To VLAN or not to VLAN
When it comes to virtual local area networks, there are two schools of thought on their effectiveness. Geoff Meads weighs up the case for and against the VLAN.
When you first start out as a new IP networking technician it won’t take too much time before you hear the phrase ‘vLAN’. Some commentators will claim vLANs to be the fixer of all problems and an essential part of any smart home network installation. For more experienced technicians, and with the advances in technology we have seen in recent years, the case for vLANs has become less clean cut and there are some who simply don’t see the need for them anymore (except in extreme cases).
So, what is a vLAN and how useful are they for smart home installations in 2021? Let’s dive in and find out.
What is a vLAN
The term ‘vLAN’ is an acronym for ‘Virtual Local Area Network’ and seeks to describe a small segment of a normal LAN. The word ‘within’ is important because a vLAN, by its very nature, is a segment of a larger LAN. If a vLAN were on its own it would simply be, well a LAN!
A single LAN can contain several vLANs if that is what is needed. Once a vLAN is present on a LAN then all devices are on vLANs. For example, if you were to set up a vLAN for a set of security cameras and call that ‘vLAN 1’ then the rest of the devices on the network are automatically part of vLAN 0.
vLANs can be configured a couple of different ways. The most common setup within smart home installations is achieved using something called a ‘Port Based vLAN’. In a Port Based vLAN individual hardware ports on a router or switch are set to be on a particular vLAN. Any other devices connected to that port (either directly or via further switches) are then considered to be on the vLAN setup by that port.
Some (read more complex…) setups use ‘Tag Based’ vLANs where each sending devices adds a ‘tag’ to every Ethernet Frame (at layer 2 of the OSI) it sends which tells receiving equipment which vLAN the frame belongs to. While this method can be hugely powerful it is not often used in smart home installations due to its complexity of setup. With that in mind we’ll leave tag based vLANs for another article.
There are some occasions with either setup where traffic from multiple vLANs must travel together across a single cable. An example of this is when a switch has multiple ports with different vLANs but then a single cable connects that switch to a router. In this case the cable connecting the switch to the router must carry all traffic that is headed for the Internet and is referred to as a ‘trunk’ route.
One of key principles of network design is to keep the ‘broadcast domain’ as small as possible. A broadcast domain is the scope of devices that ‘see’ broadcast messages. Broadcasts are usually sent when one device is trying to find another and can happen more often than you think. Clearly, if a sub-system is generating traffic between devices in a group (say a distributed audio or AVoIP system) then this may disrupt other services if that traffic overwhelms the network.
A vLAN is one way of limiting a broadcast domain to just the devices that need to receive certain traffic. Devices within the vLAN see all the broadcast traffic from other devices in the same vLAN. However, devices outside of that vLAN do not see that traffic.
A second advantage to a vLAN is one of security. While segmenting a network for security might seem appropriate only in a commercial environment there are situations where this may also be beneficial in a home environment. A home office that is connected to remote commercial network is just one example.
While there are clear advantages to using vLANs there are also clear disadvantages too.
Firstly, we increasingly use single devices to control multiple sub-systems. In years gone by, when keypads and dedicated control hardware were the way to control a home, it was easy to place these dedicated devices on a control vLAN where they could operate independently of laptops and other more generic network devices. However, in more recent times it has become necessary to control the home from smartphones and tablets that have many uses. With this being the case, any separation of sub-systems via vLANs might limit which device can control which system.
Secondly, setting up vLANs brings a great deal of added complexity to a network setup. Specialist equipment and set up skills are required as well as more detailed documentation not to mention the need for all support staff to be able to fully understand the system for setup and maintenance issues.
Finally, vLANs can add significantly to the difficulty of remote diagnostics and service. Not only will you need to setup remote access to the network but also ensure that the remote access method used will support access to relevant vLANS once access to the remote LAN is achieved.
The case for
vLANS can be an incredible tool for adding layers of security and performance enhancement to extremely busy systems. They can hinder unwanted intrusion from local or external sources and make some diagnostics tasks easier too.
The case against
vLANS add a layer of complexity that makes configuration and service more complex and puts added demands on the installing company in terms of documentation, knowledge, and experience. While performance advantages can be achieved by configuring vLANS in some systems very few modern networks need these advantages. Moreover, if trends move us to regularly install 10 Gigabit networks, this advantage will be diminished.
A simple workaround
One reason that some technicians have given for configuring a vLAN is that a particular vendor will not support them in fault finding unless their devices are on a vLAN. If you find yourself in this situation temporarily disconnect everything else from the network and ‘voila’, the equipment is on its own vLAN!
Horses for Courses
Every smart home system is a little different and there is no black and white answer to whether vLANs are needed are not. However, as network devices get smarter in terms of the way they use the network and as cloud services become the dominant way to control devices the need for vLANs is clearly decreasing. In this writers’ opinion that’s great news for the service techs!