VIRTUAL LANs

Another approach that offers great flexibility for a network administrator is the use of so-called virtual LANs (VLANs). The idea is to separate the entire LAN internetwork into VLANs, which are broadcast domains consisting of stations each of which should see all packets broadcast by any other. Membership of a VLANmay change dynamically, and is independent of the physical layout of the internetwork.

VLANcapability first appeared as proprietary extensions to Ethernet switches. The simplest type of VLAN is port based, allocating non-intersecting subsets of the ports on a switch to different VLANs (Figure 1). A broadcast frame sent by any member of a given VLAN is received only by other members of the same VLAN. In this simple approach there is no direct communication between VLANs. Such inter-VLAN communication can be effected using a (Layer 3) router or by allowing some ports to be members of more than one VLAN (overlapping VLANs)

Another possibility is to base VLAN membership on MAC addresses. This is more secure and allows a station to be moved without having to reconfigure the VLAN ports but it does require a table of VLAN and MAC address associations to be maintained (usually manually) within the switch. Yet another way is to use the Layer 3 protocol to determine VLAN membership using the Protocol Type field in an Ethernet frame: this can be useful to contain the effects of protocols that do a lot of broadcasting (e.g. NETBIOS and Appletalk).  Note that none of these methods require a station to have any concept of VLAN itself: everything is handled by the switch. It is also possible to create a VLAN based on an IP subnet where the switch configures its ports to a specific VLAN on the basis of the attached station's IP number.

VLANs are simple so long as they are implemented via a single switch, but when it becomes necessary to extend them across several switches connecting internetworked LANs the situation is more complex. A number of proprietary ways of tackling this problem were initially developed but IEEE have worked to standardise the situation via the related protocols 802.1p and 802.1Q. A moments consideration should convince that the problem is essentially identical to that of ensuring that multicast PDUs are directed only to hosts in the appropriate multicast group. 802.1Q introduces the idea of a VLAN-aware end station although it does not require that all end-stations be VLAN-aware.

802.1p is an extension to 802.1D (the spanning tree standard) allowing bridges or switches to modify their filtering  databases dynamically to allow for more intelligent handling of multicast frames. 802.1D tackles multicast frames by forwarding them on all ports; 802.1p allows stations to join groups supported by switches which then route multicast frames between members. The groups may be simple multicast groups or VLANs, but the basic operation is the same. This basic operation is encapsulated in the generic 802.1p protocol known as GARP (generic attribute registration protocol). In GARP a device may ask to receive traffic with some attribute forwarding its request to its local switch. The switch propagates the request through the network and each GARP-capable device updates its filter database accordingly to indicate that traffic with this attribute must be forwarded to the requestor. GARP is a generic protocol which can be used to create concrete implementations for specific types of group. In particular 802.1p specifies a GARP implementation called GMRP (GARP multicast registration protocol) to support IP multicast groups (IP multicast group membership is the attribute). 802.1p also defines a frame prioritisation scheme to allow LANs to expedite time-critical information (clearly an issue with much multicast traffic); however, it does not attempt to specify the frame format required to support this, instead leaving this to 802.1Q.

802.1Q is aimed squarely at supporting definitions and management of multi-switch VLANs. Each VLAN is allocated a VID (VLAN ID) number which may be used by any switch or VLAN-aware station.  An extension to the 802.3 frame header is used in the form of a 4-byte 802.1Q tag which displaces the type/length field, using a type/length identifier of 81-0016 to indicate its presence (see Figure 2). The tag carries a 3-bit frame priority and a 12-bit VID. The CFI bit is used to allow the tagged frame to carry token ring or FDDI frames (not considered further here).

Links between 802.1Q switches are called trunks and can multiplex frames from many VLAN using tagging. Ordinary (802.1Q unaware stations are attached to switches using access links which do not carry tagged traffic. A switch port receiving an untagged frame on an access link will tag it; likewise the switch port will untag any frame for transmission on an access link before sending it. There is also provision for hybrid links which can carry tagged or untagged traffic. 802.1Q also associates a priority from 0 and 7 (7 is highest) with each switch port which are used as required by 802.1p. In general higher priority frames waiting at a switch must be transmitted first which typically requires that switch ports have multiple queues for different priority frames. Priorities can be explicitly allocated by 802.1Q stations but can be altered by switches according to pre-programmed rules.

Another implementation of GARP called GVRP (GARP VLAN registration protocol) is defined in 802.1Q to allow VLAN-aware end stations to register with or deregister from specific VLANs (non VLAN-aware end stations must be registered manually) via switches able to use the GVRP prototol; however, again there is no requirement in 802.1Q that all switches must implement GVRP and, in fact, it is still much commoner for configuration to be done manually.

802.1Q is intended to operate within a single 802.1D spanning tree domain which may have numerous VLANs but only one spanning tree. Before VLANs are defined all switch ports are untagged and all attached stations are considered to belong to a single default VLAN with VID 1.

An addendum was issued to 802.1Q in 2007 called 802.1ak. This redefined the GARP protocol which was renamed Multiple Registration Protocol (MRP) and, then replaced GMRP with Multiple MAC Registration Protocol (MMRP) and GVRP with Multiple VLAN Registration Protocol (MVRP). The main effect of these changes are to move the support of these protocols into the 802.1Q domain. It is likely that GARP and GMRP will be deleted from 802.1D in due course.