vLANs are a necessary evil… for now. Geoff Meads looks at what the future holds for vLANs and whether they go the way of the Dodo in 2025.

As I begin this article, I find myself in the rather startling city of Dubai, having just taught four days of IP networking classes. It’s fair to say Dubai is among the fastest-growing cities in the world and has all the ingredients for a buoyant smart home market. Folks here have money, space, a huge amount of new construction to choose from and a keen eye on new technology.

It’s also fair to say that the internet infrastructure here is strong. Where I’d normally expect to see 50Mbs download speeds in a hotel conference room, here it’s just short of 1Gbs. No complaints from this network teacher then!

With such a thriving marketplace, it’s perhaps no surprise that the typical residential network being installed here is large in scope. There’s also a large install base of systems like CCTV and managed WiFi supporting countless smart devices. No wonder then that one of the more popular classroom discussions here revolves around network segmentation, particularly the use of vLANs.

Rewind a couple of years and I recall having a phone chat with a friendly London-based integrator, well known for installing complex systems. He told me their engineers had stopped using vLANs altogether as they no longer found them necessary. So, are we now in a place where systems are so efficient, and hardware so competent, that we can stop worrying about adding vLANs to our networks?

Before answering that question, we had better discuss the reason we might consider using vLANs at all. A vLANs is a ‘virtual’ LAN and it might be described as a small chunk of a wider LAN that has been segregated from regular network traffic. They can be created a couple of different ways, but, in most residential systems, we use something called a ‘port-based vLAN’.

In short, we create a group of devices with a common purpose (e.g. a group of IP cameras and an NVR) then we put those devices in a separate switch away from other network traffic. The port used to connect the vLAN switch to the rest of the network is setup on a vLAN. This achieves two things; firstly, devices outside the vLAN cannot communicate with those inside the vLAN and, secondly, traffic from within the vLAN never goes outside the vLAN.

There are two big advantages here. The first and most obvious one is security. If devices within the network are sending and receiving sensitive data, then it can be advantageous to restrict where that data goes. This is especially true for WiFi networks where all devices see all traffic.

The second advantage is bandwidth. If some of the network devices are sending very high levels of data (a group of CCTV cameras for example) then this can clog up the rest of the network. Restricting this data to only part of the network can free up bandwidth elsewhere for other devices or systems.

Now, we understand the advantages vLANs might bring, but how about the disadvantages? The first and most obvious disadvantage is complexity. If, like me, you work using the KISS principle (keep it simple, stupid) then you’ll always be looking for the simplest solution. This means less time setting up the network, which can only be a good thing.

The second disadvantage is related to the first – serviceability. The more complex a system becomes, the more difficult any changes become. In addition, diagnosing a problem becomes more time-consuming and requires a high level of skill. While most smart home engineers have a least some networking knowledge these days, not that many are full conversant with advanced features like vLANs. This also applies to upgrades, expansions and other changes. Everything gets more complex and requires a higher-level engineer.

The biggest issue, however, is that our systems have more and more hybrid functions. As an example, let’s think about a home network with CCTV, AVoIP and other, general network functions. It might be tempting to put the CCTV on a vLAN, use a second vLAN for AVoIP and a final one for general use such as browsing, streaming services and web access. That’s all great, right up until the user needs to access the CCTV vLAN on their iPad which is on the general use vLAN. You are now into the complex world of inter-vLAN routing. A nightmare for even the most proficient network engineers.

So, are vLANs a necessary evil? I’m not so sure. For starters, network equipment, particularly switches, offer far more bandwidth than they used to. It wasn’t so long ago that we were working with 100Mbs networks. Now 1Gbs is standard and 10Gbs hardware is widely available. What’s more, latest generation switches have far higher total throughput numbers. Add in better compression ratios for video technologies and more efficient use of the network for broadcast traffic and bandwidth concerns start to look like a non-issue.

But what about security? Well, there are more options than just vLANs. My favourite method to segment a network is simple, add a router. If you place systems like CCTV on a separate router, then connect that router’s WAN connection to your main LAN you have secured the CCTV traffic from the main network. You’ve also retained access to the Internet for the CCTV system and managed broadcast traffic created by the CCTV system by keeping it within a separate LAN. It’s a simple solution and, with decent routers being inexpensive these days, a pretty cheap solution too.

Finally, you may find yourself being asked by a vendor’s support department to put all their equipment on a vLAN to diagnose issues. The truth is though; you can achieve the same thing by using a router as described above. If the only devices connected to the router are the system in question, they are automatically on their own vLAN.

So, does all this mean the end of the vLAN for residential networks? Maybe not quite yet. However, I think that, if 2025 isn’t the end of the vLAN, it might be the beginning of the end.