Virtual LANs ease administrative burdens

Local-area networks have grown larger more complicated and more dispersed since they were introduced in the 1980s. These changes fueled a desire among network administrators at government agencies for simpler administration. Virtual LANs (VLANs) offer such a possibility. VLAN a software feature available in LAN switches eliminates much of the hassle of administrating large and growing networks. That is because VLAN makes it possible to reconfigure a network through the VLAN software rather than going out and rewiring the hardware.

By buying VLAN-enabled equipment organizations can divide a large network into a number of different segments but still treat the network as a cohesive whole.

For example in a traditional network if a user moved his office from a LAN on one network segment to a second segment the administrator would have to treat the person as a new user and set up new routing and addressing information.

If the network equipment supports VLAN the administrator can take care of the change through the software. In large agencies such changes are common so a central administrator often spends a great deal of time entering mundane network address data.

Many major switch vendors have introduced VLAN-enabled products with new products in the works that address current limitations of the technology.

Slow Adoption Rate

However despite its benefits the number of agencies now working with VLANs is small vendors said."Because the technology is relatively new a small percent of our customers - I would estimate less than 10 percent - have adopted VLANs " said Dan Kent a systems engineer with Bay Networks Inc.' s Federal Division Alexandria Va.

The National Library of Medicine (NLM) part of the National Institutes of Health is one agency that has made the switch. Sharon Gagnon a senior network engineer at the library said the agency was having difficulty managing its LAN segments which support about 1 000 users. Also bottlenecks were arising on the network and the agency wanted to upgrade from 10 megabits/sec Ethernet to 100 megabits/sec Ethernet in a few locations.

The agency examined LAN switches from Cisco Systems Inc. San Jose Calif. and Xylan Corp. Calabasas Calif. Gagnon said the organization selected Cisco's 5500 switch because it could be connected easily to Cisco routers already on the network. Another plus was that the switch supported Apple Computer Inc.'s AppleTalk protocol the agency has many Macintosh users.

This last feature is important because many VLANs work with a limited number of interfaces. Most switches were designed for Transmission Control Protocol/Internet Protocol but support for other protocols - AppleTalk IBM Corp.'s NetBIOS Digital Equipment Corp.'s DECnet and Novell Inc.'s Integrated Packet Exchange - is less common.

Another issue is that large agencies often work with a variety of LANs: Asynchronous Transfer Mode (ATM) Ethernet token ring and Fiber Distributed Data Interface. Many virtual networking schemes operate on one specific type of network so an agency may be able to connect its Ethernet LANs into a virtual network but then would have to leave out any ATM and token-ring connections.

The NLM encountered no such limitations with the Cisco switch which was installed in July. Also the agency found the initial VLAN setup straightforward so now the library's network administrators spend less time making network additions and changes.

A network upgrade also led to VLAN deployment at the Marine Corps Logistics Base Albany Ga. In the fall of 1996 the agency wanted to upgrade its desktop connections from shared Ethernet where groups of users work with one 10 megabits/sec Ethernet pipe to switched Ethernet where each user has his own 10 megabits/sec Ethernet connection.

In making the change the agency which supports 4 000 users divided into 254 LAN segments also wanted to ease administration.

"Each month there are 50 to 100 network changes so we wanted a product that could help cut our administrative chores " said Sgt. Donald Slade a network administrator at the Marine base. The agency relied on Cabletron Systems Inc. Rochester N.H. for its network equipment and examined VLAN features available with the firm's Fast Ethernet switches. In March 1997 the agency upgraded one group of 200 users to Cabletron's MMAC Plus switch.

"Now when a user moves he plugs his computer into the network [and] the switch recognizes who he is and updates the addressing tables " Slade said. The Marines plan to move the rest of their users to VLANs by the end of the year.

No VLAN Utopia

While Cabletron's VLAN eased the Marines' administrative burden it still falls short of a Utopian solution. Vendors have different options for implementing VLANs. Cabletron relies on routers to move information from one LAN segment to a second Slade would prefer that the LAN switch perform that function.

Craig Johnson an industry analyst with Current Analysis Inc. a Sterling Va. consulting company said early LAN equipment such as wiring hubs was not designed to support VLANs.

To ensure compatibility with such equipment established network equipment vendors Bay Networks Inc. Billerica Mass. Cabletron and Cisco adopted VLAN techniques that may not be as elegant as users desire. Consequently users find that different vendors' VLAN products offer varying degrees of automation.

In some cases a series of LAN segments looks like one big LAN but still acts like a number of autonomous networks. In more sophisticated products a series of LANs function like one network and each change is automatically relayed throughout the network without any network administrator intervention. Sorting through the vendor hyperbole can be difficult.

"Because vendors have twisted the term VLAN to meet their product features rather than stick with a consistent definition for the technology a lot of users now are confused about what VLAN capabilities offer them " Johnson said.

In fact most VLANs fall short of vendors' claims and require some operator intervention users and analysts said. Much of the work involves the initial setup of a virtual network.

Network administrators first must determine how information flows over their networks so that they can group employees who exchange a lot of data on the same LAN. Making such a determination requires collecting comprehensive network performance data. Because most switch products offer only limited insights into network traffic patterns network administrators may have to build tools and gather such information themselves.

Once they have that data administrators often find the initial VLAN setup tedious they may spend as much as 30 seconds to set up a connection for one user. In a large agency with thousands of employees the setup process can be overwhelming.

Newer networking companies have started with a clean slate in building their VLAN switches and those companies tend to offer users more automation than established suppliers industry observers said. For instance Agile Networks Inc. Boxboro Mass. and Xylan have relied on VLAN features to grow their businesses.

One Xylan customer is the Navy which decided to upgrade the computer and networking capabilities on its 300-ship fleet at the end of 1996. As part of the project dubbed Information Technology for the 21st Century (IT-21) the Navy in the spring of 1997 examined LAN switches from Cabletron Cisco Fore Systems Inc. Pittsburgh and Xylan.

Chris Hansen a program manager with the IT-21 project in San Diego was impressed with the VLAN flexibility offered in Xylan's OmniSwitch. "With the product we can set up classified secure LANs as well as ones open to all users " Hansen said. The Navy began upgrading its networks in the summer finished the process for two ships and plans to complete two battle groups by June 1998.

While the Navy's Hansen is content with the basic features of VLANs he said vendors currently rely on proprietary VLAN protocols. Consequently a firm with different suppliers' switches has to operate separate networks rather than one integrated system.

In March 1996 the Institute of Electrical and Electronics Engineers started to work on two specifications that would connect different suppliers' virtual networking equipment. The 802.1P specification outlines how switches should prioritize packets flowing over a network the 802.1Q specifies what type of messaging information should be included in each packet.

However while the first take on the specifications did a good job of defining how to move information from one vendor's VLAN switch to another vendor's product the specification left areas where more work is needed. For instance vendors need to develop management agent software that automatically collects VLAN performance info and automates more net functions.

A 3Com Corp. spokesperson said the initial work offers a good base of functions. Currently suppliers identify LAN users and ports in unique ways the specification will provide a common nomenclature.

Marsha Malone director of government business development for Cabletron said the current standards initiatives will take care of the interoperability problems users may experience today. Standardization is important with VLANs because they tend to be part of the enterprise environment where interoperability is a must. "The requirement for standards is stronger today than it has ever been " Malone said.

Vendors are moving to address such limitations. Current Analysis' Johnson said "Not every switch vendor includes as much VLAN functionality as users desire but every one does at least have a strategy outlining how they will add new features."

As vendors enhance product features user interest in VLANs should rise. "VLAN features appeal to large government agencies that have a lot of network changes " Bay Networks' Kent said. "About one-third of our customers are interested in the technology. I expect that number to rise to as much as 50 percent but I don't expect it to be a feature with universal appeal."

-- Korzeniowski is a free-lance writer in Sudbury Mass. who specializes in networking issues.

* * * * *

At A Glance

Status: Many LAN equipment vendors now support VLANs although some technical shortcomings have limited the market.

Issues: A lack of standards creates interoperability problems for agencies that use equipment from multiple vendors. Also VLAN products typically support only a limited number of network protocols.

Outlook: Very good. Vendors are addressing VLAN shortcomings which should make it possible for more users to benefit from the technology.


  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected