VLANs and PVLANS
In most datacenters, widespread use of virtual LANs (VLANs) is common. VLANs
allow you to isolate traffic without using physical separation—for example, by using
various switches and network adapters for the different types of isolated networks.
Although physical separation works, maintaining the additional physical
infrastructure is costly in terms of hardware, power, and even cooling in the
datacenter. Managing large numbers of isolated physical network topologies also can
be complex.
Understanding VLANs
A VLAN is a layer 2 technology that primarily adds the capability to create partitions in
the network for broadcast traffic. Normally, networks are separated by using devices
such as routers, which control the transmission of traffic between segments (a local
area network, or LAN) of the network. However, a VLAN allows a single physical
network segment to be virtually partitioned so that VLANs cannot communicate with
each other, and broadcast traffic such as ARP (to resolve IP addresses to MAC
addresses) would not cross VLANs.
Here’s a great example that explains the broadcast boundary nature of a VLAN: Say
you have ten machines plugged into a single switch, and one of those machines is a
DHCP server. All nine of the other machines plugged into that switch are able to get
an IP address from the DHCP server. If VLANs are configured, and the DHCP server
and a few of the machines are put in a specific VLAN, then only the machines in the
same VLAN as the DHCP server can get an IP address from the DHCP server. All of
the other machines not part of that VLAN can’t contact the DHCP server and would
require another method for IP configuration.
Additionally, through network hardware configuration, it is possible for a single VLAN
to cross physical network segments and even locations, allowing machines that are
physically distributed to act and communicate as if they were on a single physical
network segment. The VLAN is, at a high level, creating virtual LANs that are
abstracted from the physical location. For VLANs to communicate with each other,
layer 3 technologies (IP) are used for IP-level routing.
By partitioning communication and broadcast traffic, VLANs provide the following key
features to an environment that make VLANs an attractive technology to implement:
Separate Broadcast Domains This seems obvious, but separate broadcast
domains can be a huge benefit for larger networks that have an amount of
broadcast traffic that may be causing network performance issues. This also
enables a single network to be divided into separate networks as required.
Isolation between Machines VLANs enable partitions between groups of
servers, which may be required in scenarios such as different departments,