Listening to camera manufacturers promote the latest and greatest IP video products leads installers to believe that the use of VLAN’s is the solution to IT professionals bandwidth consumption concerns.
VLAN is an acronym for a Virtual Local Area Network and is defined as a broadcast domain in a Layer 2 network. VLAN operation is defined by the IEEE 802.1Q specification. The 802.1Q standard causes the switch to add four bytes of information, known as tags, to the data being transmitted. Switches are configured to use this data to determine the destination of the information in the network.
The real benefits of VLAN’s are frequently a source of confusion when reality and hype meet. A look into the reality of VLANS, from a features and benefits point of view, will allow physical security professionals to work with customers to determine the best solution for a specific system design.
Figure 1 shows a basic network with cameras connected to data switches in different telecommunciations rooms (TR). The TR switches are then connected to a core switch via a backbone connection. The core switch is generally located adjacent to the main servers used to operate the IT functions of the business. Since this is a switched environment, each of the ports has the full bandwidth of the switch available to each camera. Data from the cameras is sent to the core switch and then forwarded to the video server via the switch in the local TR room. Each packet of data uses a specific amount of the total bandwidth of the network.
The definition of a video VLAN results in data from a camera going from the local switch to the core switch to the server switch and then to the server. That is not any different than what happened without the VLAN; however, the data from the cameras does not get sent to the other ports on the switches and the other ports do not have the ability to see camera data. That presents a meaningful use of VLAN’s – to provide a minimal level of data security on the network.
A major question with VLAN’s, and the one most often mentioned by manufacturers, is the impact they have on network bandwidth. Network manuals will mention the use of VLAN’s as a means of controlling bandwidth by defining broadcast domains. A broadcast domain is a segment of the network that receives the general purpose (broadcast) messages that devices send as a part of network operation.
The real issue with bandwidth utilization is found on the connections from the TR’s to the core switch. This connection has a finite bandwidth which is shared by all of the devices connected to the switch in the TR needing to share data with a device outside the local switch.Using the age old analogy for a wire and a hose, consider the bandwidth of the connection to be a large hose. Every VLAN defined in the network can then be considered a small hose inside the main hose (Figure 2).
As each of the VLANs utilizes more bandwidth for the specific messages they transmit, the bandwidth available on the network is reduced. IT infrastructure professionals manage networks to maintain overall network utilization in the range of 50 to 60 percent. Maintaining this level of normal utilization allows the network to handle the occasional peak traffic periods that IT applications create.
VLANs certainly provide a tool to manage a network effectively. Your customer’s IT department will be able to determine if using them will benefit the network you want to use.
Paul Koebbe is a senior physical security technologies consultant based in St. Louis; firstname.lastname@example.org.