Virtual LAN – Layer 3 VLAN

The network layer of the OS Protocol stack is often simply known as Layer 3.   It is important for network troubleshooting as it is where routing takes place one level above the data link layer (Layer 2) which is where switching and bridging happens.  A VLAN (virtual LAN) is a subnetwork of an internetwork however it is normally defined using a switched network topology.

So what do we mean by a switched network?  Well simply put it is a series of devices such as computers attached directly to some sort of multiport switching device.  A network switch acts like a connecting medium between the ports which computers are connected to.  In the perfect switching environment each port has only one device connected to it, however in reality it’s likely to be another network device like a bridge or hub which has many more clients indirectly connected to the switch.   The perfect scenario has no conflict between different devices trying to use the same network cable, performance is maximized here because there is no waiting or latency while information is transmitted such as you would get on Ethernet.   Just like the simple VPNs we use across the internet to watch BBC USA whilst hiding your IP address they VLANs segment and protect traffic.

An important reason for segmenting networks initially then connecting them together again using routers is that it minimizes the size of broadcast domains with fewer devices competing for access.  Switched topologies also reduce the level of contention  and many networks have to evolve into large flat switched networks.  If you remove routers though there is a price to pay both in ease of administration and being able to securely manage specific segments or devices.   If you need to retain some sort of topological layout in this scenario, VLANs are probably the only feasible option.

A VLAN restores the advantages of a segmented network to a flat switched network.  Network administrators can use VLANs to create pseudo segments in a open network across the switches.   This is important for creating security segments and managing large networks as the computers which are joined to the VLAN can exists anywhere on the network.  So for example you can create a high security VLAN to connect secured servers together where they can be managed and secured as a group.  These servers can exist on different switches, different ports and across buildings and departments.

The next stage is to take these individual VLANs which connect many groups of computers and extend the model.  Indeed a device can be a member of multiple VLANs and messages can be broadcast to specific devices by sending them to specific VLANs only.    The issue with this setup is that routers still need to transmit packets across these different VLANs, there is still a requirement for data to be transported which can cause contention and performance issues.

Here we see the techniques of Layer 3 switching being useful where a routing algorithm is used to discover the fastest path through the switched network.   Once a destination is actually located, a shorter layer 2 switched path can be used.   This procedure is possible because the VLANS will actually overlay the physical switching fabric of the network.   Obviously there is more to these techniques and indeed the design and construction of efficient switched networks is a large and interesting field.

Further Reading:

John Simmons, Is VPN Safe? Galsworthy Publications, 2013

Leave a Reply

Your email address will not be published. Required fields are marked *