Referring to FIG. 1, a virtual local area network (VLAN) is a set of end station network devices including but not limited to servers (100), personal computers (102) and internet protocol (IP) phones (104), collectively “members,” that function as if they were connected to a single network segment. The members of a VLAN are interconnected via a Layer 2 edge switch, which may be considered part of the VLAN. Further, a VLAN may include multiple Layer 2 switches (106a, 106b, 106c), each supporting a different IP subnet (107a, 107b, 107c) which may include multiple members. Typically, the members of one VLAN (108) are shielded from members of another VLAN (110) because a device such as a router (112) processes all traffic flowing between the VLANs. As a result, member devices do not unnecessarily receive traffic from other VLANs, thereby enhancing efficiency. The router (112) also provides security by subjecting traffic traveling between VLANs to security measures. As illustrated in FIG. 1, the router may also process traffic transmitted between different IP subnets of a VLAN.
Although the illustrated prior art VLAN provides protection from devices outside the VLAN, and possibly for traffic moving between IP subnets, e.g., as shown between subnet (107b) and subnet (107c), local switching of some internal traffic is a vulnerability. One example of local switching of internal traffic is the traffic between member devices on the same IP subnet, e.g., as shown on subnet (107a). For example, traffic between a member device (102a) and member device (104a) on the same IP subnet is sent via the local Layer 2 switch (106a), i.e., without traversing the router (112). As a result, that traffic is not subjected to security measures. If one of the member devices is compromised, this vulnerability may be exploited to compromise other members. Indeed, all members of the VLAN, including those on different IP subnets, may be discovered by a compromised member of a broadcast VLAN. Security between members of the VLAN could be provided by an enforcement point at the network access level, e.g., in wiring closets. However, that solution would be costly in terms of equipment, installation and maintenance. Similarly, implementation of a VLAN/IP subnet per user is not scalable and thus not practical.
Security vulnerability is not the only drawback associated with locally switched traffic within VLANs. Another result of traffic being switched locally is that destabilizing loops can be established. Such loops cause uncontrolled bi-directional Layer 2 flooding which decreases capability and efficiency. Protocols such as spanning tree are used to attempt to avoid destabilizing loops. However, such protocols are not flawless, and some loops still occur.