco will continue to release switches, routing software, transport mechanisms, interoperable standards, and switch management applications that provide comprehensive VLAN solutions. The combination of these products provides the most integrated VLAN capabilities on the market today. These capabilities are described in the following text and figures. Comprehensive Products for Switched Internetworking Consistent with its blueprint for switched internetworks, Cisco offers a well-integrated, complimentary line of VLAN-capable switches. These switches provide solutions for mixed LAN-based networks that include Token Ring, Ethernet, Fast Ethernet, and Fiber Distributed Data Interface (FDDI)/Copper Distributed Data Interface (CDDI), plus switching solutions across ATM backbones. Cisco's VLAN-capable switches, shown in Figure 1, include: Catalyst[tm] of multilayer LAN switches The Kalpana[r] of layer 2 switches The LightStream[tm] of ATM switches Cisco routers The multilayer Catalyst product family provides VLAN capabilities at OSI layers 2 and 3. Catalyst LAN switches can be configured with up to 1024 distinct VLANs, and can transport VLANs across multiple media types that include FDDI, Fast Ethernet, ATM, and Token Ring. Layer 2 VLAN configuration options include the ability to assign each port to a VLAN with either the embedded system software or the VLANView network management application. Future releases of VLAN network management applications will enable network managers to dynamically assign Catalyst ports to end station MAC addresses using a centralized database and a configuration server. Layer 3 IP route groups give network managers the ability to logically configure IP subnets across a series of switches. Each of these subnets is treated as a VLAN with embedded IP routing for communication between VLANs. This provides segmentation based upon the broadcast domain, IP subnet, and switch ports. Layer 2 VLAN Cisco's Catalyst product family employs a packet identification (packet tagging) process for layer 2 VLAN segmentation. This identification is carried throughout the switch fabric and provides an extremely low-latency process for uniquely assigning packets from every switch port to a VLAN group. This approach requires no modification to end-station applications, is straightforward to configure and manage, and is scalable for existing LAN media types and ATM backbones. As packets are received by the switch from any attached end-station device, a unique packet identifier is added within each header. This header information designates the VLAN membership of each packet. The packet is then forwarded to the appropriate switches and routers based on the VLAN identifier and MAC address. Upon reaching the destination end station location, the packet is removed by the adjacent switch and is natively forwarded to the attached device. This provides a powerful mechanism for controlling the flow of broadcasts and applications while remaining nonintrusive to the network and applications . The Catalyst product family also provides spanning-tree capability for each configured VLAN. This significantly reduces the recovery time when a link fails, minimizes the amount of spanning-tree calculations when the network is segmented into VLANs, and provides for concurrent traffic distribution across duplicate configured paths. Enabling traffic distribution across concurrent redundant links incrementally increases the bandwidth options between interconnected switches. Layer 3 VLANs VLANs can be further defined at the network layer (commonly referred to as layer 3) with segmentation commonly based on protocol type and network address. This type of VLAN segmentation requires subnet address mapping to VLAN groups. The switch associates the end station MAC address to a VLAN based on the subnet address. Additionally, the switch determines the other network ports that have stations that belong to the same VLAN. The benefit of this approach is that network managers can segment the network based on network-layer information within each packet. An alternative layer 3 mechanism currently implemented by several other vendors is the use of filtering tables. This type of VLAN segmentation requires filtering every packet. User-defined offsets locate the VLAN information within the packet. Depending on the complexity of the tables and overall size of the network, packet filtering is more complex to administer. Additionally, VLAN filtering has less predictable performance because much of these functions are performed in software. ATM VLANs Cisco is currently implementing the ATM Forum's LAN Emulation standard to configure VLANs within ATM switching networks. This standard preserves the functionality of configured LANs (Ethernet, Token Ring) across an ATM network. ATM networks appear as a single transparent connectionless broadcast to end devices that reside on shared LANs, and are called emulated LANs. The Catalyst and ProStack switches will connect to an ATM network using a software interface known as a LAN Emulation Client (LEC). The LEC, operating in conjunction with a LAN Emulation Server (LES) that resides in the ATM fabric, will handle VLANs between those configured on the LANs and those configured on the ATM switches. An ATM VLAN will be configured to enable VLAN connections across the ATM backbone. Additionally, natively-attached ATM devices can communicate with VLANs configured within shared LANs via LAN emulation. This preserves the integrity of LAN applications, LAN infrastructure, and existing VLAN configurations. With the integration of ATM LAN Emulation, Cisco's LightStream, Catalyst, and ProStack switches will provide VLAN capabilities in each product respectively. VLANs Across the Backbone Cisco has developed a series of interswitch protocols that deliver advanced VLAN communications across shared LAN backbone technologies (FDDI and Fast Ethernet). It is these protocols that truly offer the ability to connect VLANs across the enterprise and remove the physical boundaries of grouping users by floor, address space, or their location near a wiring closet or router. These protocols carry configured VLAN information between the switches, routers, and servers connected to Fast Ethernet, FDDI, and ATM backbones. The interswitch protocols have been designed to best optimize the performance of the backbone technology in which they are configured, comply with exiting standards, and to provide interoperability across Cisco's comprehensive family of switching and routing products. Cisco is taking a proactive approach toward vendor interoperability by sharing interswitch protocol specifications with other internetworking, network interface, and hub vendors. Cisco is also working with the IEEE standards group to establish a working committee to evaluate, modify, and ratify these protocols, such as 802.10. Many of the currently proposed VLAN solutions on the market today have not addressed the requirements of VLAN communications across high-bandwidth, shared backbones. As a result, they cannot offer logical grouping of users beyond a single switch chassis, require additional backbone cabling (such as running separate drops for each VLAN within the network, a more costly solution), and do not provide any interoperable mechanism in multi-vendor networks. ISL Protocol For backbones comprised of 100-Mbps Fast Ethernet connections, the Catalyst and ProStack systems exchange VLAN information using the ISL protocol. This protocol provides an extremely cost-effective, low-latency method for packet identification and transmission within Fast Ethernet backbones. ISL uses a 10-bit addressing technique that is appended to every packet as it enters the switch fabric. The packet is forwarded only to the switches and interconnected links that have the same 10-bit address, controlling the flow of broadcasts and transmissions between the switches and routers (see Figure 4). Additionally, ISL will be supported by the http://www.cisco.com/warp/public/732/ciscoios.htmlCisco Internetworking Operating System (Cisco IOS[tm]) software which provides interoperability between Cisco switches and routers and enables communication between VLANs with layer 3 routing. Cisco developed the ISL protocol to provide VLAN communication across Fast Ethernet backbones and intends to share this specification with other vendors. 802.10 Similar to the Fast Ethernet ISL protocol, Cisco has modified the http://www.cisco.com/warp/public/537/6.html 802.10 Security Protocol for interswitch communications across FDDI backbones. A 32-bit (4-byte) VLAN ID field is applied to every packet as it is forwarded across FDDI links; each packet carries a unique identification and is forwarded to the switches and routers that have been configured with the same VLAN identification. The switches then determine to which ports the VLAN packets are sent. Upon exiting the switch fabric, the 32-bit address is removed. The FDDI interfaces within both the Catalyst 1200 and http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/77035.htmCatalyst 5000 systems provide 802.10 interswitch communication. The Catalyst 5000 also is an exceptional solution when network managers need to connect their FDDI networks to other backbone technologies (such as Fast Ethernet) while maintaining the integrity of their VLAN groups across these backbones. The Catalyst 5000 system provides VLAN mapping functions across different backbone types, and offers a cost-effective solution for backbone concentration.Combination of Both ISL and 802.10 The combination of Catalyst and ProStack switches, the ISL transport mechanism across Fast Ethernet, and the 802.10 protocol across FDDI provide an extremely flexible VLAN solution for LAN-based architectures. This allows the continued use of FDDI backbones with the option of adding or migrating to Fast Ethernet and ATM networks. VLANs are carried transparently across these backbones, and require little configuration intervention by network managers. Cisco currently supports 802.10 in the Cisco IOS routing code, and is working with several third-party vendors to establish 802.10 as an interoperable VLAN standard. With the adoption of 802.10 by other vendors, the Cisco IOS functionality will provide inter-VLAN and cross-vendor communications. Figure 5 illustrates an example of 802.10 VLAN communications. Load Distribution Another benefit of Cisco's interswitch communication strategy is the ability to distribute the traffic load between two traffic-intensive switches while maintaining the full redundancy of these links. This is an extremely effective mechanism for network managers who require a great deal of bandwidth between two switches or a series of interconnected switches. Grouping users and traffic into distinct VLANs allows network managers to add redundant links between switches, and to use these links to distribute traffic. In the absence of VLAN groups, redundant links between two switches (duplicate paths) cannot be fully utilized by the switches, because spanning tree technology enables only one of the links for carrying the traffic while disabling the others to prevent bridging loops. VLANs distribute traffic across these redundant links by assigning a set of VLANs to one link as the primary path, and a different set of VLAN groups to a redundant link, again as its primary path. As shown in Figure 6, this effectively doubles the bandwidth if two links are used, with no limitations on the number of links that can be added.The redundancy functions of these duplicate links, utilized for load distribution, remain active by providing an instance of spanning tree for each VLAN. When a primary link fails, the VLANs configured across this link are reconnected through the redundant link. During the outage, the redundant link carries all of the VLAN traffic (if there are only two redundant paths). When the first link recovers, spanning tree redirects the VLANs across it. Shared Resources Between VLANs The 802.10, ISL, and ATM LAN Emulation VLAN transport protocols provide an effective mechanism for natively attaching a shared network resource, such as a file or e-mail server, to an enterprise backbone while allowing these resources to be concurrent members of multiple VLANs. For many organizations that do not have dedicated servers per workgroup, this provides an optimal solution for configuring VLANs and locating these shared resources centrally on the backbone where network managers can have easy access. This simplifies resource management by physically placing servers in the central office while providing a logical "data link" connection to each configured VLAN within the network. Additionally, this VLAN topology dramatically improves network performance by providing high-speed backbone connections to commonly connected devices while preserving logical VLAN segmentation. This type of architecture was initially designed for ATM communications. Cisco is taking it one step further by developing similar approaches that can be used for shared LANs. Shared network resources such as servers must be able to detect the VLAN identification within each packet on the backbone, formatted in either 802.10 (for FDDI connections), or ISL (for Fast Ethernet connections), and must also be able to establish communications based on the VLAN identification and the packet address.Cisco is currently working with several vendors on their adoption of 802.10 and ISL. This requires modifing the interface and driver software, only without any hardware or card changes. Cisco is also developing these protocols internally, including support for ATM LAN Emulation on its ATM interface cards, and 802.10 VLAN communication on its FDDI adapter card products. With upgraded driver software that supports these transport protocols, network managers will be able to share network resources between VLANs while maintaining the integrity of each VLAN at the data-link level. Communications Between VLANs The ability to communicate between logically defined VLAN groups requires layer 3 routing. Without this functionality, VLANs are completely independent of each other. In all but a few networks today, access to all parts of the network is critical, regardless of location or logical segmentation. This requires layer 3 communication across the enterprise within either a switch or a router. As a result, layer 3 routing is an essential component when designing, configuring, and managing VLANs. Cisco has acknowledged this requirement as part of its CiscoFusion architecture, and in the next year will continue to roll out an integrated set of products that specifically address inter-VLAN communication requirements. These products provide VLAN communications within workgroups, across the campus, and across wide-area networks (WANs). The first of several developement stages has been completed. Network managers can use the Catalyst 1200 for routing between IP-configured VLANs. They also can use existing routers in their networks by connecting a separate physical interface to each configured VLAN. A dedicated switch port and a dedicated router port for each VLAN are required. This functionality is well-suited to networks with a limited number of VLANs. As the number of VLANs and protocols within the active network increases, so does the need for more sophisticated layer 3 routing solutions. Cisco is addressing these enterprise requirements with a near-term release of the Cisco IOS software. This release, scheduled for the second half of calendar 1995, provides a more powerful and cost-effective solution for communicating between VLANs across a campus. The major features of this offering include the following: Communication between 255 VLANs within each router using Cisco's leading subinterface technology The ability to concurrently handle layer 2 and layer 3 VLANs (non- routable and routable end-station applications) The ability to interconnect VLANs both within the LAN and across WANs High-bandwidth communication to switches with VLAN support for ISL across Fast Ethernet, and 802.10 VLAN across FDDI backbones Layer 3 security ATM LAN Emulation across ATM backbones The combination of these Cisco IOS features yields substantial architectural benefits for inter-VLAN communications. Support for 255 VLANs across single or multiple high-bandwidth interfaces per router, including Fast Ethernet, FDDI, and ATM, reduces the number of routers and interfaces required to interconnect VLANs. It also ensures a high-bandwidth communication path to the switch backbone. As illustrated by Figure 8, the connection of VLANs across a routed campus or a WAN extends the overall reach of VLANs beyond the boundaries of the LAN, while keeping the existing routed infrastructure between buildings on a campus or out to a wide-area carrier. The Cisco IOS provides these VLAN communication benefits by adding an additional VLAN decoding layer on top of the many functions that Cisco routers currently provide. This decoding functionality includes the ability to read the ISL and 802.10 packets forwarded to the router by Catalyst and ProStack switches, determine the destination location of the packet based upon the embedded subnet addresses, rebuild the packet with the appropriate new subnet addresses, add the new VLAN identification to the packet as it is forwarded to the target VLAN, and pass the packet on to the appropriate switch within the fabric. Additionally, Cisco routers can function in a VLAN-forwarding mode (layer 2) for end-station protocols that function only at layer 2 (NetBIOS, LAT, etc). In this mode, the router forwards the packet to the connected VLAN while maintaining the integrity of the VLAN identification. Layer 3 routing and subnet addresses are not used for these types of configured VLANs. VLAN functions within the Cisco IOS leverage many of the existing embedded features of Cisco's routing products. Security access lists for controlling the type of access within or outside of a VLAN can be configured using Cisco routers. This provides an additional layer of security when VLANs are interconnected. Concurrent routing and VLAN forwarding can also be configured to provide a wider range of VLAN configuration options where both layer 2 and layer 3 applications reside within the network (common for all enterprise networks). Additionally, routers can carry VLANs across WANs, which substantially increases configuration options and VLAN group memberships. The third development effort, as defined by CiscoFusion architecture, provides communications between VLANs (route processing) within the switches themselves and the route determination by external routers. This solution increases the configuration flexibility between VLANs, because each switch will not only be able to concurrently forward packets configured within VLANs (as currently offered with both the Catalyst and ProStack switches) but also will be able to send packets between VLANs. Cisco will provide this inter- VLAN communication functionality for the Catalyst 5000 in the early part of 1996, offering a layer 3 switching processor and Cisco IOS functionality. Later in 1996, Cisco will deliver route-processing and route-determination engines. The Catalyst 5000 will function as the route processor. Distributing layer 3 routing substantially increases the overall throughput between VLANs. Managing VLANs One of the key benefits of VLANs is the ability to provide more management control, reduce many daily administration expenses, and provide greater configuration options for setting up logical workgroups. VLAN benefits include: Simplifying configuration and rewiring procedures when a user is moved Redistributing traffic when links become congested Providing detailed reports on traffic and broadcast behavior, statistics on the size and make-up of VLAN groups Offering the flexibility to add and delete users from VLANs as dictated by management changes within the company These operations must be performed transparently, without a lot of complex knowledge of how the network is wired together, or how to reconfigure a protocol when VLAN changes are required. And while it can be relatively straightforward to assign and reassign ports to a configured VLAN, the communication of VLANs across the enterprise can become very complex without intelligent network management applications. Cisco fully understands these requirements and is building an integrated suite of switch management applications that address everyday management problems. These include CiscoView [tm], VLANView, and TrafficView. All of these applications are SNMP based, support full SNMP "set" and "get" dialogs, and are integrated with many of today's installed management platforms, including HP OpenView, SunNet Manager, and IBM NetView for AIX. Moreover, Cisco is a taking a proactive approach to mask the complexity of designing, configuring, and managing VLANs with the development of graphically-based user interfaces. This minimizes the amount of system training and overall skill level required, and brings down the cost of ownership. These management applications not only provide end-to-end VLAN management across the enterprise, they scale from very small networks with only several switches, to very large, complex networks with multiple switches connected across a mixture of different backbone technologies. VLANView VLANView, one of three switch management applications mentioned above, is an intuitive VLAN management application with a user-friendly graphic interface. This product will be available later in 1995 and delivers both VLAN configuration and monitoring functions for the Catalyst and ProStack product families. The core of this application is the drag-and-drop mode of operation for assigning ports to created VLAN names. This function automatically launches a graphical representation of each switch within the network, provides a view and status of each port, and then allows the network manager to drag a port or multiple ports into a VLAN displayed on the screen. These operations, performed with simple mouse clicks, substantially reduce the configuration time required to set up VLANs, physically move users to another location while maintaining their VLAN identity, and reconfigure a port on the switch to a new VLAN. Figure 9 includes examples of typical VLANView and CiscoView screens. VLANView not only reduces the amount of administration time required to configure a port a to a VLAN; it also provides a powerful, yet easy-to-use function for configuring VLANs across the interswitch backbone. This function delivers a series of configuration options for optimizing the VLAN traffic flow between connected switches and routers. First, a simple mode of operation is provided for automatically enabling the backbone links between switches that have identical VLANs configured or for the links required to transport the VLAN (such as a campus ring, or ATM backbone between non- adjacent switches). Second, network managers can fine-tune their VLANs across the enterprise by distributing VLANs across multiple duplicate links or by isolating VLANs within certain parts of the enterprise. Finally, network managers can view their VLAN configurations across the backbone using the logical mapping feature and the pull-down link analysis tool that details the switches, links, and ports assigned to each VLAN. These backbone VLANView management options provide the control mechanisms for managing VLANs across the enterprise. Cisco will continue to extend the functionality of VLAN management with followup application releases. They will include the ability to dynamically assign a switch port to a VLAN based upon the discovered end-station MAC and/or network layer address, added port security with a monitoring function for identifying unauthorized users, and dynamic layer 3 VLAN groupings based on application and network-layer protocol types.TrafficView TrafficView is an RMON-based traffic monitoring and analysis application that provides per-port, per-LAN segment traffic information. This application is not only used for troubleshooting problems within each attached LAN, it also provides trend analysis information for detecting significant network changes. Trend information is essential during network planning, when new equipment needs, organization changes, and staff requirements are reviewed. Both the Catalyst and ProStack product families provide RMON capabilities. These embedded monitoring capabilities deliver a substantial cost savings compared to the cost of standalone protocol and traffic analyzers, and are extremely useful as the first line of detection when a network problem occurs. Additionally, the agents are configured from CiscoView, are easily turned on or off depending on the needs of the network administration staff, and can report traffic information statistics to any standard RMON-based application. This provides network management interoperability for traffic diagnostics and analysis. Conclusion Cisco is taking a leadership role in VLAN-based communication with extensive ongoing internal development efforts and the company's goal to drive interoperability with VLAN communication standards. Over the next year, Cisco will deliver on a majority of the developments mentioned in this Statement of Direction. These developments provide an end-to-end VLAN solution that scales from small departmental-level logical workgroups to large enterprisewide workgroups with users dispersed across the campus. While this type of architecture changes the way networks are organized and configured, it provides greater administration efficiencies, security-control mechanisms, bandwidth-management options, and a smooth migration path towards ATM-based communications
|
