A local area network is defined as a computer network that is in the same area and this means that when a user broadcasts any information on the LAN, all users on the LAN receive the transmission. But the only problem with LAN is that if two people send information at the same time, a collision will occur and the data that is transmitted will be lost. The area where the data is transmitted is called the broadcast domain but everyone in the LAN must be in the same area. This is where VLAN or Virtual LAN allows the network administrator to effectively segment a LAN in various broadcast domains and it is not essential that workstations be physically located together. Users can be in different floors of the same building or even in different buildings.
When a LAN is divided into segments using a switch, with each port serving a smaller number of network nodes, the chances of collision reduces. Moreover, the devices that normally communicate with one another are placed in one segment so that the need for forwarding the packets to other ports also gets reduced. In some cases, machines that require very high bandwidth (for example, a server or a high performance workstation) are connected directly to a switch port, thus enabling them to have almost the entire bandwidth of one segment dedicated to them.
The need for VLANs: Very often the personnel involved in a particular project or those belonging to a particular department are not confined to a given area and are spread throughout a building or campus. Product design teams may be cross functional groups and usually exist for short periods of time. In such cases, grouping the users into one physical segment is not feasible. In these cases, more packets have to travel from one physical segment (or switch port) to another, thus increasing the network loading. VLANs offer a way to overcome these problems. A VLAN logically groups switch ports into workgroups. Since broadcasts and multicasts between the users of a workgroup are likely to be high, a VLAN limits the broadcast traffic to within the particular virtual network and thus performs like a virtual broadcast domain.
Benefits of a VLAN: VLANs offer a number of advantages over the traditional LAN implementation:
• Performance improvement
• Improved security
• Ability to set up virtual workgroups
• Reduced administration
• Reduced cost.
A VPN is basically a corporate network that is built around the communication infrastructure of the Internet rather than using leased lines or a Remote Access Server using direct dial-in. Since the Internet is a public medium where the traffic
is prone to interception or modification, unlike the privacy offered by dedicated leased circuits, security issues play an important role in the implementation of a VPN. A VPN is however a highly cost effective proposition, as dedicated lines are required only to connect the corporate network to an ISP (usually located within the same city).
Types of VPN
VPN solutions are essentially of three distinct types:
• Inter-site or inter-LAN VPNs
• Remote access VPNs
While all the three of these types of connectivity are essential from the enterprise viewpoint, most of the savings result from Remote Access VPN. This is because:
• Cost of remote access and the number of employees who travel and need to connect using long distance dial up are showing an increasing trend
• A dial-up Internet connection offers good bandwidth and is therefore becoming acceptable to more users, particularly those using applications based on client server technology and multi-tier architectures that conserve bandwidth
• A local dialup connection using a reliable Internet Service Provider (ISP) offers a very high degree of availability and Quality Of Service (QOS) level compared to direct dial up through long distance lines.
Requirements for designing a VPN system
Any enterprise planning to implement a VPN system must carefully evaluate the various issues of importance. A 5-tier model proposed by the Gartner Group sums up these issues and can be a starting point. See Figure below.
The 5 tiers are: security, scalability, manageability, simplicity and quality of service. Security is a factor decided by the corporate policy. Scalability, manageability and simplicity are functional requirements and will depend on present and perceived future needs, particularly the issue of scalability. Quality of service will be primarily dependant on the ISP whose infrastructure will be used for the VPN.
Difference between VLAN and VPN
- A VLAN helps group workstations that are not within the same locations in the same broadcast domain and VPN is related to remote access to a company’s network.
- VLAN is a subcategory of VPN and VPN is a means to create a secure network for secure data transmission.
- A VLAN is basically a means to logically segregate networks without physically segregating them with multiple switches. A VPN is used to connect two points in a secure and encrypted tunnel.
- A VPN keeps the data from prying eyes while it is in transit and no one in the network can capture the packets and read the data. The VLAN does not involve any encryption technique, but it is only used to divide your logical network into different sections for administration and security purposes.
- The VLAN is usually used when it is necessary for a person to connect with someone who can not be connected from outside the VLAN. It requires a special permission before access. VPN is used to communicate securely in an unsecured environment