VLAN
From Wikipractice
Contents |
VLANs, or Virtual LAN are used to simulate several logical Ethernet networks on the same physical infrastrucure. VLANs are independent broadcast domain which don't share any layer two communications. There are two main ways of defining VLANs:
- Per service. Common services are groupped in a common VLAN, across many locations.
- Per location. VLAN scope is limited to a location, for example a floor or a computer center.
Each system has its adventages and inconvenient. The purpose of this article is to describe the best practice in implementing VLANs in order to fit neeeds of the actual technologies.
VLAN per service
VLAN per service was very common and effective with ATM where it was implemented via LAN Emulation. However, on Ethernet networks, it is becomming less and less usual as it requires per VLAN Spanning Tree. There are two main reasons for that:
- Spanning tree is a non deterministic protocol which could take time to converge: this is not compatible with newer technologies like IP Telephony.
- Sides effect are hapening between VLANs. It means that if Spanning Tree is being re-calculated on a VLAN, the other VLANs sharing the same devices could be also impacted.
Therefore best practice in implementing spanning tree do not recomment the usage of per service VLANs.
VLAN per location
VLANs per location are the best to implement and manage. They respect the important rule one VLAN equal one switch equan one subnet, which avoid the use of Spanning Tree.
Organization of VLANs
On large deployment, it is important to define a VLAN allocation plan, similar to IP Address Plan, that will be common to all locations. The following table gives an example of VLAN allocation that has been used in a very large deployment.
| Usage | VLAN numbers |
| Data servers | 2 to 99 |
| Data | 100 to 399 |
| Point-to-point links | 400 to 459 |
| Voice servers | 550 to 559 |
| Special voice services | 560 tp 579 |
| Voice | 600 to 899 |
| Reserved | 900 to 949 |
| Management | 950 to 999 |
Comment
VLAN 1 (or sometime 0) is often used as default VLAN in LAN switches. It is not advised to use them: they should be always de-activated as it could cause layer two loops and security holes when a new device is savagely added on the network: this should not hapened, but better be prepared in case of.
Size of VLANs
Size of VLANs, or amount of device connected to it, is strongly linked to subnet which will be used on it. However, best practice demonstrated that the maximum amount of device that should be connected to a VLAN is 254 (equivalent to a C class), especially when IP telephony is used. This is to:
- limit broadcasts
- limit effect of potential virus
- limit maximum bandwidth on a VLAN
Limitation of amount of broadcasts will also improve the performance of devices connected to a VLAN: each broadcast has to be handled by each device to check if he is concerned or not. In addition, broadcasts generates traffic and consume bandwidth.
