150 likes | 267 Views
Understanding VLANs. Rick Triana Professional Services Consultant Network Appliance Certified Expert. What is a VLAN?. A VLAN is a logical network segment that can span multiple physical network segments. The end-stations belonging to a VLAN are related by function or application.
E N D
Understanding VLANs Rick Triana Professional Services Consultant Network Appliance Certified Expert
What is a VLAN? • A VLAN is a logical network segment that can span multiple physical network segments. • The end-stations belonging to a VLAN are related by function or application. • Because physical proximity of the end-stations is not essential in a VLAN, you can disperse the end-stations geographically and still contain the broadcast domain in a switched network.
About VLAN Membership • An end-station must become a member of a VLAN before it can share the broadcast domain with other end-stations on that VLAN. • The switch ports can be configured to belong to one or more VLANs (static registration), or end-stations can register their VLAN membership dynamically, with VLAN-aware switches. • VLAN membership can be based on one of the following: • Switch ports • End-station MAC addresses • Protocol • In Data ONTAP, VLAN membership is port-based, or based on switch ports.
How VLAN membership affects communication • Any broadcast or multicast packets originating from a member of a VLAN will be flooded only among the members of that VLAN. • Communication between VLANs, however, must go through a router. • The following figure illustrates how communication occurs between geographically dispersed VLAN members:
What GVRP is • GARP VLAN Registration Protocol (GVRP) uses the Generic Attribute Registration Protocol (GARP) to allow end-stations on a network to dynamically register their VLAN membership with GVRP-aware switches. • Similarly, these switches dynamically register with other GVRP-aware switches on the network, thus creating a VLAN topology across the network. • Because GVRP provides dynamic registration of VLAN membership, members can be added or removed from a VLAN on the fly, saving the overhead of maintaining static VLAN configuration on switch ports. • Additionally, VLAN membership information stays current, limiting the broadcast domain of a VLAN only to the active members of that VLAN.
What a VLAN Tag is • A VLAN tag is a unique identifier that indicates the VLAN to which a frame belongs. • Generally, a VLAN tag is included in the header of every frame sent by an end-station on a VLAN. • IEEE 802.1Q
How VLAN Tagging Works • On receiving a tagged frame, the switch inspects the frame header, and based on the VLAN tag, identifies the VLAN. • The switch then forwards the frame to the destination in the identified VLAN. • If the destination MAC address is unknown, the switch limits flooding of the frame to ports that belong to the identified VLAN.
Advantages of VLANs • Ease of administration • Confiinement of broadcast domains • Reduction in network traffic • Enforcement of security policies
NetApp specific advantage • Allows you to create additional interfaces (VLAN interfaces) beyond the number of physical interfaces available on the filer. • Data ONTAP imposes a limit of 128 interfaces (including physical, vif, vlan, vh, and loopback interfaces) per storage system.
Prerequisites for setting up VLANs The following requirements must be satisfied before you set up VLANs in a network: • The switches deployed in the network either must comply with IEEE 802.1Q standards or must have a vendor-specific implementation of VLANs. • For an end-station to support multiple VLANs, it must be able to dynamically register (using GVRP) or must be statically configured to belong to one or more VLANs. • If an end-station cannot register or cannot be configured to belong to a VLAN, the end-station can belong only to one VLAN. • This VLAN is configured on the switch port to which the end-station connects. The frames sent on this switch port are untagged.
Guidelines for setting up VLANs in Data ONTAP • You cannot set up VLANs using the setup procedure. You must use the command line or the FilerView interface to create, change, or destroy VLANs. • You must add the commands to create VLANs on your storage system to the /etc/rc file to make the VLANs persistent across reboots. • You can create any number of VLANs on a NIC (supporting IEEE 802.1Q) on your storage system; however, Data ONTAP imposes a limit of 128 interfaces (including physical, vif, vlan, vh, and loopback interfaces) per storage system. • You can create VLANs on physical interfaces as well as vifs. VLANs in Data ONTAP are implemented in compliance with the IEEE 802.1Q standard.
Guidelines for setting up VLANs in Data ONTAP • You can use VLANs to support packets of different Maximum Transmission Unit (MTU) sizes on the same network interface. If a network interface is a member of multiple VLANs, different MTU sizes can be specified for individual VLANs. • You can assign an identification number from 1 to 4,094 to a VLAN. • You must ensure that the interface on your storage system is also a member of its partner’s VLANs in a cluster failover pair. • You cannot configure any parameters except mediatype for the physical network interface configured to handle VLANs.
Example of creating a VLAN Interface • You can create VLANs with identifiers 10, 20, and 30 on interface e4 of a storage system using the following command: vlan create e4 10 20 30 • As a result, VLAN interfaces e4-10, e4-20, and e4-30 are created. • The ifconfig command output displays e4 as a VLAN interface as follows: e4:flags=80008042<BROADCAST,RUNNING,MULTICAST,VLAN> mtu 1500 • You can configure a VLAN interface e4-10, created in the previous example, using the following command: ifconfig e4-10 172.25.66.11 netmask 255.255.255.0