1. Field of the Invention
The invention relates to Virtual Local Area Networks (VLANs), and more particularly to the use of VLANs to establish separation between different users of a shared switch.
2. Background Information
It is today a common computer network engineering practice to separate packet traffic belonging to different users by use of a router, a Layer 3 (L3) device. Separation of users' traffic is accomplished by assigning each user to a different subnetwork (subnet). A subnet is identified by a unique L3 address. The router then transmits a particular user's packets out through a port assigned to that subnet. However, only a limited number of bits in the L3 address (for example IP address) are assigned to the subnet, and so only a limited number of subnets may be addressed by a particular router. Subnet design is described by Andrew Tanenbaum in his book Computer Networks, Third Edition, published by Prentice Hall, Copyright date 1996, all disclosures of which are incorporated herein by reference, particularly at pages 417–419. For example, if 6 bits are assigned to a subnet mask, then only 62 different subnets may be addressed (0 and 64 are reserved). Further, for every subnet assigned two addresses are wasted, for example the multicast and broadcast addresses.
As an example of many users of a switch who require that their message traffic be kept separate, an Internet service provider (ISP) may have many customers who want to connect to a server farm. Access to the ISP is through a router connected to a common external computer network, for example the worldwide Internet. The router must route each customer's traffic to that customer's local area network in such a manner as to maintain protection and privacy between the data of different customers. It is desirable for an ISP to prevent traffic originating from one customer's server from being received by another customer's server.
A second example of many users of a computer network who must have their traffic separated in order to guarantee privacy and protection is the use of a television cable Internet distribution system. Each home is assigned a separate subnet so that routers may route only a particular customer's message traffic to that customer. This subnet routing prevents, for example, one customer looking at another customer's message traffic by use of, for example, a network snifter.
A third example is a server farm, for example a multiclient backup service. Each client's message traffic arrives at a router. The router uses a subnet mask to keep the traffic of each client separate from the traffic of another client, as it routes the traffic to the client's backup server.
A limitation in the use of subnets, and subnet masks, in a multiclient environment is that there is only a limited number of subnets which can be defined from standard Layer 3 addresses. In modern computer network systems, this numerical limitation severely restricts the number of individual users who can be serviced, and also have their message traffic maintained separate. Further, the management of a large number of subnets by a network manager becomes burdensome, especially in the event that the network has thousands of customers whose packet traffic must be kept separate.
A better way to keep the message traffic of different users separate in a computer network is needed, particularly a method which can scale to a large number of users.