Local area networks (LANs) are used to facilitate communications between a number of users. Individual LAN's may be bridged together to allow a larger number of users to communicate amongst themselves. These bridged LAN's may be further interconnected with other bridged LAN's using routers to form even larger communications networks.
Prior art FIG. 1 depicts an exemplary interconnected bridged LAN system. The numerals 10, 20, 30, etc., are used to identify individual LAN's. Bridges between LAN's are designated by the numerals 5, 15, 25 and 35. A router between bridged LAN 100 and bridged LAN 200 is identified with the reference numeral 300. In the prior art bridged LAN system depicted, a user A is able to communicate with a user B without leaving the LAN 10. If user A desires to communicate with users C in LAN 20 or user D in LAN 30, the communication is transmitted via bridges 5 and/or 15.
If user A desires to communicate with user E, the communication must be routed via router 300 to bridged LAN 200. As will be understood in the art, bridges operate at layer 2 of the network model and transparently bridge two LANs. It is transparent to users A and C that communications between them are ported over bridge 5 because layer 2 bridges do not modify packets, except as necessary to comply with the type of destination LAN. However, if user A wishes to communicate with user E, the communication must be ported via router 300 which operates at level 3 of the network model. Accordingly, communications over routers flow at a slower rate than communications over a bridge, and are regulated by the routers.
Therefore, LAN network administrators generally attempt to connect together those users who frequently communicate with each other in bridged LAN's . However, if the bridged LAN becomes too large, it becomes unscaleable and may experience various well-known problems. Accordingly, routers are used to interconnect bridged LAN's so that the bridged LAN's themselves can be kept to an acceptable size. This results in delays in communications between users which are transmitted via the router 300. If, for example, in FIG. 1, user E and user A need to communicate frequently, it would be advantageous to interconnect LAN 10 and LAN 50 via a bridge rather than the router 300. This would require the rewiring of the system which is costly and may be impracticable under many circumstances, such as, if users A and E will only need to frequently communicate over a limited period of time.
Virtual LAN's (VLAN's) have recently been developed to address the deficiencies in interconnected bridged LAN systems of the type depicted in FIG. 1. VLAN's allow LAN's to be bridged in virtually any desired manner independent of physical topology with switches operating at layer 2. Hence, the switches are transparent to the user. Furthermore, the bridging of LAN's can be changed as desired without the need to rewire the network. Because members of one VLAN cannot communicate with the members of another VLAN, a fire wall is established to provide security which would not be obtainable in a hardwired LAN. Accordingly, the VLAN provides enhanced security over hardwired bridged LAN's.
For example, as shown in prior art FIG. 2, individual LAN's 10-90 are interconnected by layer 2 switches 5'-55'. A network management station (NMS) 290 controls the interconnection of the individual LAN's such that LAN's can be easily bridged to other LAN's on a long term or short term basis without the need to rewire the network. As depicted in FIG. 2, the NMS 290 has configured two VLAN's by instructing, e.g., programming, the switches 5'-35' and 55' such that LAN's 10-60 are bridged together to form VLAN 100' and LAN's 70-90 are bridged together by switches 45' and 55' to form VLAN 200'. This is possible because unlike the bridges 5-35 of FIG. 1 which include only two ports and are, accordingly, able to only transfer information from one LAN to another LAN, the switches 5'-55' are multiported and instructed by the NMS such that the network can be configured and reconfigured by simply changing the switch instructions.
As shown in FIG. 2, the switch 55' has been instructed to transmit communications from user A of LAN 10 to user E of LAN 50, since both users are configured within VLAN 100'. User A, however, is not allowed to communicate to with users H or F since these users are not configured within the VLAN 100' user group. This does not, however, prohibit users F and H, both of whom are members of VLAN 200', from communicating via switches 45' and 55'.
If, it becomes desirable to change the network configuration, this is easily accomplished by issuing commands from NMS 290 to the applicable switches 5'-55'. For example, if desired, user H could be easily added to VLAN 100' by simply reconfiguring VLAN 100' at the NMS 290 to cause an instruction to be issued to switch 55' to allow communications to flow from users A-D and E to user H via switch 55', i.e., to include LAN 90 in VLAN 100'. Because the switches 5'-55' are layer 2 switches, the bridge formed by the switch is transparent to the users within the VLAN. Hence, the transmission delays normally associated with routers, such as the router 300 of FIG. 1, are avoided. The power of the VLAN lies in its ability to dynamically control the network configuration through software on the NMS 290. More particularly, in accordance with its programmed instructions, the NMS 290 generates and transmits signals to instruct the switches 5'-55' to form the desired VLAN configurations.
Multicasting refers to the ability of a station on the network to simultaneously communicate a single message to a number of other stations on the network. In a typical LAN protocol, as shown in FIG. 3, the communication packet 400 includes a destination address 110 having six bytes, a source address 113 and a message portion 114. If the I/G (Individual/Group) bit 112 is set to zero, the packet is directed to a single specified address. However, if the I/G bit 112 is set to one, the packet is transmitted to all LAN's of the bridged LAN.
For example, referring to FIG. 1, if member A of bridged LAN 100 wishes to multicast to members B and C of bridged LAN 100, the I/G bit of the destination address of the message packet would be set at one. If the I/G bit of the destination address, i.e., the multicast address, is at one, the bridges 5 and 15 read this as a multicast address which is directed to all LAN's within the bridged LAN 100. It will be recognized that multicast communications are not routed by routers such as router 300 of FIG. 1. Accordingly, in a standard LAN system, multicast communications cannot be distributed between bridged LAN's. Further, because multicast communications within a bridged LAN are distributed to all individual LAN's, e.g., 10-30 in FIG. 1, whether or not the sender desires the message to reach any member of a particular LAN within the bridged LAN, network bandwidth may be unnecessarily utilized.
In a VLAN network, the aforementioned problems are avoided. First, because all switching is done at level 2, i.e., no level 3 routers exist in the system, multicast communications may be transmitted to network members on any LAN within the VLAN. Further, using the NMS 290, a VLAN can be configured to include only those individual LAN's which include members to whom it is desired to transmit the multicast. Accordingly, network bandwidth is not unnecessarily used to transmit multicast messages to individual LAN's which lack members to whom the multicast communication is addressed. As will be recognized by those skilled in the art, as multicasting continues to grow in popularity, the amount of wasted bandwidth utilization in standard LAN networks has increased. Hence, the reduction in this unnecessary bandwidth utilization and the ability to multicast to any user within a VLAN provides significant advantages over standard LAN architectures.
Further still, because VLANs can be rearranged or reconfigured dynamically, the members within a multicast group can be increased or decreased simply by modifying the multicast VLAN using the NMS 290 of FIG. 2. For example, if multicasting becomes excessive over VLAN 100', the NMS 290 can easily reconfigure the VLAN to exclude one or more LAN's to reduce the multicasting overhead on the VLAN. That is, VLAN 100' could be reconfigured to, for example, exclude LAN 60, thereby reducing the communications overhead of the VLAN.
Prior art FIG. 4 is a schematic of an exemplary VLAN system. The VLAN system includes LANs 205-260 which are connected by switches 270-280 to a high-speed LAN backbone 265. An NMS 290 is interconnected to the switches 270-280 via LAN 260. A trunk station 285 is connected to the high-speed LAN backbone 265. The LAN's 205-215, and 230-235 have designated members F-J. Each of the switches 270-280 is capable of directly interconnecting the respective LAN's connected by access port 305 or 310 thereto, and also interconnecting each of these LAN's to other LAN's directly connected by an access port to another of the switches via the high-speed LAN backbone 265. For example, switch 270 can be instructed by the NMS 290 to interconnect LAN 205 to LAN 215 by configuring a VLAN including LAN's 205 and 215, thereby facilitating communications between F and H. Switches 270 and 275 can also be instructed by the NMS 290 such that member F of LAN 205 can be interconnected by a virtual network to user I of LAN 230.
Prior art FIG. 5 depicts a VLAN communications packet 400' which is identical to the LAN communications packet 400 depicted in FIG. 3, except that a VLAN header 116 has been added to the packet. The header is appended by the initial switch to which the message packet is directed. The VLAN header identifies the resulting packet as a "VLAN" or "tagged" packet, and represents the particular VLAN from which the packet originated.
For example, if in FIG. 4 LAN's 205, 220 and 230 are within a single VLAN and member F of LAN 205 desires to communicate with member I of LAN 230, the message 114 of FIG. 5 with the destination address 110 attached is directed to access port 305 of the switch 270. The switch determines, based upon instructions previously received from the NMS, that the member I address falls within the applicable VLAN and, accordingly, adds the appropriate VLAN header to the packet to form packet 400', as shown in FIG. 5. The packet 400' is then directed via trunk port 315 to the high-speed backbone LAN 265 and read by switches 275 and 280.
Since switch 280 lacks any access ports connected to LAN's within the applicable VLAN, switch 280 discards the communication. Switch 275, however, identifies the VLAN header 116 of packet 400' as associated with a VLAN which includes LAN 230. The switch 275 accordingly removes the header and directs the communication, which now appears as message 400 in FIG. 3, to LAN 230 over which the member I receives the message.
Accordingly, VLANs have numerous advantages over conventional interconnected bridged LAN configurations. However, to obtain these advantages the system must remain under control of the NMS. Thus, in conventional VLAN systems the NMS must be configured within each VLAN. A significant problem can arise in the control of VLAN switches if an operator of the NMS inadvertently excludes itself from a configured VLAN or places itself in a VLAN in which no other LANs are included. In such situations, NMS control over the system configuration could be lost in whole or part.