IEEE Communications Magazine ? July 2011
98 0163-6804/11/$25.00 ? 2011 IEEE
I
NTRODUCTION
Enterprise networks, which connect the comput-
ers within a college campus or corporate loca-
tion, differ markedly from backbone networks.
These networks have distinctive topologies, pro-
tocols, policies, and configuration practices. Yet,
the unique challenges in enterprise networks are
not well understood outside of the operator
community. One prominent example is virtual
LANs (VLANs) — a widely- used technology
that is barely discussed in networking textbooks.
VLANs were initially intended to allow net-
work administrators to connect a group of hosts
in the same broadcast domain, independent of
their physical location. However, today ’s enter-
prise administrators use VLANs for a variety of
other purposes, most notably for better scalabili-
ty and flexible specification of policies. However,
enterprise administrators have seen many prob-
lems of VLANs because VLANs are used for
other functions they were not designed for.
Understandably, VLANs are at best an incom-
plete solution for some of these problems. As a
result, managing VLANs is one of the most chal-
lenging tasks they face.
In this article, we study four networks —
three university campuses and one academic
department — to better understand how VLANs
are used in practice. Through discussions with
network administrators, and targeted analysis of
router configuration data, we have obtained
deeper insights into how the administrators use
VLANs to achieve a variety of design goals, and
the difficulties they encounter in the process. We
show that VLANs are not well-suited for many
of the tasks that they support today, and argue
that future enterprise network architectures
should decouple policy specification from scala-
bility concerns with layer-2 protocols, topology,
and addressing.
After a brief survey of VLAN technology, we
describe how the four networks use VLANs to
support resource isolation, access control, decen-
tralized management, and host mobility. Howev-
er, VLANs were not designed with these goals in
mind — network administrators use VLANs for
the lack of a better alternative. We argue that
VLANs are too crude a mechanism for specify-
ing policies, due to scalability constraints (on the
number and size of VLANs) and the coarse-
grained ways of assigning traffic to different
VLANs. Further, VLAN configuration is far too
complicated, due to the tight coupling with span-
ning-tree construction, failure recovery, host
address assignment, and IP routing, as discussed.
We conclude the article.
V
IRTUAL
L
OCAL
A
REA
N
ETWORKS
An enterprise network consists of islands of Eth-
ernet switches connected both to each other and
to the rest of the Internet by IP routers, as shown
in Fig. 1. We describe how administrators group
related hosts into VLANs, and how the switches
and routers forward traffic between hosts.
C
ONVENTIONAL
L
OCAL
A
REA
N
ETWORKS
In a traditional local area network (LAN), hosts
are connected by a network of hubs and switch-
es. The switches cooperate to construct a span-
ning tree for delivering traffic. Each switch
forwards Ethernet frames based on its destina-
tion MAC address. If the switch contains no for-
warding-table entry for the frame ’s destination
MAC address, the switch floods each frame over
the entire spanning tree. A switch learns how to
reach a MAC address by remembering the
A
BSTRACT
VLANs are widely used in today ’s enterprise
networks to improve Ethernet scalability and
support network policies. However, manuals and
textbooks offer very little information about how
VLANs are actually used in practice. Through
discussions with network administrators and anal-
ysis of configuration data, we describe how three
university campuses and one academic depart-
ment use VLANs to achieve a variety of goals.
We argue that VLANs are ill-suited to some of
these goals (e.g., VLANs are often used to real-
ize access control policies, but constrain the types
of policies that can be expressed). Furthermore,
the use of VLANs leads to significant complexity
in the configuration of network devices.
T
OPICS IN
N
ETWORK AND
S
ERVICE
M
ANAGEMENT
Minlan Yu and Jennifer Rexford, Princeton University
Xin Sun and Sanjay Rao, Purdue University
Nick Feamster, Georgia Institute of Technology
A Survey of Virtual LAN Usage in
Campus Networks