Log in

No account? Create an account
Vexen Crabtree 2015


Vexen Crabtree's Live Journal

Sociology, Theology, Anti-Religion and Exploration: Forcing Humanity Forwards

Previous Entry Share Next Entry
Vexen Crabtree 2015

VLANs make sense now!

I got the point of VLANs today :-)

  • Provide secure control of where network broadcasts and traffic goes. You can't add devices to the network that can spy on traffic, because the new device is by default only member of a crappy low-service VLAN, and needs to be added to specific VLANs to see specific traffic. It's not that the traffic is unreadable, but that it isn't even sent to the new devices by the routers/switches in the first place.
  • Provide segmentation of broadcast domains. Broadcasts are strictly limited to correct VLANs, which potentially frees up a lot of bandwidth (I would guess 20/30%) that was otherwise merely being ignored by most machines anyway. If you want broadcasts from a particular VLAN, you have to be a member of that VLAN.

Their biggest disadvantage appears to be that switches and extra complexity adds to latency, and that routers/switches have to configure ports to let VLAN traffic through - meaning some extra administration to do, and, of course, more things to go wrong. But when done in an organized way, VLANs are dead useful and efficient.

  • 1
The latency added by the switching is usually more than compensated by increased throughput as you no longer get packet collisions like you would on a non-switched hub.

If your broadcast traffic is 20-30% of your network traffic then there's something seriously wrong. On our typical LANs [up to 500 clients connected 100Mbit/full-duplex, up to 50 servers connected as Gigabit] we are seeing less than 1% of total traffic being broadcasts - and thats with a flat all-users-in-the-default-VLAN model.

The downside of VLANs is that they require a hell of a lot of casual administration - where we have used them, we've come up with a simple model that puts the first 48 ports on a switch into the first VLAN, the next 48 ports into the second VLAN and so on. Otherwise it takes someone with the enable-password to go in and reassign ports to VLANs every time a cabling change is made on a switch: this is not good 'cause it means you either have to give your enable-password out to the cable-monkeys (with all the security implications that entails) and let them make the change or call in a network-consultant[i.e. me!] and I bill you £100 to make the change because of the annoyance it causes me.

VLANs shouldn't significantly increase security - in a switched environment devices should only be seeing traffic explicitly destined for them [and broadcasts] anyway: to intercept real user traffic you'd still need to go into enable mode and do some Port-Spanning before you'd see anything but broadcasts.

Yay, wiggy learn new stuff :D *pets*

please read...

hey- i know this has nothing to do with your insert or anything, i was just reading a website on satanists and i saw your page so i wan't to ask you if you could explain what it is to me. Someone told me stuff about it and it seemed really interesting, but i wasn't sure if the stuff she told me was true or not...if you have time, please make an insert on it or perhaps email me at kristykaye88@yahoo.com

thanks so much

Re: please read...

http://www.dpjs.co.uk/ is a large number of texts and writings by myself on Satanism, including philosophy, basic beliefs, theological debate, the sociology of Satanism, criticisms and testimonies.

If you have any particular questions it's best to check the A to Z at http://www.dpjs.co.uk/dictionary.html but failing that post again or email me.

VLANs are great to use, but to administrate they are terrible, if you need 24-7, they are unpractical....

  • 1