VLANs Revisited
Back in the "olden days" of switching -- two or three years ago -- routers were said to be on the way out and Layer-2 switches were thought to be on the way in. Limited by their architectural design, routers simply couldn't keep up with Layer-2 switches in terms of packet forwarding capability. Layer-2 switches were not just faster than routers in this regard, they also came equipped with virtual LAN (VLAN) capability.
At the time, VLAN technology was a hot concept. In fact, the future of networking was expected to incorporate large Layer-2 infrastructures with routers -- working at Layer-3 -- serving primarily as route servers. Many will remember the phrase "route once and switch many" that succinctly described this vision. VLANs were an important part of how this would work.
For those not up on the VLAN concept, the idea behind all this was simple. Layer-2 switching -- which forwards packets based on MAC information -- had amply proved itself by demonstrating that it could move packets onward at latencies measured down in microseconds. The difficulty was the absence of a means to organize large Layer-2 infrastructures into something that could be easily managed. It didn’t take long, however, for engineers to come with the idea of a virtual LAN, that is, a logical LAN that imposed some sort of organization on the physical LAN underneath.
There were many different techniques used to provide the organizational principle. One was to gather groups of MAC address and describe them as belonging to one particular organizational entity. For example, the MAC addresses on the NIC cards in the PCs in the finance department would be put into a group designated the Finance Department. Other ways of finding order in Layer-2 chaos included grouping by port and grouping by protocol type.
The fly in the ointment, however, was that suppliers pushed their VLAN capability forward in function with little regard for vendor interoperability. End users, therefore, had to buy their Layer-2 equipment from one supplier, if they wanted to use advanced VLAN capability, or do without. When buyers decided to do without, suppliers quickly came up with a way that would allow VLANs to span equipment from different vendors. Now, the results of this effort are coming to market. With the 802.1Q standard final, multivendor virtual LANs will soon be an actuality.
The 802.1Q standard is actually part of a larger 802.1D bridging specification. Out of the 16 bits defined in the bridging spec, 802.1Q gets to use 12 of them to create a VLAN identifier. This identifier is the key to multivendor interoperability. As long as the manufacturer's equipment is 802.1Q compliant, VLANs can be used across an organization and across multivendor equipment domains with ease.
The new VLAN identifier is contained in a 16-bit header that is now added to the old, familiar MAC transmission frame. Any piece of 802.1Q compliant equipment can now interpret the contents of this appendage and thereby recognize the VLAN group to which the MAC frame belongs. Of course, non-compliant equipment won't know what to do with this additional header and will treat the VLAN-tagged frame like ordinary traffic. The good news here is that older equipment will continue to work in the network as long as it can accommodate the new frame size, which is the older frame length plus the new 16-bit header.
Although its not part of the 802.1Q specification, GVRP (Generic VLAN Registration Protocol) is one of the more exciting adjuncts that will be available to those who want to use VLAN capabilities. GVRP is a registration protocol by which end-systems can make a request to join a VLAN group. With GVRP, an end-station's admission into a VLAN will be controlled from a network-management or policy-management system. When integrated into a policy system, GVRP will allow VLAN groups to form and dissolve under time-of-day or day-of-week conditions. For example, that contract programmer who is put on the other side of the building can now be part of the engineering VLAN group from 8 a.m. until 6 p.m., every Monday through Friday. And on each Friday, between 9 a.m. and 11 a.m., the contractor can be temporarily admitted to the Team Leader VLAN group to update the project status sheets.
With this capability available today and policy-based networking on the horizon, VLANs stand a chance of once again capturing the imagination of networking folk everywhere. --Sam Alunni is vice president of networking at Sterling Research (Sterling, Mass.). Contact him at alunni@sterlingresearch.com.