Security Basics mailing list archives
RE: VLAN Question
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 21 Aug 2003 10:28:33 -0700
You made some comments about people not caring about VLAN leakage, and I don't disagree with those at all. It's only your assertion that the motivation for VLANs was to split up large switches that I disagree with, because it asserts an evolution from big switches to small that is at odds with such history as I can recall or find quickly, and an economics that flies in the face of the way switch technology scales to larger numbers of ports.
And if all VLANs did was allow your one big expensive switch to emulate a stack of cheap little switches, almost nobody would ever use them.VLANs were invented when there was no such thing as a "cheap little switch". Switches were very very expensive, and weren't sold in 4-port or 6-port sizes for small nets.
Switches started out as bridges, originally with only two ports and eventually with 4 or more. The datasheet for the 12-port Catalyst 2900 calls it "the first Fast Ethernet switch with a complete virtual LAN (VLAN) solution"; if you were running FE at that time, there apparently was no "big switch" solution. Switches weren't for providing collisionless ports for each desktop, but for joining several local repeated segments to a campus backbone.
Where partitioning of switches into VLANs starts to pay off is where you have (a) trunking of multiple VLANs from switch to switch, and (b) router blades for switch chasses, to route between VLANs.You're talking today.
"Up to 1000 VLANs can be maintained across switching and routing platforms through Fast Ethernet, CDDI/FDDI, and ATM connections. Any Fast Ethernet interface on the Catalyst 2900 series system can be configured as an Inter-Switch Link (ISL) to support multiple VLANs, and all VLANs support the IEEE 802.1d spanning-tree algorithm for fault-tolerant connections." -- from the same Catalyst 2900 datasheet Trunking was right there, an integral and necessary co-feature. Partitioning a switch into VLANs was not useful unless you could trunk those VLANs across to another switch somewhere else in your network.
I don't think there was ever a time when a chassis switch with four 12-port cards cost less than four separate 12-port switches.VLANs were crafted for the opposite case; after you bought your very expensive switch, you could have one LAN that used most of its ports, and the remainder could be allocated to other LANs, rather than being left empty.
<...>
VLANs were invented when there was no such thing as a "cheap little switch". Switches were very very expensive, and weren't sold in 4-port or 6-port sizes for small nets.
I'll agree that the "*cheap* little switch" is a modern phenomenon. But I contend that in the days when VLANs were invented, *big* switches were both extremely RARE, and significantly more expensive than providing equivalent capacity using small switches. And since switches were being used to distribute the campus backbone, putting all of your switch capacity in a single centralized box would have been wrong even if it didn't also cost more. Splitting up a large switch to emulate a bunch of small switches, just because you didn't buy small switches, is not a matter of small switches not having existed. The inherent economics of switch technology have never made this a sensible approach. David Gillett --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- VLAN Question Steven Williams (Aug 20)
- RE: VLAN Question David Gillett (Aug 20)
- Re: VLAN Question Bennett Todd (Aug 20)
- RE: VLAN Question David Gillett (Aug 21)
- Re: VLAN Question Bennett Todd (Aug 21)
- RE: VLAN Question David Gillett (Aug 21)
- RE: VLAN Question David Gillett (Aug 21)
- <Possible follow-ups>
- RE: VLAN Question Meidinger Chris (Aug 22)
- RE: VLAN Question David Gillett (Aug 25)