What is a VLAN and how does it work?

A quick overview of VLANs, and how they help network admins isolate traffic using software divisions.

What is a Virtual Local Area Network (VLAN)?

Much like virtualization allows us to logically divide hardware, a Virtual Local Area Network (VLAN) splits network traffic into logical groups. Typically, you would use VLANs to separate traffic in a local area, like an office with an internal server.

CDNs and data centers handle more traffic than most internal networks and divide this traffic into logical groups. VLANs are not big enough at these large scales so Virtual Extensible Local Area Networks (VXLAN) are used to achieve a similar effect. This article will not cover VXLANs, but you can read more about them in the related articles section.

How does a VLAN work?

A local area network consists of any group of two or more linked computers. While a typical home network does not need a VLAN, offices typically use VLANs to create virtual divisions, instead of adding additional switches and routers to the network.

VLANs are created by logically dividing network traffic by type or office department.

VLANs use software to tag, sort, and direct network traffic like a physical device. Through VLAN tagging, specified in the IEEE 802.1Q protocol, packets assigned to a VLAN receive a special tag called a VLAN ID. This VLAN ID helps direct traffic based on the network configuration.

However, VLANs are still limited by physical hardware such as a switch.

VLAN Tagging

The IEEE 802.1Q standard includes requirements for VLAN tagging. VLANs are implemented on the data link layer of the OSI model, usually controlled by physical hardware such as a switch.

When a network transmission is sent over a VLAN, the Ethernet frame contains a 4-byte VLAN tag after the source address. The VLAN ID is 12 bits, which only supports up to 4096 VLANs.

Why to use a VLAN

VLANs have a few major benefits:

Cost reduction: VLANs reduce costs compared to purchasing more physical equipment. They also reduce the number of points where physical hardware can fail.

Improved efficiency: VLANs reduce network traffic. By setting VLAN rules, we can group similar types of traffic and reduce network congestion.

Enhanced security: VLANs can isolate sensitive data from other data. This follows the principle of least access, meaning that no device, or user, can access more than they need.

Scalability: VLANs make large networks easier to manage and are fairly easy to set up. The 4096 VLAN limit is more than a regular office will ever need, but not for a high-traffic web content distributor.

Why use a VLAN

In a home or office network, a VLAN can separate network devices. For example, you can isolate insecure Internet of Things (IoT) devices from computers that have secure data. VLANs can also separate guest and private networks, or different departments in a single office setup.

What if I need more than 4096 VLANs?

A CDN network manages potentially millions of websites with traffic that must be separated. That is where a VXLAN comes in. A VXLAN is similar to a VLAN but operates on a larger scale. A VXLAN has a larger VXLAN Network Identifier (VNI) and supports more divisions, so it is useful for data centers and CDNs, which handle much more traffic than an office.

Did you find this article helpful?

0 out of 0 Bunnies found this article helpful

Glossary

Virtual Local Area Networks are a logical division used to isolate network traffic.

VLAN

Prove your Knowledge.
Earn a bunny diploma.

Test your knowledge in our Junior and Master Quizes to see where you stand. Prove your mastery by getting A+ and recieving a diploma.

Start the QuizBunny with a diploma.