VLANs and Layer 3 Switching
Switched, Fast, and Gigabit Ethernet, Third Edition
Author: Sean Riley; Robert Breyer
chapter covers the relatively new topics of virtual LANs (VLANs) and Layer
3 switching. The first part of this chapter discusses the concepts and benefits
of VLANs and the different VLAN implementation methods, such as port, protocol,
MAC address, and IP Subnet. We look at distributed VLANs, which require some
kind of trunking. We look at the proprietary VLAN trunking method from Cisco
called Interswitch Link (ISL), as well as the new IEEE 802.1Q VLAN tagging
standard. We then look at the different methods of connecting VLANs.
We also examine the IEEE 802.1p priority switching technology that was
designed to improve the delivery of time-critical data. Whereas 802.1p is
not directly related to VLANs, the 802.1p standard utilizes the additional
VLAN tagging field to provide for improved delivery of time-critical data.
Therefore, this chapter is a good place to deal with it.
second part of this chapter discusses Layer 3 switches. We first cover some
of the basics of routing; then we attempt to explain the current hype surrounding
Layer 3 switches, which are merely hardware-based IP or IPX LAN routers. We
contrast the different types of Layer 3 switches, namely packet-to-packet,
and a host of other methods that rely on cut-through methods. (For more information
on cut-through methods, see Chapter 4, “Layer 2
Next, we take an
in-depth look at Layer 3 switches. Layer 3 switches are replacing classic
IP LAN routers in certain places, because they offer more performance at significantly
lower prices with easier configuration. Different VLANs need to be connected
via a Layer 3 device, such as a classic router. The required use of routers
has slowed the adoption rate of VLANs tremendously. The recent emergence of
fast, easy to configure, and affordable Layer 3 hardware-based switches has
made VLANs a popular mainstream tool for LAN managers everywhere.
Finally, we discuss Layer 4 switching, which is the latest hot concept.
We also discuss why Layer 4 switching isn't really switching at all.
Before we begin, we need to point out a few things:
We cover a lot of information in this chapter. To discuss
both VLANs and Layer 3 switches in detail in one chapter is ambitious. Therefore,
this chapter doesn't go into too much detail. Entire books have been written
on just VLANs or Layer 3 switching. Many excellent white papers from the vendor
community also are available on the Web. Please refer to Appendixes
B and C for suggestions for further reading.
VLANs are not specific to Ethernet but are based on the OSI
Layer 2. As such, you can apply VLANs to any frame-based LAN technology that
follows the OSI model. For example, VLANs are already a feature on some of
today's FDDI or Token Ring switches. The standards we discuss in this chapter,
such as 802.1Q/p, are not 802.3/Ethernet specific; they were designed to work
for Token Ring and other frame-based LAN standards as well.
We discuss Layer 3 aspects of the OSI model. Note that, like
VLANs, Layer 3 switching technology could be built into any OSI-compliant
LAN hardware standard. Networking vendors chose to focus their Layer 3 switching
efforts on Ethernet, and Fast and Gigabit Ethernet in particular. For example,
we quite possibly will see some Layer 3 Token Ring switches one day.
TCP/IP is the most popular Layer 3 networking protocol today
and is fast becoming the de facto standard. We assume you are somewhat familiar
with the routing aspects of TCP/IP. We included a number of references for
Before we delve into VLANs in more detail, let's take a small detour
into the frame world.
This is a quick tutorial on the subject of unicast, multicast, and broadcast
frames. These three frame transmissions differ in terms of their destination
Ethernet frames typically are sent from a particular source address
(SA) to a specific destination address (DA), which is a one-to-one transmission.
This is known as unicast, or unique address
broadcast. The DA field in a unicast frame is the MAC address of
the destination and is always a unique 6-byte number. An example of a unicast
DA is 00-A0-EF-12-34-56 (hex). A switch directly forwards a unicast frame
from source port to destination port. Most of today's LAN traffic consists
of point-to-point transmissions.
same source data needs to be sent to multiple receivers. This could be an
email sent to everyone in a specific department within a company or a company-wide
mailing list. Newer applications, such as server-based audio or video streaming
(covered in Chapter 7, “Bandwidth: How Much Is
Enough?”), also fall into this category of one-to-many communication.
From a bandwidth-usage perspective, broadcasting to multiple users at once
is much more efficient than generating multiple individual unicast transmissions
for every individual user. The one-to-many transmission, broadcasting to multiple
users at once, is called multicasting. One-to-many transmissions
are becoming increasingly popular as new applications, such as server-based
streaming, groupware, videoconferencing, and IP multicasting, become more
mainstream. The receiver typically decides whether to join a specific multicast
transmission. Multicasts are identified by means of a particular DA range
of addresses. An example of a multicast DA is 01-80-C2-00-00-00 (which is
a spanning tree multicast address).
Many recent one-to-many applications utilize IP multicasting, which
is different from Ethernet multicasting. We discuss IP multicasts later
in this chapter.
When Layer 2 switches do not know the destination address of a particular
frame, they flood or forward the frame to all ports. Although this is
not a multicast, it is similar in nature because it creates a lot of
extra traffic on all segments.
Broadcasts are one-to-all transmissions addressed
to everyone on the network. A variety of sources can generate broadcast frames:
The spanning tree Bridge Protocol Data Unit (BPDU) (discussed
in Chapter 4) is a typical example of a broadcast
frame. This frame needs to be conveyed to all bridges and switches on the
LAN to build one tree.
Some network operating system (NOS) clients and servers, such
as NetWare, use broadcasts to advertise their presence on the LAN. Most networking
protocols, such as IPX, AppleTalk, and NetBIOS, make regular use of broadcasts
to discover addresses, routers, and servers.
IP routing protocols, such as RIP, SNMP, DVMRP, and ARP, use
broadcasts extensively to discover routing paths, to exchange information
about the optimal route, or to match IP and MAC addresses.
With broadcasts, the DA frame field is set to all 1s.
This indicates to all stations on the LAN that this particular frame is destined
for everyone. All broadcast frames have the destination address field set
to all 1s (or FF-FF-FF-FF-FF-FF, in hexadecimal notation).
Like Ethernet collisions, broadcasts have received
a bad reputation over the years because they often do not represent an actual
data transmission but more network Layer 2 or 3 overhead.
A unicast transmission will occupy only the direct path from source
to destination, whereas a broadcast will permeate all corners of a network.
Thus, many people view broadcasts as wasted bandwidth. The truth is that broadcast
transmissions cannot be eliminated: They are part of the normal workings of
any network. Only excessive broadcast rates are a problem, and they are typically
the result of too large a network or faulty hardware. Excessive broadcast
rates affect the net bandwidth available to users, causing the network to
become very sluggish.
Faulty hardware or an incorrectly configured network
can lead to the network being overwhelmed with broadcasts, also known as a broadcast
storm. A broadcast storm describes a situation in which the entire
network is used to transmit broadcasts, leaving no bandwidth for regular traffic.
This will result in time-outs and network errors, which is the equivalent
of freeway “gridlock.”
Really, only two possible things can create a broadcast storm:
Bridge loops (such as that shown in Figure
4.5 in Chapter 4) running without the spanning
tree algorithm (STA) in operation. This is very rare, because most new bridges
and all switches include STA. (Alternatively, STA could be disabled on a bridge
The other, more likely, source of broadcasts is faulty hardware
(NICs or switches). The device in question is malfunctioning and possibly
sending out broadcast frames permanently.
Both scenarios are very unlikely these days; NICs
now have an MTBF (mean time between failure) rate of well over 10 years, and
all bridge switches include the STA.
In a shared or repeated Ethernet segment, all
nodes are in the same collision domain. A repeater is invisible to all nodes
in a shared-media segment. Nodes operating in a shared environment collide
with each other if they attempt a transmission at the same time. When two
nodes collide, all other nodes hear the collision: hence the term collision
domain. Collisions do not traverse a bridge or a switch; therefore,
these devices form the edges or borders of a collision domain.
The broadcast domain is the network area that a broadcast frame will
fill. As discussed in Chapter 4, switches or bridges
operate at Layer 2 and blindly forward all broadcast traffic received (as
well as all unknown destination address frames), making switches invisible
to broadcasts. Figure 5.1 illustrates this.
Theoretically, you can build very large networks
with hundreds or even thousands of nodes using only Layer 2 switches. The
term flat network is used because, from a hierarchical
perspective, all these switches are on the same level: no higher level Layer
3 routers are present. In practice, the size of a flat, switched Layer 2 network
has a limit. The following factors limit the size of a Layer 2 network:
Broadcasts grow with network size
As previously discussed, broadcasts tend to travel everywhere within
a switched network. Many NOSs and their associated protocols, such
as NetWare, AppleTalk, LAN Manager, and LANServer, are rather chatty:
They create a fair amount of broadcast traffic. That's because these
network operating systems' protocols were designed to operate on
local area networks where bandwidth has traditionally not been a
problem. When enlarging a Layer 2 switched network from say 100
to 1000 users, the broadcast rate will grow at least tenfold, too.
If your broadcast rate in a 100-user network is 2%, the 1000-user
network will have a broadcast rate of at least 20%, which is a rather
significant number. Even 20% broadcast traffic is tolerable, because
it leaves you with almost 80% usable bandwidth in a switched environment.
The good news is that TCP/IP is a very quiet (or, non-chatty) protocol
because it was designed to operate over WAN links, where bandwidth
is scarce. Therefore, as more networks migrate from other protocols
to TCP/IP, the broadcast rate will decrease.
Control The big issue with large networks
is that a broadcast storm will crash the entire network. Although broadcast
storms are extremely rare, the occurrence of one will bring your entire network
to its knees, and 1000 angry users is nothing to sneeze at.
Lack of IP addresses Networks using
IP must contend with another issue: lack of IP addresses. In an IP environment,
every node receives an IP address that is either permanently (statically)
assigned or dynamically assigned via the Dynamic Host Configuration Protocol
(DHCP). Only a maximum of 254 IP addresses can be assigned on a particular
IP subnet, imposing an artificial limit on the maximum number of users in
a particular broadcast domain.
5.1. For a repeated network, the collision domain and broadcast
domain are the same. Introducing a bridge or switch creates two separate
collision domains, yet all nodes still share the same broadcast domain.
Historically, you connected LANs together over short distances
with bridges. You used routers to connect LANs together over extended distances.
You joined these different LANs via multiple routers, sometimes with different
path choices. Routers set up an optimum routing path depending on various
criteria, therefore the term routers. Routers operate
at Layer 3 and don't forward broadcasts or multicasts automatically, so LAN
managers started using routers to link similar LANs over shorter distances.
As corporate networks became larger, routers started moving to the center
of the network to segment larger, flat Layer 2 networks into smaller broadcast
domains or subnets. Routers became the centerpieces for large enterprise networks,
using architectures such as distributed or collapsed backbones (more on this
in the second half of this book) to generate multiple smaller subnets.
This solves all of the issues of large flat Layer
2 networks: Every subnet can have 254 IP addresses, broadcasts are contained
within a subnet, possible broadcast storms only affect one subnet, and protocol
routing still occurs. (This assumes a particular type of IP address, namely
a Class C address.) Figure 5.2 shows a switched
network that has been subdivided by means of a router. The nodes A, B, C,
and D (shown in Figure 5.2) physically reside
in the same broadcast domain, and nodes E, F, and G reside in broadcast domain
2. The limits for broadcast domains 1 and 2 are the outer physical boundaries
set by switch 1 and switch 2. If, for example, node D wanted to join broadcast
domain 1, the node would have to be physically moved and connected to switch
5.2. Introducing a router into our previously shown network creates
two different broadcast domains. Nodes A, B, C, and D are part of
broadcast domain 1, whereas nodes E, F, and G are part of broadcast
the broadcast rate in most pure Layer 2 networks is not excessive.
What LAN managers fear most is the entire network coming to a halt.
Unfortunately, broadcast storms can cause that, extremely rare as
they are. So it is often the fear of broadcast storms, not of existing
broadcast rates, that causes network managers to look for ways of
dividing up larger Layer 2 networks into smaller broadcast domains.
So before you go out and buy more routers to segment your flat Layer
2 network to reduce broadcasts, we urge you to take a closer look
at what exactly your broadcast traffic rate is. Chapter
7, “Bandwidth: How Much Is Enough?” discusses some
tools that allow you to measure broadcasts. In our opinion, a 10%
broadcast rate is quite acceptable.
often subdivide a larger flat network into multiple broadcast domains.
The router is placed at the center of the network to accomplish this.
There's another reason why routers often are found at the center of
large networks. Historically, different operating systems have all
used different networking protocols. Only recently has TCP/IP emerged
as the clear leader. For many years, Novell NetWare ran on IPX, Digital
used LAT, Microsoft favored NetBEUI or NetBIOS, and the UNIX world
was synonymous with TCP/IP. Then, of course, Banyan, IBM, Apple, and
the like all used different protocols again. So most corporate networks
required a powerful protocol router somewhere so that everyone could
communicate with everyone else. Putting this router at the edge of
the network wasn't very efficient because it meant the routed traffic
needed to traverse multiple switches twice. Thus, routers became the
centerpieces of larger mixed-protocol environments.
One of the primary architects of OpenCable, Michael
Adams, explains the key concepts of this initiative in his book
Broadband, Second Edition
by George Abe
Introduces the topics surrounding high-speed networks
to the home. It is written for anyone seeking a broad-based familiarity
with the issues of residential broadband (RBB) including product
developers, engineers, network designers, business people, professionals
in legal and regulatory positions, and industry analysts.