Segmenting the Network Can Improve Performance
You might need to segment devices on the network for many different reasons. These include the following:
1. Topology limitations—You need to add more nodes to the network but the expansion will break distance limitations or maximum nodes-per-segment rules. This is usually the case only in older Ethernet LANs where the broadcast domain was constrained by the round-trip time.
2. Networking protocol limitations—Address space is fragmented and you need to connect segments that have different network addresses. This can happen when two companies merge and both already have an address space in place for their respective networks. It's much easier to simply place one or more routers between the two networks than it is to reassign network addresses to the many devices on the network. When using DHCP to configure workstations, this might not be a limitation, provided that you have an address space that can accommodate all the devices that will be placed on the larger network.
3. Network bandwidth limitations—When a few high-performance servers or workstations consume too much of the segment's available bandwidth, it's time to segment the LAN (create additional subnets) and thus limit network traffic to smaller segments that contain fewer devices.
4. Security reasons—An Ethernet adapter set to promiscuous mode can intercept all packets that are sent out on a particular segment, for example. You need to place a few high security workstations on their own segment, yet allow some kind of connection to the rest of the network. Keep in mind that in an Ethernet network that uses hubs as a wiring concentrator, every device on the hub (or hubs) can see every network frame that's broadcast on the LAN. It isn't difficult to download a program from an Internet source to read every packet that passes through the network.
Geographically distant connections—It's best to segment each geographic location to ensure that unnecessary traffic isn't being sent across the remote connection and wasting valuable bandwidth. Some routers provide a dial-up function so that a dedicated link isn't necessary, providing an inexpensive way to use routers to connect branch offices.
Depending on which combination of these reasons applies to your situation, a router or switch might be the solution you need to segment the network.
Connecting Remote Locations
When a business expands geographically, you'll find that using bridges to connect remote locations isn't a feasible solution. There are many different technologies from which you can choose today— from simple dedicated lines to ATM and Frame Relay—to connect geographically distant locations.
For these connections, you'll find it necessary to incorporate routers or switches. You'll also find these methods of transport expensive. Today, it isn't unreasonable to consider connecting the local network to the Internet with a router that provides virtual private network (VPN) capabilities. Thus, by using an inexpensive connection to the Internet (far cheaper than using leased dedicated lines), you can still provide a secure channel to remote branch locations.
When to Use a Router
Routers are similar to bridges only in the fact that they can both be used to connect multiple network segments. Whereas bridges make all their decisions based on the MAC address of a particular network packet, routers access the addressing information provided by a higher-level protocol to decide how to best forward a packet. Using the OSI reference model (see Appendix A, "Overview of the OSI Seven-
Layer Networking Reference Model"), you can see that the bridge operates at layer 2, the Data Link layer, whereas routers operate at layer 3, the Network layer. With bridges, the address space is flat: It's simply the MAC addresses associated with nodes on each segment, each one unique. For protocols operating at the Network layer, the address space becomes more complicated because there must be a mechanism for identifying the network as well as the individual node.
When to Use a Switch
Switches are one of the fastest growing categories of network equipment. They can act as a wiring concentrator for a LAN just as a hub does, but they also can make available a much larger bandwidth to clients because they selectively forward traffic from one port to another based on the destination address of each packet. When you use a switch with only one node attached to each port, you are in effect creating a collection of broadcast domains that consist of only two network nodes: the switch and the client node connected to the port. For network adapters and switches that support full-duplex operation, the effective bandwidth is doubled for each client and there is no broadcast domain between the two.
No comments:
Post a Comment