To view a PDF version of this article, click here.
Plain old Ethernet has been reborn in several ways as this technology makes headway in speed, flexibility and applications. Over the course of 2003, we will spend some time exploring how and why Ethernet has become cool once again.
The technology has undergone so many changes that an encounter with it might feel rather like a visit to a foreign city for the first time. To make those many business-related visits more interesting, I often pack my running gear and hit the local roads to take in some new scenery. Since work travel can occasionally involve evenings at a local establishment, I usually have to embark on my journeys in the morning.
Once while in Nuremberg, Germany, I veered off my intended path accidentally. Forty minutes into my run, I realized I was lost—and the carpool would be leaving the hotel for a meeting in about 45 minutes. I know no German, except when to yell "Pils" (beer), so the ensuing sense of helplessness was real.
This sense of helplessness brings me to Ethernet. Remember when Ethernet was, well, just Ethernet? Engineers who once understood Ethernet very well may now feel helpless and embattled by the barrage of new Ethernet lingo that has rapidly entered the mainstream. Like trying to navigate in old-world Nuremberg, learning current Ethernet concepts is in many respects like being dumped into a strange, new world.
Additions to the standards, ongoing committees, industry forums—heck, I wouldn't be surprised if there were an Ethernet chat room. If you have been in the industry for even three years or more, try pulling out your latest datacom or networking textbook, and check the index for topics of interest today. These books become obsolete quicker than a campaign promise after election day.
This month's column will discuss one important, contemporary Ethernet-related topic that comes as one of those nicely packaged acronyms that have become fully part of the language of networking-a language that will at times inspire a few rounds of Pils. I'm talking about virtual local-area networks, or VLANs.
A Virtual Definition
VLAN is not a difficult concept. The way to think of a VLAN is through the broadcast domain of the network. A broadcast frame of data is one that, as created using a special frame address, is a one-to-all message. Everyone in a network's broadcast domain receives a device's broadcast message, even if a particular station doesn't need to hear it.
Routers can subdivide the LAN at Layer 3 into more-manageable segments to reduce this broadcast traffic, which can grow as the network grows and devices exchange information that is not payload related. However, routers—particularly those of the time of VLAN conceptualization—were costly and slow, bogged down by the intensive processing required. Thus, another way to accomplish this traffic goal was developed through VLANs. The idea of a VLAN is to subdivide the LAN, but with the key being to isolate network segments via logical, as opposed to physical, grouping. Another way to look at it is that a VLAN creates different broadcast domains from a particular switch fabric without relying on the physical connections among nodes and switches.
While logical-resource allocation without the constraint of physical-resource location is valuable, the other obvious advantage of VLAN technology is the freed-up bandwidth in each VLAN group. The rapid increase in traffic on LANs through the 1990s quickly outstripped expectations, and the traffic had to be managed in a way that maintained performance. VLANs offered a way to do that, allowing the assignment of subnetworks to constrain traffic flow among VLAN members that needed to share information. This lets work groups of users experience high performance, and yet also allows multiple work groups to share the same physical network. It does not prevent communication to members of other VLANs, but it forces this data to traverse routers like those headed for WAN destinations. While VLANs developed, routers and hybrid devices also evolved, with much higher speeds, reducing one of the obstacles that drove VLAN development to begin with.
As an example of a VLAN in action, assume that your department is undergoing its semi-annual reorganization. In this situation, the VLAN allows you, via software, to shift some of your organic assets (within engineering groups, also called employees) from cube farm A to cube farm B, yet still keep them within the same work group on the LAN. Thus, instead of sending someone to mix up the wires in the wiring cabinet, a VLAN switch can be configured to allow physically relocated workstations to remain connected in the same subnetwork.
Types of VLANs
Membership in a VLAN can be established in several ways. The most important concepts, described here, include the following characteristics: port numbers on the switch, media-access control (MAC) addresses, protocols or Internet Protocol (IP) addresses. That is, VLAN membership can be established at Layer 1, 2 or 3.
Port-based VLANs: Probably the simplest to understand, switch port numbers can be used to identify VLAN groups. This, in essence, makes multiple LAN segments attached to different switch ports members of the same VLAN.
In port-based VLANs, a switch port is manually assigned a VLAN number (Figure 1). As shown, VLAN 1 exists across several configured ports on the switch-in this case ports 1, 2, 4 and 8. A port can belong to only one VLAN at a time. Notice that only the switch has a full grasp of the VLAN's architecture; segments hanging on the switch have no way of knowing that the VLANs exist. As configured here, a packet broadcast from a workstation attached to, for example, port 3 of the switch will egress on port 7 only. Similarly, VLAN 1 and VLAN 2 members cannot communicate with one another at Layer 2 through the switch. They are effectively different LANs and thus could communicate with one another through a router.
The simplicity of the port-based VLAN is its main advantage. Disadvantages include the need to keep track of port numbers and labels as things change, and that physically moved workstations that result in a change in port will require reconfiguration.
MAC attack: An 802.3 Ethernet frame is shown in Figure 2. This is the standard format of a frame of information delivered out of an Ethernet-compatible transmit device. The break shown between source address and type/length will be discussed later in this article.
Each piece of hardware with an Ethernet device has a (Layer 2) MAC address—hard coded—that identifies it to the rest of the network. The source address is this MAC address in a transmission. It identifies to the receiver where the packet came from. The destination address is simply the MAC address of the device that will receive the frame. So, when a device is ready to send, it surrounds the data (payload) with addressing info and other frame details beyond the scope of this discussion.
A VLAN that operates via MAC addresses simply assigns VLAN membership based on these addresses. The switch contains a table that associates each VLAN with a set of member MAC addresses. Membership is manually configured by telling the VLAN switch which MAC addresses belong to which VLAN—manual management and configuration are admittedly cumbersome disadvantages. Thus, in operation, the ports of the switch are dynamically assigned to a VLAN, depending on the attached devices and their corresponding MAC addresses. When a switch receives a frame, it peers into it to see where it came from—that is, the source address. Then, it checks its reference table to see which VLAN this source belongs to and forwards the packets to its ports according to where the other VLAN members associated with this device are connected. With MAC-based VLANs, a workstation can be moved within the LAN and maintain its VLAN membership.
Layer 3's a charm: Similar to assigning MAC addresses to a particular VLAN, a set of Layer 3 addresses can be assigned to a particular VLAN. The most common and growing example would be the use of IP addresses. Of course, not all devices are necessarily running IP, but the trend is in this direction. While IP assigns an address to each station, seemingly consistent with enabling VLANs, if these addresses are administered via Dynamic Host Configuration Protocol—that is, dynamically per session—the idea becomes problematic, because the attached IP devices are assigned different IP addresses for each session.
Another Layer 3 VLAN approach is protocol-based VLANs. IP is just one particular Layer 3 protocol that can be embedded in the payload of the Ethernet frame in Figure 2. When multiple protocols are run, specific protocols can be assigned different VLANs. The powerful part of this is that different protocols are often associated with specific applications, and thus a VLAN can be established for an application environment—often a convenient and desirable way to run a network. Generally, folks sharing the same application are those you want sharing information on the same network. Of course, with the ongoing march toward everything IP, this advantage is becoming less powerful.
VLAN Tagging-802.1q
In the early 1990s, when VLAN technology became available commercially, it was implemented in a proprietary fashion by switch vendors, limiting the uptake.
The very first VLANs were limited to operation within a single switch. Devices did not share information and therefore did not allow VLANs to exist across multiple switches in a network. Eventually, switch manufacturers enhanced their products to allow their switches to share VLAN information with one another, and thus identify and isolate VLAN members across switches. However, vendors did things their own particular way, so this worked only if all the switches were from the same vendor.
The incompatibility of proprietary systems drove the vendor community and the IEEE to work on standardization that would eliminate this obstacle and fuel deployment and acceptance of VLAN-enhanced switches. By 1999, the IEEE standards addressing VLANs—IEEE 802.1q and 802.3ac—were in place.
The standards committee had two possible approaches. The simpler approach would be to standardize on a protocol that would allow the exchange of VLAN information among switches from different vendors. A second method would be to identify each packet explicitly with a label, or tag, identifier. Because the former approach results in increased overhead and broadcast traffic—thus chewing up bandwidth that the VLAN is trying to free up—the tagging method was preferred.
IEEE 802.1q describes the nature of the tag and the information it contains. The catch with the tag is that by defining this explicit identifier, an additional block had to be added to the Ethernet frame. This is the mystery block shown in Figure 2. This block and its corresponding information, including VLAN tag, are shown in Figure 3. The new Ethernet frame is called out through an additional appendage to the IEEE 802.3 specification—IEEE 802.3ac. The new standard frame increases the maximum frame size. Note also, not insignificantly, a priority identifier was added that allows packets to be assigned one of eight different priority levels—another approach to enhance traffic management and improve upon the "best effort" Achilles' heel of Ethernet and IP networks in general.
As for my German adventure's end? There was a supermarket employee who knew enough English to slowly labor through my story with me. She stopped to take a minute or two to relay the tale to her colleagues. I thought perhaps she was just getting directions for me, until great laughter erupted. I'm sure this instantly became a well-deserved "stupid American" story. My helpful friend then told me my destination was about three miles away, and sketched a little map for me. I figured a cab would give me a chance at a semi-regular remainder of my day (it did), so I found one. I asked the cabby if he spoke English. Naturally, he had recently moved from New Jersey. I didn't catch which exit.
Related Article
1. "Ethernet over Sonet, Part 1"; www. commsdesign.com/OEG20020418S0005.
References
- Breyer, Robert and Sean Riley, Switched, Fast and Gigabit Ethernet, New Riders Publishing, Indianapolis, 1999.
- Izzo, Paul, Gigabit Networks, Wiley & Sons Publishing, New York, 2000.
Rob Howald (rhowald@gi.com) is the director of systems engineering in the transmission network systems group of Motorola's Broadband Communications Sector in Horsham, Pa. He has a BSEE and an MSEE from Villanova University and a PhD from Drexel University.
