3Com Strategic Directions

3Com Transcend VLANs

Leveraging Virtual LAN Technology to Make Networking Easier

3Com Transcend VLANs

Leveraging Virtual LAN Technology to Make Networking Easier Contents
Executive Summary The Transcend VLANs Architecture Building VLANS: Four Critical Issues VLAN Membership VLAN Membership Communication VLAN Configuration Inter-VLAN Communication Transcend VLANs Solutions Reducing the Cost of Administering Moves and Changes More Cost-Effective Broadcast Containment Than Routers Supporting Multimedia Applications and Efficient Multicast Control Enhancing Security Automation of Network Administration and Management Reduced Need for Routing More Effective Network Monitoring Through dRMON and RMON2 Transcend VLANs Delivery Roadmap Phase 1: Port-Based VLANs with Graphical Management Phase 2: Autoconfigured VLANs Phase 3: Desktop-Configured VLANs Conclusion 2 2 3 4 4 5 5 6 6 7 7 8 9 10 10 10 11 11 12 13

Copyright 1996 3Com Corporation. All rights reserved; reproduction in whole or in part without permission is prohibited. The information and opinions within are based on the best information available, but completeness and accuracy cannot be guaranteed. In no event will 3Com be liable for any damages whatsoever arising out of the use or inability to use this publication even if advised of the possibility of such damages.

Strategic Directions

Executive Summary
This paper introduces Transcend VLANs, 3Coms virtual LAN architecture, and the strategic vision behind it. The goal of the Transcend VLANs architecture is to make networking easier so that network administrators can focus on delivering applications and services. The Transcend VLANs architecture helps organizations dramatically reduce the high cost of moves and changes in the network. It also enhances the management of broadcast and multicast traffic, improves network security, automates many aspects of network management, and reduces the need for routers in the LAN. Ultimately, the Transcend VLANs architecture enables the organization to reach an extremely high level of automation in the administration of the network. The Transcend VLANs architecture comprehensively addresses each of the four key areas of VLAN implementation: how VLAN membership is defined, how VLAN membership information is communicated across multiple switches, the degree to which VLAN configuration is automated, and how traffic is transported between different VLANs. 3Com is delivering Transcend VLANs in three phases. Phase 1 of Transcend VLANs simplifies network moves and changes and improves server access. Unlike other vendors solutions, this functionality is available on even our lowest-priced switches, and most Phase 1 functionality is shipping today. Phase 2 of Transcend VLANs will enable customers to reduce the use of LAN routers, simplify switch configuration, and introduce standards-based multivendor interoperability. Together with technologies such as PACE, Transcend VLANs enables 3Com to deliver superior multimedia solutions. Phase 2 functionality will be delivered during 1996 and 1997. In Phase 3, the network becomes somewhat analogous to a two-way, high-speed cable TV network or subscription service. By fully leveraging the intelligence available at the desktop, VLANs and VLAN membership are no longer static or semi-static designations, but are dynamic, with the virtual structure of the network responding in accordance with the users demand for services. Phase 3 functionality will begin shipping in 1997. This paper is intended for network managers. It assumes an understanding of the technical aspects of networking and some familiarity with VLAN technology. For a general introduction to VLANs, refer to the Virtual LAN Technology Report, by Decisys, Inc. (3Com literature number 200374-001).

3Com Transcend VLANs

Leveraging Virtual LAN Technology to Make Networking Easier The Transcend VLANs Architecture In 1995, the computer networking industry shifted gears. A range of new and exciting LAN technologies began to be deployed. The technologies that have garnered the most attention have been those based on switching, particularly switched Ethernet, Fast Ethernet, and ATM. One of the most heralded benefits of these technologies is virtual LANs (VLANs). But successful deployment of VLANs in todays networks will require an evolutionary, rather than revolutionary, approach. Based on the Transcend Networking premise that networking has to be easier,

3Com has developed Transcend VLANs, an architecture specifically designed to provide customers with cost savings and performance benefits immediately, not two years down the road. At each phase of an organizations network evolution, Transcend VLANs focuses on reducing the amount of administrative time necessary to maintain the network infrastructure by maximizing automation. Automated network administration gives network managers more time to develop and deploy network applications that increase productivity and introduce innovative ways of doing business. In the final phase of the migration to VLANs, the Transcend VLANs architecture enables the organization to reach an extremely high level of automation in the administration of the network. By leveraging the increasing intelligence of the desktop, Transcend VLANs

Strategic Directions

Since the high cost of moves and changes will enable the network to dynamically selfin the network is a pressing and immediate configure. This self-configuration is based on problem for most organizations, 3Com has policies (parameters) set by the network given the reduction of these administrative administrator, and on the particular applicosts the highest priority among the benefits of cations and/or network services that are Transcend VLANs. Of course, Transcend accessed by each user at a given time. In this VLANs also delivers the other primary type of network environment, users can be benefits of VLAN deployment: broadcast and seen as subscribing to network services and multicast traffic control, enhanced network applications in a way that is similar to cussecurity, automation of network management, tomers subscribing to cable TV channels. While the self-configuring, two-way cable and reduced need for routers in the LAN. While many vendors VLAN solutions TVlike network is the long-term goal of the Transcend VLANs architecture, the implemen- are targeted at solving a large number of tation of VLANs must solve the pressing needs problems, and/or creating solutions to problems that do not exist, Transcend VLANs, of network administrators today. Rather than from the moment the first VLANs are conoffering VLANs as a futuristic panacea, figured, is focused on delivering substantial Transcend VLANs delivers solutions to very cost savings that have a real problems network positive impact on the administrators face right bottom line of the IT organow, saving organizations The goal of nization. Yet, far from substantial amounts of Transcend being a short-term solution, money in reduced network VLANs is to Transcend VLANs administration costs. enable network administrators provides for an elegant The goal of the to focus on transition to a network Transcend VLANs archidelivering appliinfrastructure that shields tecture is to enable network cations and both the user and the administrators to focus on services. network administrator from delivering applications and complexity, yet furnishes services. Network administhe performance necessary trators spend as much as 75 for the delivery of increasingly demanding percent of their time maintaining the network applications. infrastructure, ensuring optimal traffic flow, and handling moves and changes. Building VLANs: Four Critical Issues Administering moves and changes is a particFour major issues must be considered in ularly time-consuming and nonproductive implementing VLANs: exercise. Normally, when a user moves to a How should VLANs be defined in the different physical location in the network, a network? substantial amount of administrative labor is What method is best for communicating required to reconfigure the network and, often, VLAN membership information across that users workstation. In some particularly multiple switches? dynamic network environments, such as those To what degree should VLAN configuration found in the securities/banking industry, this be automated? repetitive and labor-intensive aspect of How is traffic transported between different network administration can comprise as much VLANs? as 16 percent of an entire IT budget (including How these issues are resolved hardware, software, and labor). In some of determines the effectiveness of a particular these dynamic environments, as many as 10 percent of network users move per month, and VLAN implementation in meeting the needs of both users and network administrators several administrative personnel must be ded(Figure 1 on page 4). icated solely to handling moves and changes.

Strategic Directions

VLAN view Admin

Port VLAN membership

Acronyms and Abbreviations

ATM Asynchronous Transfer Mode ELAN Emulated LAN FDDI Fiber Distributed Data Interface IGMP Internet Group Management Protocol IP Internet Protocol LANE LAN Emulation MAC Media access control NIC Network interface card RMON2 Remote Monitoring version 2 TCP/IP Transmission Control Protocol/Internet Protocol VLAN Virtual LAN VLT Virtual LAN Trunking
Inter-VLAN communication Edge routing Internal rounting VLAN communication LANE

Multicast group

User (MAC) Protocol

Port-defined IEEE 802.1Q

Layer 3 3Com VLT

Implicit Explicit

VLAN configuration

Manual

Semi-automated

Automatic

AutoCast

One-armed router (external)

Route server/ route client

Desktopenabled (no explicit routing)

Figure 1. Elements of a VLAN Implementation

VLAN Membership

How should VLANs be defined in the network? There are four basic ways in which VLANs are defined: By switch port group By MAC address By network layer information (including by protocol type and/or IP address) By multicast group Each method of defining VLAN membership has advantages and disadvantages. These are discussed in some detail in the Virtual LAN Technology Report. Each method is appropriate for meeting different user needs and in different network environments, and there are even situations where it is advantageous to utilize multiple methods within a single network environment. Therefore, it is imperative that a vendors VLAN solution feature a considerable degree of flexibility. Transcend VLANs delivers this flexibility, enabling network managers to define VLANs by all four methods.
VLAN Membership Communication

What method is best for communicating VLAN membership information across multiple switches? What implications will the chosen method have on network traffic as the network grows? There are two general ways in which VLAN membership infor-

mation is communicated across multiple switches: Implicit communication Explicit communication Implicit communication can refer to port-defined VLANs within a single switch. This would be found in smaller networks or networks with large numbers of users on each switch segment. More commonly, however, implicit communication refers to VLANs defined at layer 3the information identifying VLAN membership is found in the packet header. Explicit communication of VLAN information can be accomplished in three ways, two of which are industry standards. The first standardized method is via an ATM backbone and implementation of the ATM Forums LAN Emulation standard (LANE). LANE is supported in all of 3Coms ATM switching products. The second standard method of explicit communication of VLAN information is presently being formulated under the IEEE 802.1Q VLAN standard. 3Com has been a primary force in the ratification of this standard by the committee. The third method is proprietary frame tagging or encapsulation. In order to give customers a wide range of options and flexibility in their VLAN solutions, 3Com will support its own Virtual LAN Trunking (VLT) frame-tagging

Strategic Directions

 The route server/route client Desktop-enabled zero-hop routing These models have become significant VLAN Configuration points of differentiation between the major To what degree should VLAN configuration LAN vendors. (A more detailed discussion of be automated? How much control should be the advantages and disadvantages of each left to the network administrator? VLAN routing model can be found in the Virtual LAN automation can be described in three levels: Technology Report.) 3Com again plans to Manual support multiple models, because each can Semi-automated have a place, depending on the customers Fully automated overall network environment. In general, these levels represent varying 3Com is presently delivering a solution degrees of trade-off between the reduction of based on the edge-routing model, integrating administrative effort through automated conthe routing function into its LANplex Highfiguration and the enhancement of adminisFunction switches. Integrated routing trative control. In each network environment, optimizes access to network resources utilized the equilibrium between these two poles is dif- by members of multiple VLANs (for example, ferent. Therefore, as with VLAN definition, e-mail servers, centralized database servers, the level of automation in configuring VLANs and so on), because inter-VLAN traffic does depends on the particular network environment not need to be forwarded to an external router and specific business needs of each customer. for processing. Such traffic is routed by the Because of the range of customer needs in this LANplex switch, providing wire-speed access area, 3Coms Transcend VLANs architecture to these centralized resources. supports all three levels of automation for While routing will be the primary method VLAN configuration. for inter-VLAN communication for some time, it is not the only method. Transcend VLANs Inter-VLAN Communication also enables end-stations How is traffic transported (usually servers) to be between different VLANs? As the members of more than one Transcend The short answer to this VLAN, effectively proVLANs solution question is by routing. viding an application-layer moves forward, However, routing solutions membership in a gateway between VLANs. vary considerably, each given VLAN will As the Transcend having its own set of pros become less a VLANs solution moves static desigand cons, as well as its own forward, membership in a nation and more impact on the overall given VLAN will become a dynamic one. structure of the network. less a static designation and Furthermore, routing is not more a dynamic one. This the only method for intermembership can be governed either by the VLAN communication. As is the case with the switch or, eventually, by the desktop/ NIC other critical issues involved in choosing a driver. As VLANs become more dynamic, the VLAN solution, the technique used for interneed for routing inter-VLAN traffic will disVLAN communication depends on the organiappear; if an application calls for two or more zations specific needs and overall network end-stations to communicate for a period of environment. Here again, flexibility is essential. time, they are simply placed in the same There are multiple contending models for VLAN (the switch-governed model), or they where to locate routing functionality in the join the same VLAN (the desktop/NIC network: driver-governed model) for the required period Edge routing of time. The one-armed router method in many of its products until the 802.1Q standard is finalized.

Strategic Directions

physical connectivity and to map back and Transcend VLANs Solutions forth between the two. It is this mapping After considering the issues outlined above ability that so many customers have declared a and determining how VLANs should be requirement before they will deploy VLANs in deployed in their network, customers need to their networks. 3Com has successfully select a VLAN solution that will cost-effecdelivered this capability at prices as low as tively deliver the benefits that VLANs can $200 per switch port in its SuperStack provide. Transcend VLANs offers an array of workgroup switches. benefits which, unlike many vendors VLAN For customers with large numbers of IP solutions, are delivered without sacrificing the users, 3Coms LANplex High-Function performance enhancement upon which the switches support VLANs defined by IP deployment of switching is largely based. (It address. Relative to other protocols, it is IP has repeatedly been demonstrated in the netthat causes much of the time-consuming working industry that customers generally do hassle of administering moves and changes. not accept a two steps forward, one step Normally, IP requires the network adminisback improvement.) Transcend VLANs trator to physically go to the users workdelivers value to the customer in seven key station and reconfigure that users IP address areas: after a move. By defining Reduction of the cost of VLANs by IP address, a administering moves and Transcend user who moves from one changes VLANs archiphysical location to another More cost-effective tecture will could remain in his or her broadcast containment support all levels of autoVLAN (in the case of IP, than routers mated configuthe term virtual subnet is Support for multimedia ration and can sometimes used in place of applications and efficient allow network virtual LAN) without multicast control administrators having to update the work Enhanced security to set policies stations IP address. Automation of network governing how the network VLANs defined by IP administration and manreconfigures address also eliminate the agement itself when a notoriously difficult process Reduced need for routing user moves. of reconfiguring router More effective network tables. For further fleximonitoring bility, 3Com allows multiple virtual IP Reducing the Cost of Administering Moves subnets to coexist on a single physical and Changes segment, a technique called multinetting. Deployment of Transcend VLANs will save Multinetting enables administrators to customers significant amounts of money by maintain logical groups of users without the reducing the resources required for adminisconstraint of physical location. tration of moves and changes in the network. For customers who are moving rapidly to Even when using what might seem to be the a pure private LAN switching architecture most labor-intensive method of VLAN defi(that is, one user per switch port), the liminitionVLANs defined by port group tations of VLANs defined by MAC-layer administrators can use 3Coms Transcend address in a shared media network enviVLAN Manager application (discussed later in ronment (for example, multiple broadcasts this paper) to update a users VLAN memover the same physical segment) become bership by a simple drag-and-drop process. moot. Indeed, for many of these customers, Thus, Transcend VLAN Manager gives deploying VLANs defined by MAC-layer network administrators a superior capacity to address becomes a particularly attractive manage virtual connectivity separate from solution.

Strategic Directions

With VLANs defined by MAC-layer address, VLAN membership stays with the user no matter where he or she moves on the network, since the MAC address is hard-wired into the NIC. In this way, initial configuration, as well as moves and changes, can be automated. Transcend VLAN Manager also enables the network administrator to manually change a users VLAN membership when necessary, such as when an employee transfers from one department to another. As the customers need for automation of moves and changes increases, 3Com delivers the functionality to meet that need. As mentioned before, Transcend VLANs will support all levels of automated configuration and can allow network administrators to set policies governing how the network reconfigures itself when a user moves.
More Cost-Effective Broadcast Containment Than Routers

effective way to deploy centralized network sources (such as e-mail or internal Web servers) without resorting to routing in order to connect them to all of the VLANs in the network. In this way, these centralized resources can truly support all users equally throughout the campus environment.
Supporting Multimedia Applications and Efficient Multicast Control

One of the major reasons for deploying VLANs is to reduce an organizations reliance on routers for broadcast containment. While routing will still retain important roles in the network, broadcast containment is handled much more cost effectively by VLANs switches are simply much less expensive than routers on a per-port basis. Furthermore, router-based solutions tend to be far more complex and time consuming to configure. Network administrators will find that 3Coms Transcend VLAN Manager application is an easier way to define VLANs than using routers to define broadcast domains. Many customers may wish to replicate the multiprotocol broadcast domains of their existing router-based infrastructures. For this purpose, LANplex High-Function switches also support defining VLANs by protocol (such as IPX, DECnet, NetBIOS, etc.). This ability can prove particularly useful for larger multiprotocol environments implementing a more gradual migration toward VLANs. Defining VLANs by protocol also allows a logical end-station to be a member of more than one VLAN (the same MAC address resides in two different network protocol VLANs). Multiple VLAN membership is an

Customers are increasingly interested in deploying multimedia applications that feature point-to-multipoint communication, such as video conferencing, video-based training, and news video feeds. These applications rely heavily on multicast (as opposed to unicast or broadcast) transmissions, particularly IP multicast. Without an effective mechanism for controlling this multicast traffic, increased deployment and utilization of these applications will flood switched networks and severely degrade overall performance (Figure 2). In order to prevent a network meltdown, organizations might be forced to dedicate only certain workstations to these applications, forcing manual switch configuration when these dedicated workstations change and generally preventing these applications from being freely accessed across the network. Another solution to the multicast support problem entails distributing routing functionality to every workgroup switch in the network. This is an unnecessary and expensive deployment of

High-speed backbone

10 Mbps

Figure 2. Multicast Traffic Floods Switched Networks

Strategic Directions

routing functionality and defeats one of the example, calculation of multicast route delivery benefits of implementing VLANs: reducing paths and multicast packet forwarding) can be the amount of routing in the network. left in LAN backbone devices. This eliminates Transcend VLANs takes a differentand the complex and expensive deployment of superiorapproach to the problem of mulrouting at the workgroup level. ticast control. The 3Com solution offers two Either method of supporting VLANs methods for distributed control of multicasts defined by multicast groups enables VLANs to without heavy reliance on routing. The first be configured dynamically to support mulmethod enables the switch itself to define timedia applications for an arbitrary number of AutoCast VLANs based on multicast users over a specific time framefor example, groups. The technique used in switch-based the duration of a video conference. An added AutoCast VLANs is called Internet Group benefit of this dynamic autoconfiguration of Management Protocol (IGMP) snooping. It VLANs is that it requires no intervention on operates by having the switch observe user-ini- the part of the network administrator, making tiated requests to belong to a particular IP mul- more time available for the delivery of new ticast group (for example, a video-based network applications. training session). The switch then dynamically Enhancing Security defines IP multicast groups based on those One of the critically important but often overrequests, forwarding the multicast traffic only looked benefits of VLANs is enhanced netto those ports with participating users and work security. 3Com realizes the increasing blocking it on all other ports. importance of security considerations, particThe second method ularly as corporate Internet goes one step further in disconnectivity and intranet tributing the intelligence The routing applications become more necessary for multicast functionality widespread. The Transcend control by allowing the necessary to VLANs architecture enables handle mulNIC driver in the users an organization to enhance ticast traffic workstation to control the can be left in network security without multicast filters of the LAN backbone resorting to separate switch port to which it is devices, elimiphysical connectivity or attached. The driver simply nating the extensive use of more initiates a message from the complex and complex, more expensive, expensive NIC to the switch, telling deployment of router-based firewalling the switch whether or not to routing at the techniques. By defining forward a particular mulworkgroup access to network services ticast on that port. This level. using Transcend VLANs, method has advantages network administrators can over IGMP snooping in that exert a high level of security it supports all multicast traffic (not just IP control while maintaining a common network multicasts), and it leverages the processing infrastructure. power in the workstation CPU, enabling In order to allow administrators to define deployment of simple workgroup switches. even stricter access to servers containing parHowever, this method is optimized for an ticularly sensitive information such as financial architecture based on a single user per switch port and requires upgraded NIC drivers. 3Com or personnel information, Transcend VLANs will offer both methods of multicast control in can be defined by port or MAC-layer address. When used in combination with architectures order to best meet diverse customer needs. One of the benefits of 3Coms way of sup- featuring a single user per switch port, this ability becomes an especially powerful porting multicasts is that the routing funcdeterrent to unauthorized access. In this contionality needed to handle multicast traffic (for

Strategic Directions

Because the potential benefits of VLANs figuration, unauthorized users have no physical may be reduced by these problems, powerful, way of listening to traffic belonging to easy-to-use, and flexible VLAN management VLANs of which they are not a member, software is essential for deploying VLANs in because that traffic never traverses their enterprise networks. segment. 3Com has developed an intuitive, graphical In addition, Transcend VLANs enables VLAN management platform, Transcend network administrators to cordon off develVLAN Manager, that elimopment groups running seninates the potential pitfalls of sitive, experimental, and/or managing VLANs. risky applications that could As organizations move toward Transcend VLAN Manager negatively affect perfully automated, enables the network adminformance for other users in policy-based istrator to easily view virtual the same subnet. At the VLAN strucas well as physical connecsame time, these applitures, network tivity at multiple levels. In cations can share the same administrators will be able to addition, Transcend VLAN backbone with other users, define access to Manager includes both ATM leveraging the customers services with an and non-ATM attached investment in network infraextremely high devices, consolidating manstructure. degree of preagement of VLANs and As organizations move cision. emulated LANs (ELANs). toward fully automated, This is an essential feature policy-based VLAN for any customer deploying VLANs in constructures, network administrators will be able junction with an ATM backbone. to define access to services with an extremely With Transcend VLAN Manager, control high degree of precision, establishing specific of VLAN membership for all users in the criteria to be set all the way down to the individual user level or even time of day. This type network resides at a single console. VLAN membership can be manually established by of VLAN structure has the added benefit of simply dragging and dropping users workenabling accurate, automatic tracking of station icons into the desired VLAN. Of billing/chargeback for network services. course, as mentioned earlier, Transcend Automation of Network Administration VLAN Manager supports various methods of and Management automated VLAN configuration as well. A concern of many network administrators In order to facilitate ongoing network when implementing VLANs is the trade-off optimization in growing environments, between greater ease in administering moves Transcend Traffix Manager correlates the and changes and more complexity in other network traffic data across the switches particiareas of network management and configupating in a given VLAN. This enables network ration. This problem is due to several issues administrators to view detailed network traffic that arise when implementing VLANs: statistics, including a breakdown of inter- and An additional layer of virtual connectivity intra-VLAN packets as well as a breakdown of on top of physical connectivity makes packets by application. This level of infortroubleshooting more difficult. mation is extremely useful for determining Maintaining VLAN information across optimal placement of routing and frequently numerous switches in an ever-changing accessed servers. The network management environment can become burdensome and features in Transcend VLANs actually make time consuming. overall network management easier, less time VLANs can complicate traffic analysis for consuming, and more effective than in the optimization of server placement and standard networks governed by physical conoverall network performance. nectivity alone.

Strategic Directions

Reduced Need for Routing

More Effective Network Monitoring

Through dRMON and RMON2 Since much of the functionality of LAN In order to fully enable the network manrouters, especially broadcast and multicast agement features detailed above and to containment, can be more effectively expand those features in the future, a handled by VLANs, the overall need for VLAN/switching solution must provide for routing in the network is reduced by deploying Transcend VLANs. As mentioned an efficient and cost-effective mechanism for collecting and reporting network traffic earlier, reducing routing in the network statistics. In a network moving toward a becomes particularly important in enabling single user per switch port, centralizing ubiquitous access to centralized network RMON agents at the switch becomes an resources such as e-mail servers, internal inefficient and costly method of collecting Web servers, and centralized database network traffic data. 3Coms solution to the servers. By configuring these servers as problem of traffic data collection in a private members of multiple switched LAN enviVLANs, routing is no ronment is to distribute longer necessary to this functionality to the The network provide connectivity management workstation using disbetween these resources features in tributed RMON, or and most or all users Transcend dRMON. Once again, this throughout the network. In VLANs actually leverages the processing this way, the LAN router make overall power at the workstation network manor one-armed ATMagement easier, and enables workgroup attached router is no less time-conswitches to deliver longer the bottleneck in an suming, and maximum performance at otherwise high-permore effective lower cost. formance network. than in standard Network adapters in a Transcend VLANs networks private switched LAN envigoverned by supports multiple VLANs physical conronment can easily collect on a network server in nectivity alone. RMON statistics regarding several ways. In envitraffic in their segments, as ronments that have each is the only attached deployed ATM backbones, device in that segment. SmartAgent intelTranscend VLANs leverages LANEs capacity to support multiple emulated LANs, ligent agents periodically collect this information and Transcend Enterprise Manager and thus multiple VLANs, on a single ATM and Transcend Traffix Manager tools corNIC (similar multiple VLAN capability will relate it for analysis. With the emergence of be available in 1997 for Fast Ethernet RMON2, much richer, application-related attached servers). By enabling multiple VLAN access to an ATM-attached server via traffic information can also be collected, analyzed, and viewed, enabling optimal conLANE, Transcend VLANs allows the figuration of Transcend VLANs. customer to purchase simpler, lower-cost edge switches. 3Coms high-performance, Transcend VLANs Delivery Roadmap low-cost SuperStack switches are ideal in 3Com is delivering Transcend VLANs in this role of providing ATM access to three broad phases. While these phases are Ethernet LANs. described here as separate and discrete, there As mentioned previously, Transcend will be overlap in the delivery of some of VLANs supports IP multicast groups as these capabilities across 3Coms switching VLANs, eliminating the need to deploy product family. complex routing to every switch port just to

provide efficient control of multicast traffic.

Strategic Directions

10

Phase 1: Port-Based VLANs with Graphical Management

Phase 1 of Transcend VLANs simplifies network moves and changes and improves server access. Unlike other vendors solutions, this functionality is available on even our lowest-priced switches. Most of the functionality delivered under Phase 1 is already shipping today; complete support will be delivered by the end of 1996.

server operating systems that support multinettingthe ability to support multiple TCP/IP subnets on a single physical LAN interface. It can be done for Fast Ethernet attached servers via VLT support in the 3Com server NIC and driver. For Fast Ethernetattached servers, Phase 2 will add support for the 802.1Q tagging standard to these techniques.

Graphical VLAN management application. Multiple VLANs within a single switch. Transcend VLAN Manager enables the From the outset, Transcend VLANs allows network administrator to the network administrator manage the virtual as well to configure multiple as the physical connec3Coms solution VLANs in a single tivity in the network for to the problem switch, on any 3Com both ATM- and nonof traffic data switching platform. collection in a ATM-attached devices
private from a single manswitched LAN VLANs across multiple agement console. Moves environment is switches. Transcend and changes are accomto distribute VLANs supports three plished by dragging and RMON funcways of communicating dropping icons within an tionality to the VLAN membership inforworkstation. easy-to-use graphical mation across multiple interface. switches (these methods were described in Building VLANs: Four Graphical traffic monitoring and analysis Critical Issues, earlier in this paper): application. Transcend Traffix Manager Via the ATM Forums LAN Emulation provides customers with the necessary tools standard for environments with ATM for optimizing network configuration and backbones traffic flow in a VLAN environment. These Via 3Coms Virtual LAN Trunking (VLT) are the industrys first RMON2-based frame-tagging technique VLAN monitoring tools; they provide Implicitly via the network-layer address or service views of the network with traffic protocol information across LANplex flows to graphically depict the inter- and High-Function switches intra-VLAN traffic. Phase 2 will add support for the 802.1Q Phase 2: Autoconfigured VLANs tagging standard to these techniques. Phase 2 of Transcend VLANs will enable customers to reduce the use of LAN routers, Multiple VLAN support in server NICs. In simplify switch configuration, and introduce order to facilitate the deployment of applistandards-based multivendor interoperability. cations that can be accessed by all users on Together with technologies such as PACE, the network while avoiding router bottleTranscend VLANs enables 3Com to deliver necks, Transcend VLANs provides the superior multimedia solutions. Phase 2 funcability to make servers members of more than one VLAN. This can be done for ATM- tionality will be delivered during 1996 and 1997. attached servers by configuring multiple LAN Emulation clients on a single NIC. It User-based VLANs. User-based or MACcan be done for FDDI- or Fast Ethernet address-based VLANs enable VLANs to be attached servers using TCP/IP for those

11

Strategic Directions

defined based on administrator-defined collections of users, rather than only by groups of switch ports. This enables a high degree of independence and flexibility for users, while at the same time enhancing the network administrators ability to control and manage the network. Automatic VLAN configuration. Phase 2 of Transcend VLANs delivery will feature a greater degree of automation of VLAN configuration. As user moves and changes are made in the network, VLAN membership moves automatically with the user, whether initial VLAN membership was based on the switch port the user was attached to, or was set up by an administrator-defined, userbased VLAN. VLAN membership can be fully automated via IP address or protocol information. AutoCast VLANs. Another major element of this greater level of automation is the AutoCast VLAN capability. Defining VLANs by IP multicast group through IGMP snooping allows the deployment of multimedia/video applications, without requiring routing or layer 3 switching to be enabled and configured on every switch port in the network. AutoCast VLANs are dynamic and fully automatic, and provide efficient multicast control without the burdensome configuration complexity of routing. Support for the 802.1Q VLAN standard. Once the 802.1Q VLAN standard is finalized in late 1996 or early 1997, 3Com switching and adapter products will support this standard, as well as its own VLT mechanism. This will allow 3Com switches to communicate VLAN membership information in a multivendor environment. It will also allow multiple VLAN support in server NICs via standard 802.1Q tagging.
Phase 3: Desktop-Configured VLANs

fully leveraging the processing power at the desktop, VLANs and VLAN membership are no longer static or semi-static designations, but are dynamic, with the virtual structure of the network responding in accordance with the users demand for services. As VLANs become completely dynamic designations, external LAN routing between VLANs ultimately becomes unnecessary. Phase 3 functionality will begin shipping in 1997. 802.1p supportVLANs defined by multicast group through the NIC driver. This method of dynamically configuring multicast VLANs will provide several powerful benefits: Multicast VLANs are no longer limited to just IP. The aggregate processing power of the desktop is leveraged. Multicast VLANs can be supported on simpler, lower-cost switches. Desktop-configured, cut-through VLANs. Phase 3 will deliver the ability for users/desktops to dynamically join and leave VLANs. Further, the ability to perform zero-hop routing will allow desktops that reside on different subnets to communicate with the same efficiency and performance as if they were both part of the same subnet. Administrative control, however, will be maintained as if they were connected to different subnets. This ability eliminates the necessity for external routing between discrete VLANs and allows stations to simply cut through and communicate across VLANs at will, while still using lower-cost, relatively simple edge switches. Policy-based VLANs. While much of the intelligence necessary for dynamic VLAN configuration becomes distributed under Phase 3, network administrators actually exert a greater degree of automated control by being able to set policies governing access to network resources. Policy-based VLANs not only allow the implementation of very specific parameters controlling network access and quality of service, but

Phase 3 is where the network becomes somewhat analogous to a two-way, high-speed cable TV network or subscription service. By

Strategic Directions

12

ATM

N or LA

core

back

bone

Figure 3. Application-Driven VLANs

also further reduce the time required to enforce proper network security. It is in this third phase of migration that we see the complete fulfillment of the Transcend VLANs mission: a top-down, application-driven solution, enabling the transparent delivery of services to the user on demand (Figure 3). Transcend VLANs ultimately eliminates the use of LAN routers, while providing full scalability and full configuration flexibility. 3Com is in a unique position to leverage the power of the desktop for maximum performance, scaling, and ease. Conclusion VLANs represent an extraordinary technological step toward eliminating many of the burdens of maintaining the network infra-

structure and providing a substantial boost in the ability to deliver network applications and services. However, due to the impact that full VLAN implementation will have on the enterpriseboth in terms of network architecture and managerial organization, and in some cases even the business modela smooth, well-constructed migration path is critical. On the other hand, even the initial migration steps toward full implementation of virtual LANs, if deployed properly, can bring substantial benefits without additional costs or compromises in performance or manageability. Transcend VLANs satisfies these demands and represents the solution of choice for customers implementing VLANs.

13

Strategic Directions

Strategic Directions

14

15

Strategic Directions

Strategic Directions

16

3Com Corporation P.O. Box 58145 5400 Bayfront Plaza Santa Clara, CA 95052-8145 Phone: 800-NET-3Com or 408-764-5000 3Com ANZA ANZA East Phone: 61 2 9937 5000 Fax: 61 2 9956 6247

3Com Canada Inc. Phone: 416-498-3266 Fax: 416-498-1262 3Com European HQ Phone: 44 1628 897000 Fax: 44 1628 897041 3Com France Phone: 33 1 69 86 68 00 Fax: 33 1 69 07 11 54 3Com GmbH (Germany) Phone: 49 89 627320 Fax: 49 89 62732233

Northern Latin America Phone: 305-261-3266 Fax: 305-261-4901 Venezuela Phone: 582 261 0710 Fax: 582 261 5257
3Com Ltd Scotland Phone: 0131 220 8228 Fax: 0131 226 1410 3Com Mediterraneo Milano, Italy Phone: 39 2 253 011 Fax: 39 2 273 04244

ANZA West Phone: 61 3 9653 9515 Fax: 61 3 9653 9505

3Com Asia Limited Beijing Phone: 8610 849 2568 Fax: 8610 849 2789

Poland Phone: 48 22 645 1351 Fax: 48 22 645 1352 Switzerland Phone: 41 31 9984555 Fax: 41 31 9984550 3Com Ireland Phone: 353 1 820 7077 Fax: 353 1 820 7107
3Com Japan Phone: 81 3 3345 7251 Fax: 81 3 3345 7261 3Com Latin America U.S. Headquarters Phone: 408-764-6075 Fax: 408-764-5730

Rome, Italy Phone: 39 6 5917756 Fax: 39 6 5918969 Spain Phone: 34 1 3831700 Fax: 34 1 3831703
3Com Middle East United Arab Emirates Phone: 971 4 349049 Fax: 971 4 349803

Shanghai Phone: 86 21 3740220 Fax: 86 21 3552079 Hong Kong Phone: 852 2501 1111 Fax: 852 2537 1149 Indonesia Phone: 6221 523 9181 Fax: 6221 523 9156 Korea Phone: 822 319 4711 Fax: 822 319 4710 Malaysia Phone: 60 3 233 6162 Fax: 60 3 233 6174 Singapore Phone: 86 21 6374 0220 Fax: 86 21 6355 2079 Taiwan Phone: 886 2 377 5850 Fax: 886 2 377 5860
3Com Belgium Phone: 32 2 7164880 Fax: 32 2 7164780 3Com Benelux B.V. Netherlands Phone: 31 30 6029700 Fax: 31 30 6029777

New Delhi, India Phone: 91 11 683 5070 Fax: 91 11 683 4662

3Com Nordic AB Phone: 46 8 632 91 00 Fax: 46 8 632 09 05 3Com South Africa Phone: 27 11 807 4397 Fax: 27 11 803 7405 3Com UK Ltd. Buckinghamshire Phone: 44 1628 897000 Fax: 44 1628 897003

Argentina Phone: 541 815 7164 Fax: 541 815 7165 Brazil Phone: 55 11 546 0869 Fax: 55 11 246 6813 Chile Phone: 562 633 9242 Fax: 562 633 8935 Columbia Phone: 571 218 3933 Fax: 571 226 9770 Mexico Phone: 525 520 7841 Fax: 525 520 7837

Manchester Phone: 44 161 873 7717 Fax: 44 161 873 8053 Edinburgh, Scotland Phone: 01 31 220 8228 Fax: 01 31 226 1410

1996 3Com Corporation. All rights reserved. 3Com is a publicly owned corporation (NADAQ>COMS). 3Com, LANplex, and Transcend are registered trademarks of 3Com Corporation. PACE, SmartAgent, and SuperStack are trademarks of 3Com Corporation. Other brand and product names may be trademarks or registered trademarks of their respective owners. All specifications are subject to change without notice.

Printed in U.S.A.

600206-001

Printed on Recycled Paper