VLANs and LAN Switches and Junos OS - dummies

VLANs and LAN Switches and Junos OS

By Walter J. Goralski, Cathy Gadecki, Michael Bushong

The need for network segmentation to cut down on collisions increased as networks grew bigger and got faster. For flexibility, physical segmenting gave way to logical segmenting with VLANs. This practice creates isolated pieces of LANs that are tied together with a special type of bridge called a switch.

The need for VLANs

Bridges reduce the chances for collisions by segmenting the network. By using bridging, Junos OS reduces the collision domain to just the single switch port and the devices attached to it. When just a single host is attached to a single switch port, you no longer need to worry about collisions. In these cases, you can enable full-duplex operation, where both sides can transmit simultaneously and ignore collisions.

LANs have another concern besides collisions. In some cases, switches can’t determine the appropriate ports on which to transmit packets. In these cases, they flood packets, sending them on every switch port, to make sure that the traffic reaches its destination.

Also, in the case of broadcast traffic, the switches must send the traffic on every port to ensure that it reaches every host. In this case, the entire LAN is a single broadcast domain.

On a normally functioning network, hosts send broadcast traffic for many reasons. Because this broadcast traffic must reach every host in the network, it can produce increasingly large amounts of traffic when the broadcast domain grows.

One solution is to split LANs into smaller LANs, but this approach requires separate equipment for each LAN. There is a better way: VLANs.

Instead of thinking of each network as a single LAN, a switch can divide a LAN into subsets called virtual LANs, or VLANs. Switches treat VLANs as if each VLAN were a separate LAN. So, when a switch receives broadcast traffic from a device within a VLAN, it sends the traffic only to those devices in the same VLAN.

In addition, when the switch needs to flood traffic, it sends the traffic only to other ports in the same VLAN on which the traffic was received. In this way, VLANs significantly reduce the amount of broadcast or flooded traffic that devices on the VLAN see, thus decreasing the amount of bandwidth used for this traffic.

LAN switches and VLANs

Now, using bridges to “separate” the network may make you think that devices on different VLANs can’t communicate with each other. In a sense, that is true, because the devices aren’t on the same Layer 2 network, and they can’t communicate with each other directly at Layer 2.

However, traffic destined for a device outside one VLAN can be forwarded to a different VLAN by a Layer 3 router attached to both VLANs, or by the internal inter-VLAN routing feature of a Juniper EX series switch.

All of the ports on the switch establish their own broadcast domain. However, when broadcast frames containing ARPs or multicast traffic arrive, the switch floods the frames to all other ports. Unfortunately, this makes LAN switching not much better than a repeater or bridge when it comes to dealing with broadcast and multicast traffic.

To overcome this problem, a LAN switch can allow multiple ports to be assigned to a broadcast domain. The broadcast domains on a LAN switch are configurable, and each floods broadcast and multicast traffic only within its own domain.

It is not possible for any frame to cross the boundary of a broadcast domain. When LAN switches define multiple broadcast domains, they create virtual LANs (VLANs). A VLAN defines membership to a LAN logically, through configuration, not physically by sharing media or devices.