Reflect the nuclear Internet of Things | What is VLAN?
VLAN is the abbreviation of English Virtual Local Area Network, which is called "Virtual Local Area Network" in Chinese. It is a communication technology that logically divides a physical LAN into multiple broadcast domains.
The broadcast and unicast traffic in one VLAN will not be forwarded to other VLANs, which will help to control traffic, reduce equipment investment, simplify network management and improve network security.
Many friends are still at a loss as to whether this kind of conceptual explanation has a feeling of "speaking but not fully speaking". Don’t worry, take your time with Xiaoying’s idea, and you know what VLAN is!
Let’s look at an example first:
The new semester has begun, and there are 700 senior one students reported, and you are one of them. What about you? You want to find your distant cousin Zhang San, who entered school at the same time. So, you find the class teacher and say, "Can the teacher help me find Zhang San’s phone number?"
The serious and responsible class teacher immediately passed the news to other related class teachers and asked them to help find it. So the class teachers asked the students one by one: Zhang San, what’s your phone number? For a time, the whole grade knew that you were looking for Zhang San.
Does this sound ridiculous? What a waste of energy!
By the same token, in network communication, what will happen if VLAN is not divided.
The above picture shows a network composed of 5 layer 2 switches computers connected with a large number of clients.
Suppose that at this time, computer A needs to communicate with computer B (equivalent to you communicating with Zhang San). In the communication based on Ethernet, the target MAC address must be specified in the data frame in order to communicate normally, so computer A must first broadcast "ARP Request information" to try to obtain the MAC address of computer B (equivalent to Zhang San’s phone).
When switch 1 receives the broadcast frame (ARP request), it will forward it to all ports except the receiving port, that is, flooding. (equivalent to the example, the class teacher helps you find someone)
Then, switch 2 will flood after receiving the broadcast frame. Switches 3, 4 and 5 will also be flooded. Finally, ARP requests will be forwarded to all clients in the same network, which is a network storm. Now everyone knows that you are looking for Zhang San.
This ARP request to calculate A was originally issued to obtain the MAC address of computer B.. That is to say, as long as computer B can receive it. But in fact, the data frame spread all over the network, and all computers received it.
In this way, on the one hand, the broadcast information consumes the bandwidth of the whole network, on the other hand, the computer that receives the broadcast information also consumes a part of CPU time to process it. It causes a lot of unnecessary consumption of network bandwidth and CPU computing power, which may cause network paralysis.
After understanding "Why VLAN is needed", let’s take a look at how the switch uses VLAN to divide the broadcast domain.
First of all, on a layer 2 switches without any VLAN, any broadcast frame will be forwarded to all other ports except the receiving port. For example, after computer A sends broadcast information, it will be forwarded to ports 2, 3 and 4.
At this time, if two VLAN, red and blue, are generated on the switch.
At the same time, set ports 1 and 2 to belong to the red VLAN and ports 3 and 4 to belong to the blue VLAN.
If a broadcast frame is sent from A again, the switch will only forward it to other ports that belong to the same VLAN, that is, port 2 that belongs to the red VLAN, and will not forward it to the port that belongs to the blue VLAN.
Similarly, when C sends broadcast information, it will only be forwarded to other ports belonging to the blue VLAN, and will not be forwarded to ports belonging to the red VLAN.
In this way, VLAN divides the broadcast domain by limiting the range of broadcast frame forwarding. For the convenience of explanation, different VLANs are identified by red and blue colors in the above figure, but in actual use, they are distinguished by "VLAN ID".
Hosts with different VLAN need to communicate through network devices such as routers or layer 3 switches.