3Com Transcend VLANs Leveraging Virtual LAN Technology to Make Networking Easier

8/12/2019 3Com Transcend VLANs Leveraging Virtual LAN Technology to Make Networking Easier

1/18

3Com Strategic Directions

3Com Transcend VLANsLeveraging Virtual LAN Technology

to Make Networking Easier


2/18

1 Strategic Directions

3C om Transcend VLA NsLeveraging Virtual LAN Technology to Make Networking Easier

ContentsExecutive Summary 2

The Transcend VLANs Architecture 2

Building VLANS: Four Critical Issues 3

VLAN Membership 4

VLAN Membership Communication 4

VLAN Configuration 5

Inter-VLAN Communication 5

Transcend VLANs Solutions 6

Reducing the Cost of Administering Moves and Changes 6

More Cost-Effective Broadcast Containment Than Routers 7

Supporting Multimedia Applications and Efficient Multicast Control 7

Enhancing Security 8

Automation of Network Administration and Management 9

Reduced Need for Routing 10

More Effective Network Monitoring Through dRMON and RMON2 10

Transcend VLANs Delivery Roadmap 10

Phase 1: Port-Based VLANs with Graphical Management 11

Phase 2: Autoconfigured VLANs 11Phase 3: Desktop-Configured VLANs 12

Conclusion 13

Copyright 1996 3Com Corporation. All rights reserved; reproduction in whole or in part without permission is pro-hibited. The information and opinions within are based on the best information available, but completeness and accuracycannot be guaranteed. In no event will 3Com be liable for any damages whatsoever arising out of the use or inability touse this publication even if advised of the possibility of such damages.


3/18

3ComTranscend VLANs

Leveraging Virtual LAN Technology to MakeNetworking Easier

The Transcend VLANs ArchitectureIn 1995, the computer networking industryshifted gears. A range of new and excitingLAN technologies began to be deployed. Thetechnologies that have garnered the mostattention have been those based on switching,particularly switched Ethernet, Fast Ethernet,and ATM. One of the most heralded benefitsof these technologies is virtual LANs(VLANs). But successful deployment of VLANs in todays networks will require anevolutionary, rather than revolutionary,approach.

Based on the Transcend Networkingpremise that networking has to be easier,

3Com has developed Transcend VLANs, anarchitecture specifically designed to providecustomers with cost savings and performancebenefits immediately, not two years down theroad. At each phase of an organizationsnetwork evolution, Transcend VLANs focuseson reducing the amount of administrative timenecessary to maintain the network infra-structure by maximizing automation.Automated network administration givesnetwork managers more time to develop anddeploy network applications that increase pro-ductivity and introduce innovative ways of doing business.

In the final phase of the migration toVLANs, the Transcend VLANs architectureenables the organization to reach an extremelyhigh level of automation in the administrationof the network. By leveraging the increasingintelligence of the desktop, Transcend VLANs

2Strategic Directions

This paper i ntroduces Transcend VLANs,3Coms virtual LAN architecture, and thestrategic vision behind it. The goal of theTranscend VLANs architecture i s to make net -w orking easier so that netw ork administratorscan focus on delivering applications andservices. The Transcend VLANs archit ecturehelps organizations dramatically reduce thehigh cost of moves and changes in the network.It also enhances the management of broadcastand multicast traffi c, improves networksecurity, automates many aspects of networkmanagement, and reduces the need for routersin the LAN. Ultimately, the Transcend VLANsarchitecture enables the organization to reachan extremely high level of automation in the

administration of the netw ork.The Transcend VLANs architecture com-prehensively addresses each of the four keyareas of VLAN implementation: how VLANmembership is defined, how VLAN membershipinformation is communicated across multipleswit ches, the degree to w hich VLAN configu-ration is automated, and how traffic i s trans-ported betw een different VLANs.

3Com i s delivering Transcend VLANs inthree phases. Phase 1 of Transcend VLANs sim-plifies network moves and changes andimproves server access. Unlike other vendors

solutions, this functionality is available on evenour lowest-priced switches, and most Phase 1functionality is shipping today.

Phase 2 of Transcend VLANs w ill enablecustomers to reduce the use of LAN routers,simplify switch configuration, and introducestandards-based multi vendor interoper-abilit y. Together w ith t echnologies such asPACE, Transcend VLANs ena bles 3Com todeliver superior mult imedia solut ions. Phase2 functionality will be delivered during 1996and 1997.

In Phase 3, the netw ork becomessomewhat analogous to a tw o-way, high-speedcable TV network or subscription service. Byfully leveraging the intelligence available at thedesktop, VLANs and VLAN membership are nolonger static or semi-static designations, butare dynamic, w ith the virtual structure of thenetw ork responding in accordance w ith t heusers demand f or services. Phase 3 func-tionality w ill begin shipping in 1997.

This paper is intended for networkmanagers. It assumes an understanding of t hetechnical aspects of networking and somefamiliarity with VLAN technology. For a generalintroduction t o VLANs, refer t o theVirtual LAN Technology Report,by Decisys, Inc. (3Com lit-erature number 200374-001).

Executive Summary


4/18

will enable the network to dynamically self-configure. This self-configuration is based onpolicies (parameters) set by the network administrator, and on the particular appli-cations and/or network services that areaccessed by each user at a given time. In thistype of network environment, users can beseen as subscribing to network services andapplications in a way that is similar to cus-tomers subscribing to cable TV channels.

While the self-configuring, two-way cableTVlike network is the long-term goal of theTranscend VLANs architecture, the implemen-tation of VLANs must solve the pressing needsof network administrators today. Rather thanoffering VLANs as a futuristic panacea,Transcend VLANs delivers solutions to very

real problems network administrators face rightnow, saving organizationssubstantial amounts of money in reduced network administration costs.

The goal of theTranscend VLANs archi-tecture is to enable network administrators to focus ondelivering applications and

services. Network adminis-trators spend as much as 75percent of their time maintaining the network infrastructure, ensuring optimal traffic flow,and handling moves and changes.Administering moves and changes is a partic-ularly time-consuming and nonproductiveexercise. Normally, when a user moves to adifferent physical location in the network, asubstantial amount of administrative labor isrequired to reconfigure the network and, often,that users workstation. In some particularlydynamic network environments, such as thosefound in the securities/banking industry, thisrepetitive and labor-intensive aspect of network administration can comprise as muchas 16 percent of an entire IT budget (includinghardware, software, and labor). In some of these dynamic environments, as many as 10percent of network users move per month, andseveral administrative personnel must be ded-icated solely to handling moves and changes.

Since the high cost of moves and changesin the network is a pressing and immediateproblem for most organizations, 3Com hasgiven the reduction of these administrativecosts the highest priority among the benefits of Transcend VLANs. Of course, TranscendVLANs also delivers the other primarybenefits of VLAN deployment: broadcast andmulticast traffic control, enhanced network security, automation of network management,and reduced need for routers in the LAN.

While many vendors VLAN solutionsare targeted at solving a large number of problems, and/or creating solutions toproblems that do not exist, Transcend VLANs,from the moment the first VLANs are con-figured, is focused on delivering substantial

cost savings that have apositive impact on thebottom line of the IT orga-nization. Yet, far frombeing a short-term solution,Transcend VLANsprovides for an eleganttransition to a network infrastructure that shieldsboth the user and thenetwork administrator from

complexity, yet furnishesthe performance necessaryfor the delivery of increasingly demandingapplications.

Building VLANs: Four Critical IssuesFour major issues must be considered inimplementing VLANs: How should VLANs be defined in the

network? What method is best for communicating

VLAN membership information across

multiple switches? To what degree should VLAN configuration

be automated? How is traffic transported between different

VLANs?How these issues are resolved

determines the effectiveness of a particularVLAN implementation in meeting the needsof both users and network administrators(Figure 1 on page 4).


The goal of TranscendVLANs is toenab le ne tw ork adminis t ra tors

to f o c us o ndelivering appli-ca t ions andservices .


5/18

VLAN Membership How should VLANs be defined in thenetwork? There are four basic ways in whichVLANs are defined: By switch port group By MAC address By network layer information (including by

protocol type and/or IP address) By multicast group

Each method of defining VLAN mem-bership has advantages and disadvantages.These are discussed in some detail in theVirtual LAN Technology Report. Each methodis appropriate for meeting different user needsand in different network environments, andthere are even situations where it is advan-tageous to utilize multiple methods within asingle network environment. Therefore, it isimperative that a vendors VLAN solutionfeature a considerable degree of flexibility.

Transcend VLANs delivers this flexibility,enabling network managers to define VLANsby all four methods.

VLAN Membership Communication What method is best for communicatingVLAN membership information acrossmultiple switches? What implications willthe chosen method have on network traffic asthe network grows? There are two generalways in which VLAN membership infor-

mation is communicated across multipleswitches: Implicit communication Explicit communication

Implicit communication can refer toport-defined VLANs within a single switch.This would be found in smaller networks ornetworks with large numbers of users oneach switch segment. More commonly,however, implicit communication refers toVLANs defined at layer 3the informationidentifying VLAN membership is found inthe packet header.

Explicit communication of VLAN infor-mation can be accomplished in three ways,two of which are industry standards. The firststandardized method is via an ATMbackbone and implementation of the ATMForums LAN Emulation standard (LANE).LANE is supported in all of 3Coms ATM

switching products. The second standardmethod of explicit communication of VLANinformation is presently being formulatedunder the IEEE 802.1Q VLAN standard.3Com has been a primary force in the ratifi-cation of this standard by the committee. Thethird method is proprietary frame tagging orencapsulation. In order to give customers awide range of options and flexibility in theirVLAN solutions, 3Com will support its ownVirtual LAN Trunking (VLT) frame-tagging


Acronyms andAbbreviations

ATM Asynchronous Transfer M ode

LAN mulated LAN

DDI iber Distributed Data Interface

GMP nternet Group M anagement rotocol

P nternet Protocol

ANE AN Emulation

MAC M edia access control

NIC Network interface card

RMON2 Remote Moni toring version 2

CP/IP ransmission Control rotocol/Internet Protocol

VLAN Virtual LAN

VLT Virtual LAN Trunking

Port User(MAC)

Multicastgroup Protocol

Port-defined Layer 3 Implicit

LANE IEEE 802.1Q 3Com VLT Explicit

Manual Semi-automated Automatic AutoCast

Edge routingInternal rounting

One-armedrouter

(external)

Route server/route client

Desktop-enabled

(no explicit routing)

VLAN view

VLAN membership

VLAN communication

VLAN configuration

Inter-VLANcommunication

Admin

Figure 1. Elements of a VLAN Implementation


6/18

method in many of its products until the802.1Q standard is finalized.

VLAN Configuration To what degree should VLAN configurationbe automated? How much control should beleft to the network administrator? VLANautomation can be described in three levels: Manual Semi-automated Fully automated

In general, these levels represent varyingdegrees of trade-off between the reduction of administrative effort through automated con-figuration and the enhancement of adminis-trative control. In each network environment,the equilibrium between these two poles is dif-

ferent. Therefore, as with VLAN definition,the level of automation in configuring VLANsdepends on the particular network environmentand specific business needs of each customer.Because of the range of customer needs in thisarea, 3Coms Transcend VLANs architecturesupports all three levels of automation forVLAN configuration.

Inter-VLAN Communication How is traffic transportedbetween different VLANs?The short answer to thisquestion is by routing.However, routing solutionsvary considerably, eachhaving its own set of prosand cons, as well as its ownimpact on the overallstructure of the network.Furthermore, routing is notthe only method for inter-VLAN communication. As is the case with the

other critical issues involved in choosing aVLAN solution, the technique used for inter-VLAN communication depends on the organi-zations specific needs and overall network environment. Here again, flexibility is essential.

There are multiple contending models forwhere to locate routing functionality in thenetwork: Edge routing The one-armed router

The route server/route client Desktop-enabled zero-hop routing

These models have become significantpoints of differentiation between the majorLAN vendors. (A more detailed discussion of the advantages and disadvantages of eachrouting model can be found in the Virtual LAN Technology Report. ) 3Com again plans tosupport multiple models, because each canhave a place, depending on the customersoverall network environment.

3Com is presently delivering a solutionbased on the edge-routing model, integratingthe routing function into its LANplex High-Function switches. Integrated routingoptimizes access to network resources utilizedby members of multiple VLANs (for example,

e-mail servers, centralized database servers,and so on), because inter-VLAN traffic doesnot need to be forwarded to an external routerfor processing. Such traffic is routed by theLANplex switch, providing wire-speed accessto these centralized resources.

While routing will be the primary methodfor inter-VLAN communication for some time,it is not the only method. Transcend VLANs

also enables end-stations(usually servers) to be

members of more than oneVLAN, effectively pro-viding an application-layergateway between VLANs.

As the TranscendVLANs solution movesforward, membership in agiven VLAN will becomeless a static designation andmore a dynamic one. This

membership can be governed either by theswitch or, eventually, by the desktop/ NICdriver. As VLANs become more dynamic, theneed for routing inter-VLAN traffic will dis-appear; if an application calls for two or moreend-stations to communicate for a period of time, they are simply placed in the sameVLAN (the switch-governed model), or theyjoin the same VLAN (the desktop/NICdriver-governed model) for the required periodof time.


A s t h eTranscendVLA Ns solut ionmoves fo rward ,mem bership in agiven VLA N w illbecom e less astatic desig-nat ion and morea dynamic one .


7/18

Transcend VLANs SolutionsAfter considering the issues outlined aboveand determining how VLANs should bedeployed in their network, customers need toselect a VLAN solution that will cost-effec-tively deliver the benefits that VLANs canprovide. Transcend VLANs offers an array of benefits which, unlike many vendors VLANsolutions, are delivered without sacrificing theperformance enhancement upon which thedeployment of switching is largely based. (Ithas repeatedly been demonstrated in the net-working industry that customers generally donot accept a two steps forward, one stepback improvement.) Transcend VLANsdelivers value to the customer in seven keyareas:

Reduction of the cost of administering moves andchanges

More cost-effectivebroadcast containmentthan routers

Support for multimediaapplications and efficientmulticast control

Enhanced security Automation of network

administration and man-agement Reduced need for routing More effective network

monitoring

Reducing the Cost of Administering Movesand Changes Deployment of Transcend VLANs will savecustomers significant amounts of money byreducing the resources required for adminis-tration of moves and changes in the network.

Even when using what might seem to be themost labor-intensive method of VLAN defi-nitionVLANs defined by port groupadministrators can use 3Coms TranscendVLAN Manager application (discussed later inthis paper) to update a users VLAN mem-bership by a simple drag-and-drop process.Thus, Transcend VLAN Manager givesnetwork administrators a superior capacity tomanage virtual connectivity separate from

physical connectivity and to map back andforth between the two. It is this mappingability that so many customers have declared arequirement before they will deploy VLANs intheir networks. 3Com has successfullydelivered this capability at prices as low as$200 per switch port in its SuperStack

workgroup switches.For customers with large numbers of IP

users, 3Coms LANplex High-Functionswitches support VLANs defined by IPaddress. Relative to other protocols, it is IPthat causes much of the time-consuminghassle of administering moves and changes.Normally, IP requires the network adminis-trator to physically go to the users work-station and reconfigure that users IP address

after a move. By definingVLANs by IP address, auser who moves from onephysical location to anothercould remain in his or herVLAN (in the case of IP,the term virtual subnet issometimes used in place of virtual LAN) withouthaving to update the work-stations IP address.

VLANs defined by IPaddress also eliminate thenotoriously difficult processof reconfiguring routertables. For further flexi-

bility, 3Com allows multiple virtual IPsubnets to coexist on a single physicalsegment, a technique called multinetting.Multinetting enables administrators tomaintain logical groups of users without theconstraint of physical location.

For customers who are moving rapidly toa pure private LAN switching architecture(that is, one user per switch port), the limi-tations of VLANs defined by MAC-layeraddress in a shared media network envi-ronment (for example, multiple broadcastsover the same physical segment) becomemoot. Indeed, for many of these customers,deploying VLANs defined by MAC-layeraddress becomes a particularly attractivesolution.


TranscendVLANs archi-

tec ture w illsupport a l llevels of auto-mated conf igu-rat ion and cana llo w n e t w o r k adminis t ra tors

to set po lic ie sgoverning how

the netw o rk reconfiguresit se lf w hen ause r moves .


8/18

With VLANs defined by MAC-layeraddress, VLAN membership stays with theuser no matter where he or she moves on thenetwork, since the MAC address is hard-wiredinto the NIC. In this way, initial configuration,as well as moves and changes, can beautomated. Transcend VLAN Manager alsoenables the network administrator to manuallychange a users VLAN membership when nec-essary, such as when an employee transfersfrom one department to another.

As the customers need for automation of moves and changes increases, 3Com deliversthe functionality to meet that need. As men-tioned before, Transcend VLANs will supportall levels of automated configuration and canallow network administrators to set policies

governing how the network reconfigures itself when a user moves.

More Cost-Effective BroadcastContainment Than Routers One of the major reasons for deployingVLANs is to reduce an organizations relianceon routers for broadcast containment. Whilerouting will still retain important roles in thenetwork, broadcast containment is handledmuch more cost effectively by VLANsswitches are simply much less expensive thanrouters on a per-port basis. Furthermore,router-based solutions tend to be far morecomplex and time consuming to configure.Network administrators will find that 3ComsTranscend VLAN Manager application is aneasier way to define VLANs than using routersto define broadcast domains.

Many customers may wish to replicate themultiprotocol broadcast domains of theirexisting router-based infrastructures. For thispurpose, LANplex High-Function switches

also support defining VLANs by protocol(such as IPX , DECnet , NetBIOS, etc.). Thisability can prove particularly useful for largermultiprotocol environments implementing amore gradual migration toward VLANs.Defining VLANs by protocol also allows alogical end-station to be a member of morethan one VLAN (the same MAC addressresides in two different network protocolVLANs). Multiple VLAN membership is an

effective way to deploy centralized network sources (such as e-mail or internal Webservers) without resorting to routing in order toconnect them to all of the VLANs in thenetwork. In this way, these centralizedresources can truly support all users equallythroughout the campus environment.

Supporting Multimedia Applicationsand Efficient Multicast Control Customers are increasingly interested indeploying multimedia applications that featurepoint-to-multipoint communication, such asvideo conferencing, video-based training, andnews video feeds. These applications relyheavily on multicast (as opposed to unicast orbroadcast) transmissions, particularly IP mul-

ticast. Without an effective mechanism forcontrolling this multicast traffic, increaseddeployment and utilization of these appli-cations will flood switched networks andseverely degrade overall performance(Figure 2).

In order to prevent a network meltdown,organizations might be forced to dedicate onlycertain workstations to these applications,forcing manual switch configuration whenthese dedicated workstations change and gen-erally preventing these applications from beingfreely accessed across the network. Anothersolution to the multicast support problementails distributing routing functionality toevery workgroup switch in the network. This isan unnecessary and expensive deployment of


Figure 2. M ulticast Traffic Floods Switched Netw orks

High-speedbackbone

10 Mbps


9/18

routing functionality and defeats one of thebenefits of implementing VLANs: reducingthe amount of routing in the network.

Transcend VLANs takes a differentandsuperiorapproach to the problem of mul-ticast control. The 3Com solution offers twomethods for distributed control of multicastswithout heavy reliance on routing. The firstmethod enables the switch itself to defineAutoCast VLANs based on multicastgroups. The technique used in switch-basedAutoCast VLANs is called Internet GroupManagement Protocol (IGMP) snooping. Itoperates by having the switch observe user-ini-tiated requests to belong to a particular IP mul-ticast group (for example, a video-basedtraining session). The switch then dynamically

defines IP multicast groups based on thoserequests, forwarding the multicast traffic onlyto those ports with participating users andblocking it on all other ports.

The second methodgoes one step further in dis-tributing the intelligencenecessary for multicastcontrol by allowing theNIC driver in the usersworkstation to control the

multicast filters of theswitch port to which it isattached. The driver simplyinitiates a message from theNIC to the switch, tellingthe switch whether or not toforward a particular mul-ticast on that port. Thismethod has advantagesover IGMP snooping in thatit supports all multicast traffic (not just IPmulticasts), and it leverages the processingpower in the workstation CPU, enablingdeployment of simple workgroup switches.However, this method is optimized for anarchitecture based on a single user per switchport and requires upgraded NIC drivers. 3Comwill offer both methods of multicast control inorder to best meet diverse customer needs.

One of the benefits of 3Coms way of sup-porting multicasts is that the routing func-tionality needed to handle multicast traffic (for

example, calculation of multicast route deliverypaths and multicast packet forwarding) can beleft in LAN backbone devices. This eliminatesthe complex and expensive deployment of routing at the workgroup level.

Either method of supporting VLANsdefined by multicast groups enables VLANs tobe configured dynamically to support mul-timedia applications for an arbitrary number of users over a specific time framefor example,the duration of a video conference. An addedbenefit of this dynamic autoconfiguration of VLANs is that it requires no intervention onthe part of the network administrator, makingmore time available for the delivery of newnetwork applications.

Enhancing Security One of the critically important but often over-looked benefits of VLANs is enhanced net-work security. 3Com realizes the increasingimportance of security considerations, partic-

ularly as corporate Internetconnectivity and intranetapplications become morewidespread. The TranscendVLANs architecture enablesan organization to enhancenetwork security withoutresorting to separatephysical connectivity orextensive use of morecomplex, more expensive,router-based firewallingtechniques. By definingaccess to network servicesusing Transcend VLANs,network administrators canexert a high level of security

control while maintaining a common network

infrastructure.In order to allow administrators to define

even stricter access to servers containing par-ticularly sensitive information such as financialor personnel information, Transcend VLANscan be defined by port or MAC-layer address.When used in combination with architecturesfeaturing a single user per switch port, thisability becomes an especially powerfuldeterrent to unauthorized access. In this con-


The rout ing f unc t io na lit y necessa ry tohandle mul-

t ic as t t ra f f iccan be lef t inL A N b a c k b o n edevices , e l im i-nat ing thecomplex andexpensivedep loyment o f rout ing a t the

w o rk gro uplevel.


10/18

figuration, unauthorized users have no physicalway of listening to traffic belonging toVLANs of which they are not a member,because that traffic never traverses theirsegment.

In addition, Transcend VLANs enablesnetwork administrators to cordon off devel-opment groups running sen-sitive, experimental, and/orrisky applications that couldnegatively affect per-formance for other users inthe same subnet. At thesame time, these appli-cations can share the samebackbone with other users,leveraging the customers

investment in network infra-structure.

As organizations movetoward fully automated,policy-based VLANstructures, network administrators will be ableto define access to services with an extremelyhigh degree of precision, establishing specificcriteria to be set all the way down to the indi-vidual user level or even time of day. This typeof VLAN structure has the added benefit of

enabling accurate, automatic tracking of billing/chargeback for network services.

Automation of Network Administrationand Management A concern of many network administratorswhen implementing VLANs is the trade-off between greater ease in administering movesand changes and more complexity in otherareas of network management and configu-ration. This problem is due to several issuesthat arise when implementing VLANs:

An additional layer of virtual connectivityon top of physical connectivity makestroubleshooting more difficult.

Maintaining VLAN information acrossnumerous switches in an ever-changingenvironment can become burdensome andtime consuming.

VLANs can complicate traffic analysis forthe optimization of server placement andoverall network performance.

Because the potential benefits of VLANsmay be reduced by these problems, powerful,easy-to-use, and flexible VLAN managementsoftware is essential for deploying VLANs inenterprise networks.

3Com has developed an intuitive, graphicalVLAN management platform, Transcend

VLAN Manager, that elim-inates the potential pitfalls of managing VLANs.Transcend VLAN Managerenables the network admin-istrator to easily view virtualas well as physical connec-tivity at multiple levels. Inaddition, Transcend VLANManager includes both ATM

and non-ATM attacheddevices, consolidating man-agement of VLANs andemulated LANs (ELANs).This is an essential feature

for any customer deploying VLANs in con- junction with an ATM backbone.

With Transcend VLAN Manager, controlof VLAN membership for all users in thenetwork resides at a single console. VLANmembership can be manually established by

simply dragging and dropping users work-station icons into the desired VLAN. Of course, as mentioned earlier, TranscendVLAN Manager supports various methods of automated VLAN configuration as well.

In order to facilitate ongoing network optimization in growing environments,Transcend Traf fix Manager correlates thenetwork traffic data across the switches partici-pating in a given VLAN. This enables network administrators to view detailed network trafficstatistics, including a breakdown of inter- andintra-VLAN packets as well as a breakdown of packets by application. This level of infor-mation is extremely useful for determiningoptimal placement of routing and frequentlyaccessed servers. The network managementfeatures in Transcend VLANs actually makeoverall network management easier, less timeconsuming, and more effective than instandard networks governed by physical con-nectivity alone.


As organizationsmove tow ard

f ully aut om ated,policy-basedVLAN struc-

ture s, netw o rk administrators

w ill be able todef ine acc ess to

services w ith anextremely highdegree of pre-cision.


11/18

Reduced Need for Routing Since much of the functionality of LANrouters, especially broadcast and multicastcontainment, can be more effectivelyhandled by VLANs, the overall need forrouting in the network is reduced bydeploying Transcend VLANs. As mentionedearlier, reducing routing in the network becomes particularly important in enablingubiquitous access to centralized network resources such as e-mail servers, internalWeb servers, and centralized databaseservers. By configuring these servers asmembers of multipleVLANs, routing is nolonger necessary toprovide connectivity

between these resourcesand most or all usersthroughout the network. Inthis way, the LAN routeror one-armed ATM-attached router is nolonger the bottleneck in anotherwise high-per-formance network.

Transcend VLANssupports multiple VLANson a network server inseveral ways. In envi-ronments that havedeployed ATM backbones,Transcend VLANs leverages LANEscapacity to support multiple emulated LANs,and thus multiple VLANs, on a single ATMNIC (similar multiple VLAN capability willbe available in 1997 for Fast Ethernetattached servers). By enabling multipleVLAN access to an ATM-attached server viaLANE, Transcend VLANs allows thecustomer to purchase simpler, lower-costedge switches. 3Coms high-performance,low-cost SuperStack switches are ideal inthis role of providing ATM access toEthernet LANs.

As mentioned previously, TranscendVLANs supports IP multicast groups asVLANs, eliminating the need to deploycomplex routing to every switch port just toprovide efficient control of multicast traffic.

More Effective Network MonitoringThrough dRMON and RMON2 In order to fully enable the network man-agement features detailed above and toexpand those features in the future, aVLAN/switching solution must provide foran efficient and cost-effective mechanismfor collecting and reporting network trafficstatistics. In a network moving toward asingle user per switch port, centralizingRMON agents at the switch becomes aninefficient and costly method of collectingnetwork traffic data. 3Coms solution to theproblem of traffic data collection in a private

switched LAN envi-ronment is to distributethis functionality to the

workstation using dis-tributed RMON, ordRMON. Once again, thisleverages the processingpower at the workstationand enables workgroupswitches to delivermaximum performance atlower cost.

Network adapters in aprivate switched LAN envi-ronment can easily collectRMON statistics regardingtraffic in their segments, aseach is the only attached

device in that segment. SmartAgent intel-ligent agents periodically collect this infor-mation and Transcend Enterprise Managerand Transcend Traf fix Manager tools cor-relate it for analysis. With the emergence of RMON2, much richer, application-relatedtraffic information can also be collected,analyzed, and viewed, enabling optimal con-

figuration of Transcend VLANs.

Transcend VLANs Delivery Roadmap3Com is delivering Transcend VLANs inthree broad phases. While these phases aredescribed here as separate and discrete, therewill be overlap in the delivery of some of these capabilities across 3Coms switchingproduct family.


The ne twork

m a n a g e m e n t f ea ture s inTranscendVLANs actual ly mak e overa lln e tw o r k m a n -agement easier,less t ime-con-suming, andm o r e e f f e c t iv e

than in s t andardn e t w o r k sgoverned by phys ica l c on-nect ivi ty a lone.


12/18

Phase 1: Port-Based VLANs withGraphical Management Phase 1 of Transcend VLANs simplifiesnetwork moves and changes and improvesserver access. Unlike other vendors solutions,this functionality is available on even ourlowest-priced switches. Most of the func-tionality delivered under Phase 1 is alreadyshipping today; complete support will bedelivered by the end of 1996.

Multiple VLANs within a single switch.From the outset, Transcend VLANs allowsthe network administratorto configure multipleVLANs in a singleswitch, on any 3Com

switching platform.

VLANs across multipleswitches. TranscendVLANs supports threeways of communicatingVLAN membership infor-mation across multipleswitches (these methodswere described in Building VLANs: FourCritical Issues, earlier in this paper): Via the ATM Forums LAN Emulation

standard for environments with ATMbackbones

Via 3Coms Virtual LAN Trunking (VLT)frame-tagging technique

Implicitly via the network-layer address orprotocol information across LANplexHigh-Function switchesPhase 2 will add support for the 802.1Q

tagging standard to these techniques.

Multiple VLAN support in server NICs. In

order to facilitate the deployment of appli-cations that can be accessed by all users onthe network while avoiding router bottle-necks, Transcend VLANs provides theability to make servers members of morethan one VLAN. This can be done for ATM-attached servers by configuring multipleLAN Emulation clients on a single NIC. Itcan be done for FDDI- or Fast Ethernetattached servers using TCP/IP for those

server operating systems that support multi-nettingthe ability to support multipleTCP/IP subnets on a single physical LANinterface. It can be done for Fast Ethernetattached servers via VLT support in the3Com server NIC and driver. For FastEthernetattached servers, Phase 2 will addsupport for the 802.1Q tagging standard tothese techniques.

Graphical VLAN management application.Transcend VLAN Manager enables the

network administrator tomanage the virtual as wellas the physical connec-tivity in the network forboth ATM- and non-

ATM-attached devicesfrom a single man-agement console. Movesand changes are accom-plished by dragging anddropping icons within aneasy-to-use graphicalinterface.

Graphical traffic monitoring and analysisapplication. Transcend Traf fix Manager

provides customers with the necessary toolsfor optimizing network configuration andtraffic flow in a VLAN environment. Theseare the industrys first RMON2-basedVLAN monitoring tools; they provideservice views of the network with trafficflows to graphically depict the inter- andintra-VLAN traffic.

Phase 2: Autoconfigured VLANs Phase 2 of Transcend VLANs will enable cus-tomers to reduce the use of LAN routers,

simplify switch configuration, and introducestandards-based multivendor interoperability.Together with technologies such as PACE,Transcend VLANs enables 3Com to deliversuperior multimedia solutions. Phase 2 func-tionality will be delivered during 1996 and1997.

User-based VLANs. User-based or MAC-address-based VLANs enable VLANs to be


3C oms so lut ion to the pro b le mof t r aff i c da ta

co l lect ion in aprivateswi tched LANenvironm ent is

to dis t ributeRMON func -

t io nalit y to the w o rk sta t io n.


13/18

defined based on administrator-defined col-lections of users, rather than only by groupsof switch ports. This enables a high degreeof independence and flexibility for users,while at the same time enhancing thenetwork administrators ability to controland manage the network.

Automatic VLAN configuration. Phase 2 of Transcend VLANs delivery will feature agreater degree of automation of VLAN con-figuration. As user moves and changes aremade in the network, VLAN membershipmoves automatically with the user, whetherinitial VLAN membership was based on theswitch port the user was attached to, or wasset up by an administrator-defined, user-

based VLAN. VLAN membership can befully automated via IP address or protocolinformation.

AutoCast VLANs. Another major element of this greater level of automation is theAutoCast VLAN capability. DefiningVLANs by IP multicast group throughIGMP snooping allows the deployment of multimedia/video applications, withoutrequiring routing or layer 3 switching to

be enabled and configured on every switchport in the network. AutoCast VLANs aredynamic and fully automatic, and provideefficient multicast control without the bur-densome configuration complexity of routing.

Support for the 802.1Q VLAN standard.Once the 802.1Q VLAN standard isfinalized in late 1996 or early 1997, 3Comswitching and adapter products will supportthis standard, as well as its own VLTmechanism. This will allow 3Com switchesto communicate VLAN membership infor-mation in a multivendor environment. It willalso allow multiple VLAN support in serverNICs via standard 802.1Q tagging.

Phase 3: Desktop-Configured VLANs Phase 3 is where the network becomessomewhat analogous to a two-way, high-speedcable TV network or subscription service. By

fully leveraging the processing power at thedesktop, VLANs and VLAN membership areno longer static or semi-static designations, butare dynamic, with the virtual structure of thenetwork responding in accordance with theusers demand for services. As VLANsbecome completely dynamic designations,external LAN routing between VLANs ulti-mately becomes unnecessary. Phase 3 func-tionality will begin shipping in 1997.

802.1p supportVLANs defined by mul-ticast group through the NIC driver. Thismethod of dynamically configuring mul-ticast VLANs will provide several powerfulbenefits: Multicast VLANs are no longer limited to

just IP. The aggregate processing power of the

desktop is leveraged. Multicast VLANs can be supported on

simpler, lower-cost switches.

Desktop-configured, cut-through VLANs.Phase 3 will deliver the ability forusers/desktops to dynamically join and leaveVLANs. Further, the ability to performzero-hop routing will allow desktops that

reside on different subnets to communicatewith the same efficiency and performance asif they were both part of the same subnet.Administrative control, however, will bemaintained as if they were connected to dif-ferent subnets. This ability eliminates thenecessity for external routing betweendiscrete VLANs and allows stations tosimply cut through and communicateacross VLANs at will, while still usinglower-cost, relatively simple edge switches.

Policy-based VLANs. While much of theintelligence necessary for dynamic VLANconfiguration becomes distributed underPhase 3, network administrators actuallyexert a greater degree of automated controlby being able to set policies governingaccess to network resources. Policy-basedVLANs not only allow the implementationof very specific parameters controllingnetwork access and quality of service, but



14/18

also further reduce the time required toenforce proper network security.

It is in this third phase of migration thatwe see the complete fulfillment of theTranscend VLANs mission: a top-down, appli-cation-driven solution, enabling the transparentdelivery of services to the user on demand(Figure 3). Transcend VLANs ultimately elim-inates the use of LAN routers, while providingfull scalability and full configuration flexi-bility. 3Com is in a unique position to leveragethe power of the desktop for maximum per-formance, scaling, and ease.

ConclusionVLANs represent an extraordinary techno-logical step toward eliminating many of theburdens of maintaining the network infra-

structure and providing a substantial boost inthe ability to deliver network applications andservices. However, due to the impact that fullVLAN implementation will have on theenterpriseboth in terms of network archi-tecture and managerial organization, and insome cases even the business modelasmooth, well-constructed migration path iscritical. On the other hand, even the initialmigration steps toward full implementation of virtual LANs, if deployed properly, can bringsubstantial benefits without additional costs orcompromises in performance or manageability.Transcend VLANs satisfies these demands andrepresents the solution of choice for customersimplementing VLANs.


Figure 3. Application-Driven VLANs

A T M o r LA N

c o r e b a c k b

o n e


15/18



16/18



17/18


18/18

1996 3Com Corporation. All rights reserved. 3Com is a publicly ownedcorporation (NADAQ>COMS). 3Com, LANplex, and Transcend are regis-tered trademarks of 3Com Corporation. PACE, SmartAgent, andSuperStack are trademarks of 3Com Corporation. Other brand and prod-uct names may be trademarks or registered trademarks of their respec-tive owners.

All specifications are subject to change without notice.

Printed in U.S.A. 600206-001 Printed on Recycled Paper

E

3Com CorporationP.O. Box 581455400 Bayfront PlazaSanta Clara, CA 95052-8145Phone: 800-NET-3Comor 408-764-5000

3Com ANZAANZAEast Phone: 61 2 9937 5000Fax: 61 2 9956 6247

ANZAWest Phone: 61 3 9653 9515Fax: 61 3 9653 9505

3Com Asia LimitedBeijing Phone: 8610 849 2568Fax: 8610 849 2789

Shanghai Phone: 86 21 3740220Fax: 86 21 3552079

Hong Kong Phone: 852 2501 1111Fax: 852 2537 1149

Indonesia Phone: 6221 523 9181Fax: 6221 523 9156

Korea Phone: 822 319 4711Fax: 822 319 4710

Malaysia Phone: 60 3 233 6162Fax: 60 3 233 6174

Singapore

Phone: 86 21 6374 0220Fax: 86 21 6355 2079

Taiwan Phone: 886 2 377 5850Fax: 886 2 377 5860

3Com BelgiumPhone: 32 2 7164880Fax: 32 2 7164780

3Com Benelux B.V.Netherlands Phone: 31 30 6029700Fax: 31 30 6029777

3Com Canada Inc.Phone: 416-498-3266Fax: 416-498-1262

3Com European HQPhone: 44 1628 897000Fax: 44 1628 897041

3Com FrancePhone: 33 1 69 86 68 00Fax: 33 1 69 07 11 54

3Com GmbH (Germany)Phone: 49 89 627320Fax: 49 89 62732233

Poland Phone: 48 22 645 1351Fax: 48 22 645 1352

Switzerland

Phone: 41 31 9984555Fax: 41 31 9984550

3ComIrelandPhone: 353 1 820 7077Fax: 353 1 820 7107

3Com J apanPhone: 81 3 3345 7251Fax: 81 3 3345 7261

3Com Latin AmericaU.S. Headquarters Phone: 408-764-6075Fax: 408-764-5730

Argentina Phone: 541 815 7164Fax: 541 815 7165

Brazil

Phone: 55 11 546 0869Fax: 55 11 246 6813

Chile Phone: 562 633 9242Fax: 562 633 8935

Columbia Phone: 571 218 3933Fax: 571 226 9770

Mexico Phone: 525 520 7841Fax: 525 520 7837

Northern Latin America Phone: 305-261-3266Fax: 305-261-4901

Venezuela Phone: 582 261 0710Fax: 582 261 5257

3Com LtdScotland Phone: 0131 220 8228Fax: 0131 226 1410

3Com MediterraneoMilano, Italy Phone: 39 2 253 011Fax: 39 2 273 04244

Rome, Italy Phone: 39 6 5917756Fax: 39 6 5918969

Spain Phone: 34 1 3831700Fax: 34 1 3831703

3Com Middle East United Arab Emirates Phone: 971 4 349049Fax: 971 4 349803

New Delhi, India Phone: 91 11 683 5070Fax: 91 11 683 4662

3Com Nordic ABPhone: 46 8 632 91 00Fax: 46 8 632 09 05

3Com South AfricaPhone: 27 11 807 4397Fax: 27 11 803 7405

3Com UK Ltd.Buckinghamshire Phone: 44 1628 897000Fax: 44 1628 897003

Manchester Phone: 44 161 873 7717Fax: 44 161 873 8053

Edinburgh, Scotland Phone: 01 31 220 8228Fax: 01 31 226 1410

3Com Transcend VLANs Leveraging Virtual LAN Technology to Make Networking Easier

Documents

Transcript of 3Com Transcend VLANs Leveraging Virtual LAN Technology to Make Networking Easier