| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 <2014> 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 <2014> 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | RE: VLANS designing,Geographical vs functional? |
| From: | Emmanuel Mayssat <[email protected]> |
| To: | Zhang Yuliang <[email protected]>, EPICS mailing list <[email protected]> |
| Date: | Wed, 8 Jan 2014 14:51:57 -0800 |
|
VLAN = broadcast domain that exists within a defined set of switches. A VLAN is a switched network that is logically segmented on an organization basis, by functions, project teams, or applications rather than on a physical or geographical basis. If you are talking about many physical locations, how far apart are they? Do you have a dedicated link? What are the physical characteristics of your link? In the case of collocation, this is done with firewalls/VPNs If you want to use VLAN you should take in consideration (1) human errors, (2) the accessibility of the switch, (3) who is responsible and who manages the switches. (1) Let's say you have a development vlan and a production vlan on the same switch fabric. If someone configure incorrectly the switch (or if the configuration is not correctly saved in the Flash and the switch reboot) then you can have PV variables that leak to other networks. In other words, you may think you are working with a development IOC when indeed you are using a production one. To avoid this, we don't use VLAN but instead different switches and color-coded cables. (Blue = intranet, yellow= development, green= production, etc.) (2) Function of your configuration (i.e. often ports are configured to belong to untagged VLANs), if a multi-vlan switch is accessible to end-users, that user may connect to the wrong vlan by plugging his cat5 to the wrong port. (3) There is a logical separation between the IT infrastructure and accelerator's network. Those 2 may be managed by different groups. If that's the case you may consider separate infrastructure otherwise one group may blame the other whenever an issue arise. (The alternative is to be good at scanning log entries!) Here we use VLANs to segregate beamlines and accelerator networks. For me, the killer feature of VLANs is the possibility to change the network topology without touching a cable. That's a must-have if the network equipment is spread throughout the building or at a remote location. Finally if you are using advanced network features, you should prepare for the worst case scenario where you lose the entire configuration and connection to the switches. Obviously you should dump their respective configurations on disks and have a few memory sticks around, but better yet you may consider a clustering of console servers. ( http://www.perle.com/supportfiles/Secure_Clustering_Tech_Note.shtml ) I use IOLAN SCS console servers. The master has the optional V92 modem. Good luck! -- Emmanuel > Date: Wed, 8 Jan 2014 13:28:15 +0800 > From: [email protected] > To: [email protected] > Subject: VLANS designing,Geographical vs functional? > > Hello all, > > We are designing VLANS for CSNS(China Spallation Neutron Source). I want to know which method do you choose in your site, geographical or functional? Any advice? Thanks in advance. > > Regards, > Zhang Yuliang |