Network Segmentation Protocols ===================================== .. toctree:: :maxdepth: 1 :hidden: :includehidden: VLAN PVLAN MPLS Network segmentation Protocols technologies logically divide networks to enhance **security**, **performance**, and **administrative control** across enterprise and cloud infrastructures. .. list-table:: :widths: 20 60 20 :header-rows: 1 * - Technology - Description - Use Case * - VLAN (Virtual Local Area Network) - Logical segmentation of a Layer 2 network into separate broadcast domains. *Enhances security and isolates traffic between devices.* - Isolating departments (e.g., HR, Finance), reducing broadcast traffic. * - PVLAN (Private VLAN) - Subdivision of a VLAN into isolated, community, and promiscuous ports. *Allows more granular control within the same VLAN.* - Isolating hosts in a shared network (e.g., shared hosting environments). * - MPLS (Multiprotocol Label Switching) - Labels packets for fast Layer 2/3 forwarding through a label-switched path. *Efficient traffic engineering and segmentation.* - WAN segmentation, VPNs, and QoS across enterprise backbones. .. tab-set:: .. tab-item:: VLAN (Virtual Local Area Network) **IEEE Standard:** IEEE 802.1Q **Main Features:** - Segments a physical network into multiple logical networks - Reduces broadcast domain size - Each VLAN acts like a separate Layer 2 network - Traffic tagging allows VLANs across trunk links - VLANs help enforce policy and isolate traffic **Use Cases:** - Isolating sensitive traffic (e.g., finance vs. guest Wi-Fi) - Improving network performance and organization - Simplifying security enforcement and policy application **Alternative Technologies:** - VXLAN – Extends VLANs over Layer 3 networks - PVLAN – Private VLANs for micro-segmentation - SDN – Virtual segmentation using software-defined networking .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about VLANs:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`VLAN Version&RFC Details ` * :ref:`VLAN Basic Setup on Ubuntu using IPv4 ` * :ref:`VLAN Basic Setup on Ubuntu using IPv6 ` * :ref:`VLAN Protocol Packet Details ` * :ref:`VLAN Usecases ` * :ref:`VLAN Basic Features ` * :ref:`VLAN Feature : Logical Segmentation ` * :ref:`VLAN Feature : Broadcast Control ` * :ref:`VLAN Feature : Improved Security ` * :ref:`VLAN Feature : Traffic Management ` * :ref:`VLAN Feature : Simplified Administration ` * :ref:`VLAN Feature : Scalability ` * :ref:`VLAN Feature : Quality of Service (QoS) ` * :ref:`VLAN Feature : Support for Multi-Tenancy ` * :ref:`VLAN Feature : Dynamic Assignment ` * :ref `VLAN Feature : Integration with STP ` * :ref:`Reference links ` .. button-link:: ./VLAN.html :color: primary :shadow: :expand: Jump to "VLAN" .. tab-set:: .. tab-item:: PVLAN (Private VLAN) **IEEE / Vendor Spec:** Cisco/Industry Practice (not part of IEEE 802.1Q) **Main Features:** - Subdivides VLAN into three port types: **Promiscuous**, **Isolated**, **Community** - Provides intra-VLAN segmentation - Improves security in shared VLAN environments - Commonly implemented in data centers and ISP setups **Use Cases:** - Hosting providers isolating customer servers - Hotels or guest networks with shared upstream access - Virtualized environments needing intra-VLAN isolation **Alternative Technologies:** - VLAN – Standard segmentation without internal isolation - VXLAN – Virtual overlay for multi-tenant segmentation - SDN-based microsegmentation – Dynamic segmentation via policies .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about PVLANs:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`PVLAN Version&IEEE Details ` * :ref:`PVLAN Basic Setup on Ubuntu using IPv4 ` * :ref:`PVLAN Basic Setup on Ubuntu using IPv6 ` * :ref:`PVLAN Protocol Packet Details ` * :ref:`PVLAN Usecases ` * :ref:`PVLAN Basic Features ` * :ref:`Reference links ` .. button-link:: ./PVLAN.html :color: primary :shadow: :expand: Jump to "PVLAN" .. tab-set:: .. tab-item:: MPLS (Multiprotocol Label Switching) **RFCs:** RFC 3031 (Architecture), RFC 3032 (Label Stack), RFC 4364 (VPNs) **Main Features:** - Labels packets for path-based forwarding rather than IP lookup - Works at OSI Layer 2.5 (between Layer 2 and Layer 3) - Enables VPNs, traffic engineering, QoS, and redundancy - Provider edge routers manage segmentation and path control **Use Cases:** - WAN segmentation and inter-site connectivity - Carrier-provided VPN services - Performance-aware routing in large enterprises and service providers **Alternative Technologies:** - VLANs – Local LAN segmentation - VXLAN – Overlay networks over IP for cloud/data centers - Segment Routing – Modern replacement using similar concepts .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about MPLS:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`MPLS Version&IEEE Details ` * :ref:`MPLS Basic Setup on Ubuntu using IPv4 ` * :ref:`MPLS Basic Setup on Ubuntu using IPv6 ` * :ref:`MPLS Protocol Packet Details ` * :ref:`MPLS Usecases ` * :ref:`MPLS Basic Features ` * :ref:`Reference links ` .. button-link:: ./MPLS.html :color: primary :shadow: :expand: Jump to "MPLS"