Management and test of VLAN in virtual LAN technology

Used to use routers and hubs in the network, and now many networks use switches, how to face the challenges of routing networks and switching technology?

At present, the switch in the network market occupies a dominant position, the reason is: the first is the cost-efficient switch, followed by flexible structure, can be applied to the future changes in the flexible configuration.

The figures best illustrate the problem. In a switch with a 100Mbps uplink, the cost of each 10Mbps managed switch port is $100. Routing technology does not actually segment the network by assigning a single user to each port, which costs at least three or four times times the cost of the switch port, and thus the management burden is staggering. Although a router-segmented network has only TCP/IP traffic, it will not work quickly because of its high cost, low performance, too many subnets, and heavy configuration. In contrast, switches and hubs are Plug and Play devices. There is currently a "self-study" feature of the routing device, which uses the supported protocols to automatically configure the ports. By default, a pure switched network is a flat network. If each node has its own Exchange port, it is difficult for the network to compete, that is, the inbound traffic is competing with the outbound traffic of the node, and vice versa. In contrast, in traditional shared network segments or loops, the throughput of each node decreases with the increase of nodes, for example, 10BaseT networks with 25 nodes can only provide 400Kbps bandwidth per node, while nodes with professional switching ports have 10Mbps throughput.

Typically, nodes are used to advertise or find current unknown broadcast technology can provide this network throughput greatly, while the usual unicast frames can only broadcast to one destination node and intermediate Exchange port. Since the day the bridge was popular, we know we don't really want thousands of-node broadcast domains because the broadcast storm is unpredictable and difficult to control.

Turning a flat network into a smaller broadcast domain is tantamount to making switched networks a colorful palette. Instead of using routers to define subnets of any size, you might as well use a switch to create VLANs.

Management of VLANs

VLANs are inextricably linked to switched networks, but implementing VLANs will redefine the management environment. VLAN-defined logical domains involve possible views of the network, so the network management platform can display IP images, and sometimes images based on IPX are displayed. If you deploy a VLAN, its topology may not match the view above. When the VLAN is deployed, you are likely to be interested in monitoring traffic on a VLAN-by-individual basis and generating alerts.

At the moment, most of the switch-based VLANs are private. The IEEE 802.1P Committee developed a multicast standard that allows VLAN members to communicate with the cancellation of VLAN broadcast suppression tasks. Before implementing the above standards in interoperable software and hardware, VLAN configuration will still require the maintenance of a single vendor switch environment.

Even in a single vendor VLAN, network management is also a challenge, such as checking VLAN conversations requiring management software to process statistics differently than checking common LAN or IP subnet dialogs: The RMON MIB and the RMON-2 MIB provide a framework for determining LAN and subnet information, respectively, The VLAN configuration must either define its own MIB, or configure how to obtain the above information based on other MIB. In addition, to provide a coherent graph of VLAN behavior, the management software collects and merges data from multiple Rmon detectors.

If the above problem is serious, consider where to capture multiple switch VALN data only to intermediate switch links or backbone networks. In large networks, where the backbone is almost 100Mbps or more, the deployment of a high-speed controller is not the same as a common VLAN and is costly.

Configuration of VLANs
If you define a VLAN based on a switch port, it is often easy to assign one or more users to a specific VLAN with some kind of drag-and-drop software. In a non-switched environment, moving, adding, or changing operations is cumbersome, and it is possible to change the jumper on the wiring board to one hub port and move to another port. However, changing VLAN allocations is still done manually: in large networks this is time-consuming, so many networked vendors advocate using VLANs to simplify moving, adding, and changing operations.

The VLAN allocation scheme based on MAC addresses does automate some of the move, add, and change operations. If a user is assigned to a VLAN or multiple VLANs based on a MAC address, their computer can connect to any port on the switched network, and all traffic will be able to reach the destination correctly. Obviously, the administrator wants to do a VLAN initial allocation, however, users who move to different physical connections do not need to be manually intervened in the management console; For example, there are many mobile user stations, they are not always connected to the same port-perhaps because the office is temporary, using a VLAN based on MAC address can avoid a lot of trouble.

What about the traditional Layer3 technology? This is the most recent IP subnet: Each subnet requires a router port, because traffic can only be moved from one subnet to another through one router. Because the address space provided by the IP32 bit address is very limited, it is difficult to divide the gametes network address and see if you are familiar with the binary algorithm. As a result, moving, adding, and changing operations in an IP network are difficult, slow, error-prone, and costly. In addition, it may be necessary to renumber the network when a company changes the ISP or adopt a new security policy, which is unthinkable for large networks.

In fact, if someone uses an existing subnet-routed IP network and accesses arbitrary VLAN members based on the IP address, the router may be overwhelmed by unnecessary traffic.

If there are VALN members in many subnets, common VLAN broadcasts must be routed through routers to reach all members. In addition, the wide-area link generates additional broadcast traffic, and the number of VLAN members with WAN connection services should normally remain at the lowest level. In fact, VLAN member values based on Layer3 addresses can be useful in enhancing and modifying existing subnet distributions, such as adding two new nodes to VLANs via a full subnet, or using two subnets to form a VLAN without renumbering.

Cabletron's securefast Virtual networking Layer3 Switching technology uses routing server model rather than traditional routing model. The first packet is routed to the routing server for general routing calculations, but the switch can memorize the path, so the subsequent packets can be exchanged in Layer2 without the need to check the routing table. With a VLAN based on a pure Layer3 address, the IP address can be used as a universal network ID, allowing anyone to connect to any data link for full network access, greatly simplifying moving, adding, and changing tasks.

However, there are other ways to address the management problems caused by IP subnets. Other technologies that DHCP (Dynamic Host Configuration Protocol) has assigned addresses to users when they are connected can be used to resolve the above issues.

Testing of VLANs

Traditionally, shared media such as Ethernet conflict network segment or Token ring, has become a network management level unit, connected to the network segment or the ring anywhere in the Protocol analyzer can capture all the nodes themselves occur in all conversations. The SNMP agent for the hub captures the entire network segment traffic, error, and broadcast statistics. The RMON detector, a network Monitor or handheld troubleshooting device, detects all significant events that occur with shared media. These devices provide testing tools-basic data capture operations-designed to effectively manage the network.

Switching networks must be equipped with similar tools. The number of networks or the number of rings multiplied, thus the necessary equipment multiplied correspondingly. For older 10BaseT, most independent rmon detectors are more expensive.

At the same time, any network segment traffic may have only one source and one destination, making problem analysis difficult. Even simple questions such as observing whether a broadcast is correctly routed to a VLAN member, rather than transferring it to another node, connect the Protocol analyzer and a three-port relay to each network segment of the VLAN.

But the situation is not very bad. Common connection parts such as NICs, connectors, cables, and ports can be tested using previous methods, and they are not affected by the switching structure. Problems with servers, routers, printers, and workstations may be difficult to resolve. How the router uses a NetBIOS bridge-node VLAN incorrectly can be diagnosed from any node in the VLAN. Other problems, such as conflicts, should be eliminated because the media is no longer a shared medium, or the share is not as high as it used to be.

Switching providers have done a lot of work to address the problem of low test equipment in switched networks. Many switches can be configured with a monitoring port to connect to the Protocol analyzer or other monitors. In some switches, you can configure the monitoring ports to check traffic between any two ports. In a handful of backplane-based switches, the monitoring ports can be used to capture all traffic transmitted by the switch. These monitoring tasks can be achieved through magical electronic technology without affecting the performance of the switch, and if your switch does not have a monitoring port and each port is Rmon, you cannot perform monitoring jobs, which can be difficult and costly to perform. So buying a switch must consider whether it has a monitoring port.

In addition, many switch vendors are equipped with RMON agents for each port. If the basic switch hardware does not integrate the RMON device, it will not weaken the overall performance of the system.

Conclusion

Large vendors are designed to support VLAN creation based on ports, MAC addresses, and Layer3 addresses. There is also a claim to support multicast support based on application VLAN members to compress video or audio data streams. When the VLAN definition is rich and flexible, other interesting management services are likely to mature. In particular, administrators do not have to drag an icon to an image to create a VLAN member, and the VLAN can be dynamically defined by policy management.

With the introduction and implementation of dynamically defined VLAN products and scenarios, the challenges of configuring and managing network nodes will also change radically. For administrators in heavy management, VLANs do not seem to change their dilemma, as they must forget some of the routers based networking principles. However, every administrator will have to face switched networks, and VLANs are an important tool for achieving business goals.