Lead Image © Maxim Kazmin, 123RF.com

Lead Image © Maxim Kazmin, 123RF.com

Segmenting networks with VLANs

Logically Tunneled

Article from ADMIN 37/2017
By
Network virtualization takes very different approaches at the software and hardware levels to divide or group network resources into logical units independent of the physical layer. It is typically a matter of implementing secure strategies. We show the technical underpinnings of VLANs.

The most obvious network separation is routinely carried out between the Internet and the internal network. The connection of the IT infrastructure of a company to the outside world is typically implemented in a demilitarized zone (DMZ), which is a subnet that provides controlled access to public servers and services that exist in it. A firewall separates the Internet from the DMZ, and another firewall separates the DMZ from the internal network (Figure 1). Thanks to this separation, access to publicly accessible services, such as email, Internet, DNS, or voice over IP (VoIP), can be granted while still protecting the internal corporate network from unauthorized access from the outside. Also, the distribution of the data streams into virtual LANs (VLANs) takes place in the DMZ.

Figure 1: The first and most important barrier occurs between Internet and intranet in a DMZ.

If you use VoIP, the Enterprise Session Border Controllers (E-SBCs) are also installed in the DMZ. This is a kind of Session Initiation Protocol (SIP) firewall. The data firewalls pass the VoIP/video streams to the E-SBC via an open port. Because the E-SBC is an application-specific test component, it performs "deep packet inspection" and ensures that only legitimate SIP messages reach the VoIP/video components in the corresponding voice

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Photo by Eugene Zhyvchik on Unsplash
    GENEVE network tunneling protocol
    LAN data transmission has evolved from the original IEEE 802.3 standard to virtual extensible LAN (VXLAN) technology and finally to today's Generic Network Virtualization Encapsulation (GENEVE) tunneling protocol, which offers improved flexibility and scalability, although it still faces some issues. We look at the three technologies and their areas of application.
    more »
  • Photo by Fikri Rasyid on Unsplash
    Network overlay with VXLAN
    VXLAN addresses the need for overlay networks within virtualized data centers accommodating multiple tenants.
    more »
  • Lead Image © bluedarkat, 123RF.com
    VTP for VLAN management
    Cisco's VLAN Trunking Protocol for Virtual LAN management in medium to large computer networks can make a network administrator's life easier.
    more »
  • Lead Image © Oleksandr Omelchenko, 123RF.com
    Link Encryption with MACsec
    MACsec encrypts defined links with high performance and secures Layer 2 protocols between client and switch or between two switches.
    more »
  • Lead Image © Joellen Armstrong, Fotolia.com
    Understanding the Spanning Tree protocol family
    Several versions of the venerable Spanning Tree protocol have appeared through the years. We'll help you sort through the acronyms and show you which version is right for your network.
    more »
comments powered by Disqus