Skip to main content

Private VLANs

Introduction

To begin with, recall that VLAN is essentially a broadcast domain. Private VLANs (PVANs) allow splitting the domain into multiple isolated broadcast “subdomains”, introducing sub-VLANs inside a VLAN. As we know, Ethernet VLANs can not communicate directly with each other – they require a L3 device to forward packets between separate broadcast domains. The same restriction applies to PVLANS – since the subdomains are isolated at Level 2, they need to communicate using an upper level (L3/packet forwarding) device – such as router.

In reality, different VLANs normally map to different IP subnets. When we split a VLAN using PVLANs, hosts in different PVLANs still belong to the same IP subnet, yet now they need to use a router (L3 device) to talk to each other (for example, by using Local Proxy ARP). In turn, the router may either permit or forbid communications between sub-VLANs using access-lists. Commonly, these configurations arise in “shared” environments, say ISP co-location, where it’s beneficial to put multiple customers into the same IP subnet, yet provide a good level of isolation between them.


more ->
http://blog.ine.com/2008/07/14/private-vlans-revisited/
Labels:

Popular posts from this blog

Juniper IS-IS summary

##################################################################################################### ## ISIS ##################################################################################################### # Be sure to set family iso on the interface to be placed into ISIS set interfaces <interface> family iso # By default Junos places interfaces as L1/L2 # Default route leaking:         L1 to L2 - all internal routes         L2 to L1 - 0/0 route # L1/L2 will send the attached-bit down to L1 and it will act as a NSSA-like area.  When the L1 interface # receives the attached-bit it will inject a 0/0 route into the RIB point to the L1/L2 interface. # To disable the attached bit use: set protocols isis ignore-attached-bit # Be careful with the "interface all" command, as it may have some unexpected consequences such as trying # to establish a neighbor on your fxp0 management interface.  Use explicit interfac
Read more >>

Beijing - China

I am not sure how to describe Beijing China, maybe everyone who goes their simply use the world 'Amazing' because it will be nearly impossible to describe it. I had a personal driver and tour guide which significantly simplify my trip around.  Of course, it was a business trip and I didn't have as much time as I needed to see everything from Beijing but I will try to share couple of pictures and some of my impressions. I will start with the food.  I remember when I was younger there was so many Chines restaurants in the neighbourhood and I could eat Chines food everyday, and at every time - my parents were joking that I will became a Chines if I continue to eat only Chines, but it was so good and I didn't care ;-)  In Beijing I tried so many different things and I am amazed by the quality of the food, and most amazingly I didn't have any problems with my stomach - which was a good sign ;-) . I uploaded few photos from my album, which are from different places I
Read more >>

So, You Want To Be a CCIE?, Part 2

Prepare yourself for "game day" of the CCIE exams in this second part of a two-part primer on Cisco's highest-level cert by the columnist of TCP Q&A. by Scott Morris July 2005 — Editor's note: To read part one of this two-part series, go here . There’s never any point in time when you will truly know everything. Similarly, there’s never any point in time when the exam will be as bad as you may think it is until you try it! So you can spend years and years “studying” for the CCIE written exam and never think you know enough to take it. But you won’t know until you try. And you may also surprise yourself along the way: You probably know more than you give yourself credit for. (Either that or you’re really lucky!) --------------------------------------------------------- http://tcpmag.com/features/article.asp?EditorialsID=91 ---------------------------------------------------------
Read more >>