traffic node details

1. VLAN Review
Basic history
In the old days before switches and VLANs existed, Ethernet networks connected via hubs. Hubs placed all networked hosts onto a single ethernet segment. This was a bit like chaining each host to
One main limitation to hubs were that all hosts were on the same collision domain. This means that if two hosts transmitted at once, the data could ‘collide’, and have to be resent. Switches were in
Basic switches, called ‘unmanaged switches’ have only simple functionality. They have no configurable VLAN support. This means that all hosts on the switch are still part of the same broadcast dom
Managed switches allow for traffic separation by using VLANs. While managed switches are common today, unmanaged switches are still plentiful.
What VLANs Do
The primary function of a VLAN is to separate layer 2 traffic. Hosts in one VLAN cannot communicate with hosts in another VLAN without extra services. An example service is a router to pass packe
Of course, one way of achieving these goals would be to connect each group of hosts to their own switch. This is sometimes done for management traffic. Unfortunately, this gets cost prohibitive, w
One reason to put hosts in separate VLANs would be to limit the amount of broadcasts across the network. IPv4, for example, relies upon broadcasts. Separating these hosts will limit how far these
Another reason to separate hosts would be for security. Consider two examples. In a multitenant data centre, it is important that one customer’s data is not visible to another. Separating these out w
Another security case would be if an attacker uses a packet sniffer to capture network data. A mitigation strategy could be to create a ‘guest’ VLAN for anyone visiting the premises. Server-to-server
Assigning a host to a VLAN allows it to communicate with another host on the same VLAN. Switches can to pass VLAN traffic between each other, so hosts on a VLAN do not have to be on the same
How VLANs Work
Below is a normal ethernet frame. It consists of:
•Source and destination MAC addresses
•Type / Length field
•Payload (the data)
•Frame Check Sequence (FCS) for integrity
The frame has a four-byte VLAN tag added, which includes the VLAN ID. As shown below, the tag is right after the source MAC. The FCS is also removed during this stage.