Network Segmentation Protocols
Network segmentation Protocols technologies logically divide networks to enhance security, performance, and administrative control across enterprise and cloud infrastructures.
Technology |
Description |
Use Case |
|---|---|---|
VLAN (Virtual Local Area Network) |
Logical segmentation of a Layer 2 network into separate broadcast domains. Enhances security and isolates traffic between devices. |
Isolating departments (e.g., HR, Finance), reducing broadcast traffic. |
PVLAN (Private VLAN) |
Subdivision of a VLAN into isolated, community, and promiscuous ports. Allows more granular control within the same VLAN. |
Isolating hosts in a shared network (e.g., shared hosting environments). |
MPLS (Multiprotocol Label Switching) |
Labels packets for fast Layer 2/3 forwarding through a label-switched path. Efficient traffic engineering and segmentation. |
WAN segmentation, VPNs, and QoS across enterprise backbones. |
IEEE Standard: IEEE 802.1Q
Main Features:
Segments a physical network into multiple logical networks
Reduces broadcast domain size
Each VLAN acts like a separate Layer 2 network
Traffic tagging allows VLANs across trunk links
VLANs help enforce policy and isolate traffic
Use Cases:
Isolating sensitive traffic (e.g., finance vs. guest Wi-Fi)
Improving network performance and organization
Simplifying security enforcement and policy application
Alternative Technologies:
VXLAN – Extends VLANs over Layer 3 networks
PVLAN – Private VLANs for micro-segmentation
SDN – Virtual segmentation using software-defined networking
Let us learn more about VLANs:
:ref VLAN Feature : Integration with STP <VLAN_step18>
IEEE / Vendor Spec: Cisco/Industry Practice (not part of IEEE 802.1Q)
Main Features:
Subdivides VLAN into three port types: Promiscuous, Isolated, Community
Provides intra-VLAN segmentation
Improves security in shared VLAN environments
Commonly implemented in data centers and ISP setups
Use Cases:
Hosting providers isolating customer servers
Hotels or guest networks with shared upstream access
Virtualized environments needing intra-VLAN isolation
Alternative Technologies:
VLAN – Standard segmentation without internal isolation
VXLAN – Virtual overlay for multi-tenant segmentation
SDN-based microsegmentation – Dynamic segmentation via policies
RFCs: RFC 3031 (Architecture), RFC 3032 (Label Stack), RFC 4364 (VPNs)
Main Features:
Labels packets for path-based forwarding rather than IP lookup
Works at OSI Layer 2.5 (between Layer 2 and Layer 3)
Enables VPNs, traffic engineering, QoS, and redundancy
Provider edge routers manage segmentation and path control
Use Cases:
WAN segmentation and inter-site connectivity
Carrier-provided VPN services
Performance-aware routing in large enterprises and service providers
Alternative Technologies:
VLANs – Local LAN segmentation
VXLAN – Overlay networks over IP for cloud/data centers
Segment Routing – Modern replacement using similar concepts