A Project Report On Virtual LAN(Prepared in Information System, BEL)

a) ISO – 9001- 2000 b) ISO 14001 c) ISO - 18001 OHSAS

CERTIFICATION

BHARAT ELECTRONICSGHAZIABAD

Submitted by:LALIT KUMAR

Page | 1

Bachelor of Engineering

Computer ScienceIIIrd year

INDEX

S.NO TOPIC PAGE NO.

1 ACKNOWLEDGEMENT3

2 CERTIFICATE4

3 PREFACE5

4 ABOUT BHARAT ELECTRONICS6

5 BHARAT ELECTRONICS ,GHAZIABAD

14

6 ROTATION REPORT20

7 ABOUT IS DEPARTMENT

8 VIRTUAL LOCAL AREA NETWORK(VLAN)

Page | 2

9 CONCLUSION79

CERTIFICATE

TO WHOM SO EVER IT MAY CONCERN

Dated: 28th August

IT IS TO CERTIFY THAT LALIT KUMAR STUDENT OF NETAJI SUBHAS INSTITUTE OF TECHNOLOGY HAS SUCCESSFULLY COMPLETED HIS INDUSTRAIL TRAINING IN BHARAT ELECTRONICS LIMITED, GHAZIABAD FROM 20 th

JULY To 28th AUGUST 2010.

Page | 3

Anoop Kumar Mr. Dinesh Goel Sr.Engineer (IS) Manager (IS)

ACKNOWLEDGEMENTACKNOWLEDGEMENT

I take this opportunity to express my sincere gratitudeI take this opportunity to express my sincere gratitude

towards my college Training and placement officer fortowards my college Training and placement officer for

forwarding my training letter to Bharat Electronics,forwarding my training letter to Bharat Electronics,

Ghaziabad and also to Ghaziabad and also to Mr. R.N. Tyagi, ManagerMr. R.N. Tyagi, Manager

(HRD)(HRD), Bharat Electronics, and Ghaziabad for, Bharat Electronics, and Ghaziabad for

accepting my letter and allowing me to complete myaccepting my letter and allowing me to complete my

training in Bharat Electronics.training in Bharat Electronics. I would like to express

my deep satisfaction and gratitude towards Mr.

DINESH GOEL for his timely guidance and help

extended during each stage of my project. Finally, I

would like to thank each and every member of BEL

family for making me feel comfortable and helping me

in every possible manner.

LALIT KUMAR

Page | 4

PREFACE

The Eight weeks training is a part of our 4-year B.E course. Practical industrial training mainly aims at making one aware of industrial environment; which means that one gets to know the limitation, constraint and freedom under which an engineer works. One also gets an opportunity to watch from close quarter that indicates manager relation. This training mainly involves industrial and complete knowledge about designing, assembling and manufacturing process of various equipments manufactured by an industry.

Page | 5

BHARAT ELECTRONICS LIMITED

.

BHARAT ELECTRONICS LIMITED (BEL) now

BHARAT ELECTRONICS was established in 1954 as a

public Sector Enterprise under the administrative

control of Ministry of Defense as the fountainhead to

manufacture and supply electronics components and

equipment. BEL, with a noteworthy history of pioneering

achievements, has met the requirement of state-of-art

professional electronic equipment for Defense,

broadcasting, civil Defense and telecommunications as

well as the component requirement of entertainment

Page | 6

and medical X-ray industry. Over the years, BEL has

grown to a multi-product, multi-unit, and technology

driven company with track record of a profit earning

PSU.

The company has a unique position in India of having

dealt with all the generations of electronic component

and equipment. Having started with a HF receiver in

collaboration with T-CSF of France, the company’s

equipment designs have had a long voyage through the

hybrid, solid-state discrete component to the state of art

integrated circuit technology change.

Today BEL’s infrastructure is spread over 9 locations

with 29 divisions having ISO-9001/9002 accreditation.

Its manufacturing units have special focus towards

products ranges like Defense Communication, Rader’s,

Optical & Opto-electronics, Telecommunication, sound

& Vision Broadcasting, Electronic Components, etc.

BEL has nurtured and built a strong in-house R&D base

by absorbing technologies from more than 50 leading

companies worldwide and DRDO Labs for a wide range

of products. Each unit has its own R&D Division. About

70% of BEL’s products are of in-house design.

BEL was among the first Indian companies to

Page | 7

manufacture computer parts and peripherals under

arrangement with International Computers India

Limited (ICIL) in 1970s. BEL assembled a limited

number of 1901 systems under the arrangement with

ICIL. However, following Government’s decision to

restrict the computer manufacture to ECIL, BEL could

not progress in its computer manufacturing plans. As

many of its equipment were microprocessor based, the

company, continued to develop computers based

application, both hardware and software. Most of its

software requirements are in real time. EMCCA,

software intensive navel ships control and command

system is probably one of the first projects of its nature

in India and Asia.

BEL has won a number of national and international

awards for Import Substitution, Productivity, Quality,

Safety, Standardization etc. BEL was ranked No. 1 in

the field of Electronics and 46th overall among the top

1000 private and public sector undertakings in India by

the Business Standard in its special supplement “The BS

1000 (1997-98)”. BEL was listed 3rd among the Mini

Ratanas (Category II) by the Government of India, 49th

among Asia’s top 100 worldwide Defense Companies by

Page | 8

the Defense News, USA.

1.1 Corporate Motto, Mission and Objectives :

The passionate pursuit of excellence at BEL is reflected

in a reputation with its customers that can be described

in its motto, mission and objectives: CORPORATE

MOTTO:

“Quality, Technology and innovation.”

CORPORATE MISSION:

“To be the market leader in Defense Electronics

and in other chosen fields and products.”

CORPORATE OBJECTIVES:

1. To become a customer-driven company supplying products at competitive prices at the expected time and providing excellent customer support.

2. To achieve growth in the operations commensurate with the growth of professional electronics industry in the country.

3. To generate internal resources for financing the investments required for modernization, expansion and growth for ensuring a fair return to the investor.

4. In order to meet the nations strategic needs, to strive for self-reliance by indigenization of materials and components.

5. To retain technological leadership of company

Page | 9

in Defense and other chosen fields of electronics through research and development as well as through Collaboration with National Research Laboratories, International Companies, Universities and Academic Institutions.

6. To progressively increase overseas sales of its products and services.7. To create an organizational culture this encourages

members of organization to realize their full potential through continuous learning on the job and through other HRD initiatives.

1.2 Manufacturing Units:

BANGALORE (KANARATAKA)

BEL started its production activities in Bangalore on

1954 with 400W high frequency (HF) transmitter and

communication receiver for the Army. Since then, the

Bangalore Complex has grown to specialize in

communication and Radar/Sonar Systems for the Army,

Navy and Air-force. The Unit has now diversified into

manufacturing of electronic products for the civilian

customers such as DoT, VSNL, AIR and Doordarshan,

ISRO, Police, Civil Aviation and Railways. As an aid to

Electorate, the unit has developed Electronic Voting

Machines

Page | 10

GHAZIABAD (UTTER PRADESH)

The second largest Unit at Ghaziabad was set up in 1974

to manufacture special types of radar for the Air

Defense Ground Environment Systems (Plan ADGES).

The Unit provides Communication Systems to Defense

Forces & Microwave Communication Links to various

departments of the State & Central Govt... The Unit’s

product range included Static & Mobile Radar,

professional grade Antennae etc.

PUNE (MAHARASHTRA)

This Unit was started in 1979 to manufacture Image

Converter Tubes. Subsequently, Magnesium

Manganese-dioxide Batteries, Lithium Sulphur Batteries

and X-ray Tubes/Cables were added to the product

range.

MACHILIPATNAM (ANDHRA PRADESH)

The Andhra Scientific Co. at Machilipatnam,

manufacturing Optics/Opto-electronic equipment was

integrated with BEL in 1983. The product line includes

passive Night Vision Equipment, Binoculars and

Page | 11

Goggles, Periscopes, Gun Sights, Surgical Microscope

and Optical Sights and Mussel Reference Systems for

tank fire control systems. The Unit has successfully

diversified to making the Surgical Microscope with zoom

facilities.

PANCHKULA (HARYANA)

To cater the growing needs of Defense Communications,

this Unit was established in 1985. Professional grade

Radio-communication Equipment in VHF and UHF

ranges entirely developed by BEL and required by the

Defense services are being met from this Unit.

CHENNAI (TAMIL NADU)

In 1985, BEL established another Unit at Chennai to

facilitate manufacture of Gun Control Equipment

required for the integration and installation and the

Vijay anta tanks. The Unit is now manufacturing Stabilizer Systems for T-72

tanks, Infantry Combat Vehicles BMP-II; Commander’s Panoramic Sights & Tank

Laser Sights are among others.

KOTDWARA (UTTER PRADESH)

Page | 12

In 1986, BEL STARTED a unit at Kotdwara to

manufacture Telecommunication Equipment for both

Defense and civilian customers. Focus is being given on

the requirement of the Switching Equipment.

TALOJA (MAHARASHTRA)

For the manufacture of B/W TV Glass bulbs, this plant

was established in collaboration with coming, France in

1986. The Unit is now fully mobilized to manufacture

20’’ glass bulbs indigenously.

HYDERABAD (ANDHRA PRADESH)

To coordinate with the major Defense R&D Laboratories

located in Hyderabad, DLRL, DRDL and DMRL, BEL

established a Unit at Hyderabad in 1986. Force

Multiplier Systems are manufactured here for the

Defense services.

1.3 Joint Ventures:

1.3.1 BE-Delft Electronics Limited

BE-Delft Electronics Limited, Pune, the first joint

venture with Delft Instruments, Holland and UTI for

Page | 13

conducting research, development and manufacture of

Image Intensifier Tubes etc.for use in military and

commercial systems. Its products include night vision

goggles, night vision weapon sights and low light level

input applications.

1.3.2 GE-BE Private Limited

GE-BE Private Limited, Bangalore, a JV with General

Electric Medical Systems, USA was established in 1997-

98 for manufacture of High End Routing Anode Medical

Diagnostic X-ray tube called CT MAX, which is used in

CT Scanners. It will also establish a reloading facility for

X-ray tubes and market the conventional X-ray tubes

made at Pune Unit of BEL.

1.3.3 BEL- Multitone Private Limited

A joint venture between Bharat Electronics and

Multitone Electronics Plc, UK was established in

Bangalore in 1997-98 to manufacture state-of-art Mobile

Communication for the workplace. With the strength of

Bharat Electronics in the Radio Communications fields

and the technology of Multitone, in the field of Radio

Paging, the joint venture company is in a position to

Page | 14

offer tailor made solution to the Mobile Communication

needs at workplace in various market segments.

1.4 BEL Components & Customers

CUSTOMERS COMPONENTS

Defense Transmitting Tubes, Microwave

Tubes, Lasers, Battery,

Semiconductors-Discrete,

Hybrid and Circuits.

All India Radio, Door-

darshan,Telecommuni

cations and Civil

Industries

Transmitting Tubes, Microwave

Tubes, and Vacuum Tubes.

Entertainment

Industry

B/W TV Tubes, Silicon

Transistors, Integrated Circuits,

Page | 15

Bipolar and CMOS, Piezo-

Electric Crystals, Ceramic

Capacitors and SAW Filters.

Telephone Industry Integrated Circuits, Crystals.

Switching Industry Vacuum Interrupters.

Instrumentation

Industry

Liquid Crystal Displays.

Medical & Health

Care

X-ray Tubes.

1.5 Systems/Network

Identity Card Systems Software.

Office Automation Software.

LCD On-line Public Information Display

Systems.

Communication Networks / VSAT Networks.

BEL GHAZIABAD UNIT

Formation:

Page | 16

To strengthen the air Defense system, in particular the

ground electronics system support, for the air Defense

network led to formulation of a very major plan for an

integrated Air Defense Ground Environment System

known as the plan ADGES .The ministry of Defense

immediately realized the need to establish production

capacity for meeting the electronic equipment

requirements for its plan ADGES.In December 1970

the Govt. sanctioned an additional unit for BEL. In

1971, the industrial license for manufacture of radar

and microwave equipment was obtained, 1972 saw the

commencement of construction activities and

production was launched in 1974.Over the years, the

unit has successfully manufactured a wide variety of

equipment needed for Defense and civil use. It has

also installed and commissioned a large number of

systems on turnkey basis. The unit enjoys a unique

status as manufacture of IFF systems needed to match

a variety of primary raiders. More than 30 versions of

IFF’s have already been supplied traveling the path

from vacuum technology to solid-state to latest

microwave component system.

Page | 17

The Product Ranges today of the

company are:

Radar System

3-Dimensional High Power Static and Mobile

Radar for the Air Force.

Low Flying Detection Radar for both the Army

and the Air force.

Tactical Control Radar System for the Army.

Battlefield Surveillance Rader for the Army.

IFF Mk-X Radar systems for the Defense and

export etc.

Communications

Digital Static Tropo scatters Communication

Systems for the Air Force.

Digital Mobile Tropo scatters communication

System for AirForce and Army.

VHF, UHF & Microwave Communication

Equipment.

Bulk Encryption Equipment.

Turnkey communication Systems Projects for

Defense & civil users.

Antennae

Page | 18

Antennae for Radar, Terrestrial & Satellite

Communication Systems.

Antennae for TV Satellite Receive and

Broadcast applications.

Antennae for Line-of-sight Microwave

Communication Systems.

Microwave Component

Active Microwave components like LNAs,

Synthesizer, and Receivers etc.

Passive Microwave components like Double

Balanced Mixers, etc.

OrganizationThe operations at BEL Ghaziabad are headed by General Manager with

Additional / Deputy General Manager heading various divisions as follows:

Design & Engineering Divisions

Development and Engineering-R

Development and Engineering-C

Development and Engineering-Antenna.

1. Equipment Manufacturing Divisions

Radar, Communication, Antenna, Systems, Microwave Components.

2. Support Divisions

Material management, Marketing & Customer Co-

Page | 19

ordination, Quality Assurance & Torque, Central

Services,PCB & Magnetics,Information Systems,

Finance & Accounts, Personnel & Administration,

Management Services. Design & Engineering.

Equipment Manufacturing Divisions

BEL Ghaziabad has well defined standards and

processes for as well as manufacturing and testing

activities. Activities are divided into various

departments like Production Control, Works Assembly,

and QC WORKS. The manufacture and control of

production is through central systems, BELMAC,

BEL’s own homegrown ERP system.

Microwave Component Group

Frequencies greater than 1 GHz are termed as

Microwaves. Microwaves Integrated Circuits (MIC)

used extensively in the production of subsystems for

Radar and Communication equipment constitutes a

very vital part of the technology for these systems and

is generally imported. Owing to the crucial and

building block nature of the technology involved, BEL

is currently setting up a modern MIC manufacturing

Page | 20

facility at a planned expenditure of Rs. 2 cr. This

facility will be the main center for the MIC

requirements of all the units of the company.

Material Management

Material Management division is responsible for

procurement, storage handling, issue of purchased

parts as well as raw materials required to manufacture

various equipment and spares.

Marketing and Customer Co-ordination

This division is responsible for acquisition and

execution of customer orders and customer services.

Marketing department looks after order acquisition.

Commercial department looks after order execution.

Quality Assurance & Torque

BEL has established stringent processes, modern

facilities & systems to ensure product quality.IGQA,

Environmental Labs, Test Equipment Support and QA

departments are grouped under this division. All

material passes through stringent inward goods

screening in IGQA department before being accepted

Page | 21

for use. After inspection, the end product is again put

through a rigorous cycle of performance and

environmental checks in Environmental Labs. The

testing, calibration and repair facility of test

Instruments used in the factory is under the control of

Test Equipment Support.

Central Services

Central services Division looks after plant and

maintenance of the estate including electrical

distribution, captive power generation, telephones,

transport etc.

PCB Fabrication & Magnetics

PCB Fabrication, Coil and Magnetics, Technical

Literature, Printing Press and Finished Goods are the

areas under this division. Single sided PCB blanks-

having circuit pattern on one side of the board and

double sided- having circuit pattern on both sides of

the board are manufactured in house

Magnetic department makes all type of transformers

& coils that are used in different equipment. Coils and

transformers are manufactured as per various

Page | 22

specifications such as number of layers, number of

turns, types of windings, gap in core, dielectric

strength, insulation between layers, electrical

parameters, impedance etc. laid down in the

documents released by the D&E department.

Information Systems

IS Department is responsible for BEL’s own home

grown manufacturing and control systems called

BELMAC.it comprises of almost all modules a modern

ERP systems but is Host and dumb terminal based.

Finance & Accounts

The F&A division is divided into Budget &

Compilation, Cost and Material Accounts, Bills

Payable, Bill Receivable, Payrolls, Provident Fund,

Cash Sections.

Personal & Administration

P&A Division is divided into various departments like

Recruitment, Establishment, HRD, Welfare, Industrial

Relations, Security and MI Room.

Page | 23

Management Services

This department deals with the flow of information to

or from the company. It is broadly classified into three

major sub-sections – Management Information System,

Industrial Engineering Department and Safety.

Page | 24

ROTATION PROGRAME

Under this the student are introduced to the company

by putting them under a rotation program to various

department. The servile department where I had gone

under is as follows:

TEST EQUIPMENT & AUTOMATION

P.C.B FABRICATION

WORKASSEMBLY-

RADAR&COMMUNICATION

MAGNETICS

MICROWAVE LAB

QUALITY CONTROL WORK ASSEMBLY

During the rotation period of one week we had to go to

various departments, listed above to get some

introduction about the work that is being done at that

particular department. The co-operative staff at

various departments made the learning process very

interesting, which allowed has to know more about the

Page | 25

company in a very short time. The various

departments are now given in detail.

TEST EQUIPMENT & AUTOMATION This department deals with the various instruments

used at BEL such as Oscilloscope (C.R.O), Multimeter,

Signal Analyzer, Logical Pulsar, Counters Function

Generator etc.There are total three hundred equipments

and they are of sixteen types. Mainly the calibration

(testing of equipment with a standard one) of

instruments is carried out here, they are compared with

the standard of National Physical Laboratory (NPL).As

every instrument has a calibration period after which

the accuracy of the instrument falls from the required

standards. So if any of the instruments is not working

properly, it is being sent here for its correct calibration.

Page | 26

To calibrate instrument software techniques are used

which includes the program written in any suitable

programming language. After testing different tags are

labeled on the equipment according to the observations.

GREEN Perfect

YELLOW Satisfactory but some trouble is

present

RED cannot be used, should be disposed off.

1 WS 102

2 WS 104

3 PS 520

4 PS 809

5 PS 811

6 PS 369

Where, WS = Workmanship & PS = Process Standard

After the inspection of cables, PCB’s and other things the defect found are given

in following codes.

Page | 27

1 A --- Physical and Mechanical defects.

2 B --- Wrong Writing

3 C --- Wrong Component / Polarity

4 D --- Wrong Component / Mounting

5 E --- Bad Workmanship/ Finish

6 F --- Bad Soldering

7 G --- Alignment Problem

8 H --- Stenciling

9 I --- Others (Specify)

10 J --- Design & Development

After finding the defect, the equipment is sent to responsible department

which is rectified there.

P.C.B. FABRICATION

P.C.B. stands for Printed Circuits Board. It’s an integral part of the Electronics equipment as well as all the components are mounted on it. It Consists of the fiberglass sheet having a layer of copper on both sides.

Types Of PCBs

1. Single Sided Board : Circuits on one side.2. Double Sided Board : Circuit on Both sides.3. Multi-layer Board : Several layers are interconnected

Through hole metallization.

Raw material for PCB’s

Most common raw material used for manufacturing of PCBs is copper cladded

Page | 28

glass epoxy resin sheet. The thickness of the sheet may vary as 1.2, 2.4 and

3.2mm and the standard size of the board is 610mm to 675mm.

Operation in process

Following steps are for PCB manufacturing:-

1 CNC Drilling

2 Drill Location

3 Through Hole Plating

4 Clean Scrub and Laminate

5 Photo Print

6 Develop

7 Cu electroplate

8 Tin electroplate

9 Strip

10 Etching and cleaning

11 Tin Stripping

12 Gold plating

13 Liquid Photo Imageable Solder Masking (LPISM)

14 Photo print

15 Develop

16 Thermal Baking

17 Hot Air leaving

18 Non Plated Hole DrillingPage | 29

19 Reverse Marking

20 Sharing & Routing

21 Debarring & Packing

P.C.B. is a non-conducting board on which a conductive board is made. The base material, which is used for PCB plate are Glass Epoxy, Bakelite and Teflon etc.

Procedure for through hole metalization

Loading-Cleaner-Water Rinse-Spray Water-Rinse-Mild Etch-Spray Water-Rinse-Hydrochloric Acid-Actuator-Water Rinse-Spray Water-Rinse-Accelerator Dip-Spray Water- Rinse- Electrolyses Copper-Plating-Plating- Spray water-Rinse-Anti Tarnish Dip-Hot Air Drying- Unloading.

After through hole metalization, photo tool generation is done which is followed by photo printing. In this the PCB is kept b/w two blue sheets and the ckt. is printed on it. A negative and positive of a ckt. are developed. To identify b/w the negative and positive, following observation is done. If the ckt. is black and the rest of the sheet is white, it is positive otherwise negative.

Next, pattern is done. The procedure for pattern plating follows :

Loading- Cleaner- Water rings- Mild etch- Spray- Water Rinse-Electrolytic- Copper plating- Water rinse- Sulfuric acid-Tin plating- Water rinse- Antitarnic dip- Hot air dry- Unloading.To give strength to the wires so that they can not break. This is done before molding. Varnishing is done as anti fungus prevention for against environmental hazard.

After completion of manufacturing proceeds it is sent for testing. This is followed by resist striping and copper etching. The unwanted copper i.e. off the tracks is etched by any of the following chemicals. After this tin is stripped out from the tracks.After this solder marking is done. Solder marking is done to mark the tracks to get oxidized & finally etch. To prevent the from getting etched & making the whole circuit infuctionable done.

Page | 30

There are three types of solder marking done in BEL.

1 Wet solder mask : Due to some demerits this method is totally ruled out. The demerit was non alignment which was due to wrong method applied or wrong machine.2 Dry pin solder mask: Due to wastage of films about 30% this method is also not used now.3 Liquid photo imaginable solder mask (LPISM): In this first presoaking is at 80 degree Celsius for 10 to 20 minutes. Next, screen preparation is done . the board is covered by a silk cloth whose mesh is T-48. The angle to tilt of the board is 15 degree to 22.5 degree. The ink is Ink preparation : Ink + Hardener

71 % : 29 % (150 gms) : (300gms) +

Butayae solo solve 50gms/kg.

Ink preparation-

It uses :-Ink-----100gm

Catalyst----10% of total weight

Reducer-----10% of total weight

The catalyst is used as binder and prevents the following, while reducer is used as thinner. The three things are then fully mixed.

For wash out, following procedure takes place.

Water-Lactic acid-Water-Bleaching power-Water-caustic Soda-Water-Air dry-TCE.

After wash out, final baking for one hour at the temt. of 20degree C is done. After this shearing or routing is done which is followed by debarring and packing.

Page | 31

WORKS ASSEMBLY

This department plays an important role in the production. Its main function is

to assemble various components, equipments and instruments in a particular

procedure.

It has been broadly classified as :

1. WORK ASSEMBLY RADAR e.g.:INDRA-2, REPORTER

2. WORK ASSEMBLY COMMUNICATION e.g.: EMCCA,

MSSR, MFC

EMCCA: EQUIPMENT MODULAR FOR COMMAND CONTROL

APPLICATION

MSSR: MONOPLSE SECONDARY SURVEILLANCE RADAR

MFC: MULTIFUNCTIONAL CONSOLE

The stepwise process followed by work assembly department is:

1) Preparation of part list that is to be assembled.

2) Preparation of general assembly.

3) Schematic diagram to depict all connect to be made and brief

idea about all components.

4) Writing list of all components.

In work assembly following things are done.

Material receive

Preparation-- this is done before mounting and undertakes two procedures.

Tinning : The resistors, capacitors and other components are tinned

Page | 32

with the help of tinned lead solution. The wire coming out from the component is of copper and it is tinned nicely by applying flux on it so that it does not tarnished and seventh soldering becomes easy.

Bending : Preparation is done by getting the entire documents j, part list drawing and bringing all the components before doing the work.

Mounting : It means soldering the components of the PCB plate with the help of soldering tools. The soldering irons are generally of 25 W and are of variable temperature, one of the wires of the components is soldered so that they don’t move from their respective places on the PCB plate. On the other hand of the component is also adjusted so that the PCB does not burn.

Wave soldering : This is done in a machine and solder sticks on theentire path, Which are tinned.

Touch up: This is done by hand after the finishing is done.

Inspection: This comes under quality work.

Heat ageing: This is done in environment lab at temperature of 40 degree Celsius for 4 hrs and three cycles.

Lacquering: Lacquering is only done on the components, which are not variable.

Storing : After this variable components are sleeved with Teflon. Before Lacquering mounted plate is cleaned with isopropyl alcohol. The product is then sent to store.

MAGNETICS

Page | 33

This Department basically deals with the production of components of

electrical engineering. It basically consists of the following three sections:

1. Production control

2. Works

3. Quality control

The D&E provides all the information about manufacturing a coil

and the transformer.

The various types of transformer are as follows:

1. AIR CORED TRANSFORMER

2. OIL CORE TRANSFORMER

3. MODULATING TYPE TRANSFORMER

4. PCB MODULATING

a. Matching transformerb. Insulation transformerc. Hybrid transformerd. R.F. transformere. I.F. transformers

The types of cores are

1. E type

2. C type

3. Lamination

4. Ferrite core

5. Toroidal core

Procedures involved in production of transformers and coil :

1. Preparation of former :

Former is made of plastic Bakelite comprising a male and female plates which are

Page | 34

joined alternately to form a rectangular box on which winding is done.

2. Winding :

It is done with different material and thickness of wire. The winding has specified

number of layers with each layer’s having a specified number of turns. The

distance between the two turns should be maintained constantly that is there

should be no overloading. The plastic layer is inserted between two consecutive

layers.

Type of Windings :

1) Layer Winding

2) Wave Winding

3) Bank Winding

3. Winding :

For inter-winding and inter layer, various types of insulation sheets viz. Craft

paper, paper, leather, oil paper, polyester film are being used.

4 . Protection :

to protect the transformer from the external hazards, moisture, dust and to provide

high insulation resistance they are impregnated in the following forms.

INFORMATION SYSTEMS

DEPARTMENT

Page | 35

Information System department act as an Internet

Service Provider for BEL Ghaziabad unit. It is

responsible for managing and troubleshooting of the

entire network setup.

BELMAC

IS Department is responsible for BEL’s own home

grown manufacturing and control systems called

BELMAC. It comprises of almost all modules a modern

ERP system but is Host and dumb terminal based. It

comprises of two servers: BEL1 and BEL2. BEL1 deals

with production control, D&E, Material Management

and Sales modules while BEL2 deals with Finance and

Payroll. The front end of BELMAC is implemented

using SQL Forms and oracle at back end. Report

writer and Proc*C are used as Report writing Tools.

Page | 36

NETWORK

Page | 37

Some Networking Devices

In the physical layer, we find the repeaters. These are analog devices that are connected to two cable segments. A signal appearing on one of them is amplified and put out on the other. Repeaters do not understand frames, packets, or headers, they understand volts. E.g. Classic Ethernet was designed to allow 4 Repeaters, in order to extend maximum cable length from 500 Mts to 2500 Mts.

A Hub has a number of input lines that it joins electrically. Frame arriving on any of the lines are sent out on all the others. If two frames at the same time they will collide, just as on Coaxial cable. The entire hub forms a single collision domain. All lines coming into hub must operate at same speed. Hubs unlike repeaters do not amplify signals (usually) and are designed to hold multiple line cards each with multiple inputs, otherwise differences are slight.

A Bridge connects two or more LANs. When a frame arrives software in the Bridge extracts the destination address, from the frame header and looks it up in the table to see where to send the frame. For Ethernet this address is the 48 bit destination address. Like a Hub, modern Bridge has line cards, usually for 4 to 8 input lines of a certain type. A line card for Ethernet can’t handle, say token ring frames because it doesn’t know where to find destination address in the frame header. With a Bridge, each line is its own collision domain, in contrast to a Hub.

Page | 38

Switches are similar to bridges in that both route on frame addresses. Main difference is that a Switch is most often used to connect individual computers.

A Router is a device that forwards data packets along network route is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP?s network. Routers are located at gateways, the places where two or more networks connect. Routing is a process preformed by a router which moves packets of data around the Internet. A router makes sure that a message is sent and received and is part of what makes TCP/IP such a useful protocol suite. To be able to successfully start routing a router uses headers and a forwarding table to find the destinations for packets. A router uses the ICMP protocol section of the TCP/IP protocol suite. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts.

Very little filtering of data is done through routers

A network gateway is an internetworking system, a system that joins two networks together. A network gateway can be implemented completely in software, completely in hardware, or as a combination of the two. Depending on their implementation, network gateways can operate at any level of the OSI model from application protocols to low-level signaling.

A Cisco router is a computer device that receives or forwards data packets to and from the Internet towards a destination in the process called routing. A router is the

Page | 39

essential component of the computer networking that enables any sent data to arrive at the right destination.

A router (broadband router) is also a device that enables two or more computer to receive data packets from the Internet under one IP address at the same time.

Remember that to be able to connect to the Internet; a computer must have an IP address unique from the rest of the computers. Therefore, every computer connected to the Internet has it own IP address. It is like having a fingerprint or ID as an access pass to be able to enter the web. With the presence of the router, this? Fingerprint? Or? ID? Could be shared by two or more computer at the same time. In simplest form, a router makes two or more computer use the Internet at the same with one access pass.

Application Layer Application Gateway

Transport Layer Transport Gateway

Network Layer Router

Data link Layer Bridge, Switch

Physical Layer Repeater, Hub

Remote Access Server (RAS)

Remote access is a ability to get access to a computer /network from a remote distance. In corporations, people at branch offices, telecommuters, and people who are travelling may need access to the corporation's network. Home users get access to Internet through remote access to an Internet service provider (ISP).Remote access is also possible using a dedicated line between a computer or a remote local area network and the "central" or main corporate local area network. A dedicated line is more expensive and less flexible but offers faster data rates.

Page | 40

Integrated Services Digital Network (ISDN) is a common method of remote access from branch offices since it combines dial-up with faster data rates. Wireless, cable modem, and Digital Subscriber Line (DSL) technologies offer other possibilities for remote access.

A server that is dedicated to handling users that is not on a LAN but need remote access to it.

A remote access server is the computer and associated software that is set up to handle users seeking access to network remotely. Sometimes called a communication server, a remote access server usually includes or is associated with a firewall server to ensure security and a router that can forward remote access request to another part of corporate network. A remote access server may include or work with modem pool manager so that small group of modems can be shared among a large number of intermittently present remote access users. A remote access server may also be used as part of a virtual private network (VPN).

EPolicy Orchestrator (EPO)

EPolicy Orchestrator® is a security management solution that gives you a coordinated defense against malicious threats and attacks. As your central hub, you can keep

Page | 41

protection up to date; configure and enforce protection policies; and monitor security status from one centralized console.

Benefits:Enforces compliance and updatesePolicy Orchestrator lets you effectively manage policy compliance and updates;You lower the risk of noncompliant systems compromising your security Comprehensive security managementHandle all your enterprise-wide system protection with this centralized management infrastructure. It covers anti-virus, anti-spyware, host IPS, content filtering, and Microsoft® patch assessment Find non-compliant systemsIt helps you identify noncompliant systems that increase your risk of vulnerability and infection Assesses Microsoft patch complianceYou can assess Microsoft patch compliance and audit your current patch rollout processes; it informs you about your exposure to new exploits and vulnerabilities Monitors security all day, every dayYou can monitor security status 24/7, evaluate your policy status, and find your network's vulnerabilities from one centralized

Features:Noncompliant system detectionePolicy Orchestrator lowers your risks due to noncompliant systems by alerting you when such systems are connected to your corporate network Patch compliance and reportingePolicy Orchestrator lets you search for a file, service, registry key, or specific Microsoft patch; you can

Page | 42

monitor the compliance by viewing detailed graphical reports Virus tracking and notificationIt tracks new anti-virus security updates every hour and deploys them to appropriate systems without your intervention through automatic and fast global updating

Mail Server

A host server which holds e-mail messages for clients. The client (the program you use to get your e-mail) connects to the mail server and retrieves any messages that are waiting for you. The computers at your ISP that handle email coming into your account as well as all the email you send out. A mail transfer agent or MTA (also called a mail server, or a mail exchange server in the context of the Domain Name System) is a computer program or software agent which transfers electronic mail messages from one computer to another.

Dynamic Host Configuration Protocol (DHCP)

It is a client server networking protocol. The Dynamic Host Configuration Protocol (DHCP) is a protocol that automates the assignment of IP addresses; subnet masks default routers, and other IP parameters. The assignment usually occurs when the DHCP configured machine boots up, or regains connectivity to the network. The DHCP client sends out a query requesting a response from a DHCP server on the locally attached network. The DHCP server then replies to the client PC with its assigned IP address, subnet mask, DNS server and default gateway information. The assignment of the IP address usually expires after a predetermined period of time, at which point the DHCP client and server renegotiate a new IP

Page | 43

address from the server's predefined pool of addresses. Configuring firewall rules to accommodate access from machines who receive their IP addresses via DHCP is therefore more difficult because the remote IP address will vary from time to time. You'll probably have to allow access for the entire remote DHCP subnet for a particular TCP/UDP port. Most home router/firewalls are configured in the factory to be DHCP servers for your home network.

Phases of DHCP Operations: -

IP lease request

IP lease offer

IP lease selection

IP lease acknowledgement.

1. IP Lease Request:-

Whenever a computer comes on line, it checks to see if it currently has an IP address leased. If it doesn't, it requests a lease from a DHCP server. Because the client computer doesn't know the address of a DHCP server, it uses 0.0.0.0 as its own IP address and 255.255.255.255 as the destination address. Doing so allows the client to broadcast a DHCPDISCOVER message across the network. Such a message consists of the client computer's Media Access Control (MAC) address (the hardware address built into the network card) and its NetBIOS name.

2. IP Lease Offer:-

When a DHCP server receives an IP lease request from a client, it extends an IP lease offer. This is done by reserving an IP address for the client and broadcasting a DHCPOFFER message across the network. This message

Page | 44

contains the client's MAC address, followed by the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer.

3. IP Lease Selection:-

When the client PC receives an IP lease offer, it must tell all the other DHCP servers that it has accepted an offer. To do this, the client broadcasts a DHCP REQUEST message containing IP address of the server that made the offer. When the other DHCP servers receive this message, they withdraw any offers that they might have made to the client. They then return the address that they had reserved for the client back to the pool of valid addresses that they can offer to another computer. Any number of DHCP servers can respond to an IP lease request, but the client can only accept one offer per network interface card.

4. IP Lease Acknowledgement:-

When the DHCP server receives the DHCP REQUEST message from the client, it initiates final phase of configuration process. This acknowledgement phase involves sending a DHCPACK packet to client. This packet includes lease duration and any other configuration information that the client might have requested. At this point, TCP/IP configuration process is complete.

Technical Product Specification In Bharat Electronics limited Information Services

Layer3 switch (Central Switch) Router

Page | 45

1 Chassis based switch architecture with scalable back pane bandwidth over 32 Gbps.

2 Multi-layer switching performance over 15 Million pps (64 Byte).

3 Should support voice and data integration on the same switch to provide a single platform for running a multi-service network.

4 Should provide for capability to integrate VoIP using IP Telephone in the campus.

5 Should have provision to upgrade current 10BAseT/100BaseTX modules for in-line power to IP phones or should allow for the same externally.

6 Efficient intranet multimedia and multicast support through protocol independent multicast (PIM), Internet Group Management Protocol (IGMP), and GARP Multicast Registration Protocol (GMRP) delivering end to end, scalable bandwidth for multimedia and multicast applications.

7 Should support QoS policies enforced by using Layer 2,3, and 4 information such as, precedence bits from IP, and 802.1p frames or layer 4 port numbers.

8 Support for in-built protocol based Server load balancing for optimal server utilization.

9 Support for fast Web Caching for optimal network utilization. Support for Web Caching Control protocol (WCCP2).

10 Support for multiple queues with configurable thresholds employing queue management techniques like WRED, WRR, and type of service / class of service (ToS/CoS) mapping mechanism to ensure that QoS is maintained as packets traverse Layer 2 and Layer 3 boundaries.

11 Support for wide range of IP, IPX, and IP multicast routing protocols.

12 Support for over 32000 MAC addresses.13 IEEE 802.1Q, 802.1p, 802.3x14 Ethernet: IEEE 802.3u, 100Base TX, 100Base FX.15 Gigabit Ethernet: IEEE 802.3z.16 Support for hot standby redundancy on Layer 3.17 Support for SNMP MIB-II, 4 groups of RMON-1

Page | 46

(RFC 2819) on each ports and RMON-2 (RFC 2021) through external Network Analysis Module.

18 Support for SMON – Switch monitoring.19 Support for IEEE 802.1D Spanning-Tree Protocol

instance per VLAN preferred.20 Modular architecture for quick replacement of faulty

modules.21 Redundancy and fault tolerance :

o Requirement for redundant switching matrix / Supervisory / Controller in central switch.

o Requirements for supporting redundant, load sharing and hot pluggable power supply.

o Requirement for Redundant Supervisory and Management module.

o Requirement for Redundant System clocks.o Requirement for Redundant Fan modules.

22 Requirement for hot swappable I/O modules.23 Support for over 4000 VLANs.24 Security: Switch to support Secure Port filtering,

TACACs+ and IP permit lists, dynamic ACLs and MD5 Route authentication shall be preferred. If the same is offered by connecting a external device , then it is to be indicated.

25 Port requirement :o Gigabit Ethernet – provision for over 40 ports.o Fast Ethernet – 48 ports 10 BaseT / 100

BaseTX. Option to enhance port count to over 200. should be able to support inline power if required.

o WAN ports support option for T1/E1, T3/E3, HSSI, ATM, and POS in the same chassis for future upgradability.

o Voice support using FXS (atleast 48 ports in the same chassis), E1.

26 Single TFTP download for entire chassis for the purpose of upgrade of Switch S/W.

27 Advanced diagnostic support for troubleshooting requirements.

Following Minimum Configuration required with above

Page | 47

parameters.

1. Minimum 9 Slot Chassis 1 Nos.2. Supervisory / Controller Module 1 Nos.3. Min. 10 Gigabit Ports 8 Nos. 1000 BaseSX & 2 Nos 1000 BaseLX.4. Redundant Supervisory / Controller Module 1 Nos.5. Redundant Power Supply 1 Nos.6. 1 Port QC-12 Uplink Module 1 Nos.7. 36 / 48 Port 10/100 BaseTX Module 1 Nos.

Layer 2 Switches (Distribution Switches)

1 24/48 port 10Base T/100Base TX ports with full-duplex operation and auto sensing on each switched 10/100 port.

2 Modular field – replaceable Gigabit modules support SX, LX, LH and ZX (extended reach over 70km) capability.

3 Over 10 Gbps aggregate switching fabric.4 Over 8 Million pps forwarding rate.5 Support for at least 16 MB DRAM and 4 MB of Flash

Memory.6 Dual priority forwarding queues on each 10/100 and Gigabit

Ethernet port with support for 802.1p.7 Bandwidth aggregation over 10/100 and Gigabit Ethernet up

to 4 Gbps.8 Per port broadcast storm protection.9 Support for 4 groups of RMON – History, statistics, alarms,

and events on board. Support for 9 groups by using external analyzer through use of SPAN (Switch Port Analyzer).

10 Support for NTP (Network Time Protocol).11 8192 MAC Addresses.12 802.1Q VLAN configuration on all ports.13 Support for IEEE 802.1D Spanning – Tree Protocol instance

per VLAN preferred. Please indicate.14 IEEE 802.1p ready. Must provide two priority queues on

10/100 ports and 8 priority queues on Gigabit Ethernet ports allowing users to prioritize data packets.

15 Support for 802.3x full duplex on all ports.

Page | 48

16 Support for switches to be stacked or clustered and manageable using a single IP address.

17 Support for upto 250 port based VLANs.18 Bandwidth aggregation support for Inter-switch links.19 Imbedded web based Network Management Software to

configure and manage all stacked/clustered switches. Quote for external HTTP server in case it is required.

20 Support for SNMP MIB – II, SNMP MIB extensions, Bridging MIB (RFC 1493).

21 Support for Telnet and Command Line Management.22 Support for IP multicast.23 Multifunction LEDs per port for port status,

half-duplex/full-duplex, and 10BaseT/100BaseT indication as well as switch-level status LEDs for system, RPS, and bandwidth utilization.

Access Switches:1 Support for at least 8 ports of 10BaseT/100BaseTX working

simultaneously is required.2 Support for Auto-sensing and Auto-negotiation on each port.3 Support for Web-based network management in addition to

regular management using SNMP.4 Support for at least 4 port-based VLANs.5 Internal power supply is required.

HUB Specifications:1 16 port of 10 Mbps each.2 Unmanaged and standalone.3 One AUI port.4 Inbuilt power supply.5 19” Rack Mounted.6 Front LED for Status and Link.

Fiber Optic Infrastructure Specifications in Information Services

2) Fiber Optic Connectors

Page | 49

The STII, STII+ or SC connectors shall meet or exceed the following specifications:Operating temperature: -40 to +75 degree C.Average loss: 0.3 dB.

The choice between STII, STII+ or SC should be approved by B.E.L prior to installation and should take into account the standards recommendation that the SC connector should be used for all new installations.

3) Fiber Optic Patch Cords

The fiber patch cord shall consist of one or two single, buffered, graded-index 62.5/125 µm fibers. The fiber patch cord shall be terminated with STII, STII+ or SC connector on each end. The connector should specify whether simplex or duplex cords are provide in the tender response.

The fiber patch cords shall meet the following specifications:Minimum bend radius: 1.00”.Operating temperature: -20 to +70 Degree C.Loss: 0.4 dB/mated connectorMinimum bandwidth:200 MHz-km at 850 nm.500 MHz-km at 1300 nm.

4) Fiber Optic Patch Panels

The fiber patch panels shall be wall or 19” rack mounted. The preferred method including the connector type should be detailed in the tender response. This will depend on the space requirements of the building.

UTP Cabling Specifications

1 Enhanced CAT-5 cable (4 pair)

comply with ISO/IEC ISO 11801 ANSI/TIA/EIA/568 A/Bshould preferably be tested and verified to exceed the

Page | 50

draft TIA specifications for 1000Base T (Gigabit Ethernet)CMR ratedUL verifiedUL listedMinimal delay skew < 8 nsElectrical characteristics:Impedance 100Ω ± 15 Ω from 1MHz to 350 MHzDC Resistance 28.6 Ω / 305m MaxResistance unbalance 5% maxPhysical characteristicsConductor: solid copperConductor diameter: 0.511 ± 0.005 mmInsulation: polyolefinInsulation thickness: 0.125 ± 0.03 mmJacket: PVCOuter diameter: 5.1 ± 0.4 mmMax Temperature: 75 0C

2 Enhanced CAT-5 UTP Information Outlets

Comply with TIA/EIA/568 A/BAngled SocketHigh Durability RJ45 InterfaceMechanicalTermination Tools:Krone (BT Inserter Wire 2A)/11IDC terminals:Suitable for 0.4 mm – 0.6 mm solid or stranded cable, max D.1.5 mmTwo wires may be terminated for Daisy chain applications25 re terminals possible.RJ45 Connector:Body material UL 94VOThermoplastic, suitable for minimum 1000 mating cyclesConnector composition:1.25 mm gold over 2.5 mm nickel over phosphor bronzeElectricalDC Resistance: 20 mΩ or lessDC Resistance Imbalance: 2.0 m Ω or less

Page | 51

Insulation Resistance: >100 M ΩAttenuation (dB)@1 MHz 0.0121 or better@16 MHz 0.0193 or better@100 MHz 0.1052 or betterNear End Crosstalk@1 MHz 84.26 or better@16 MHz 60.03 or better@100 MHz 42.32 or betterReturn Loss (dB)@1 MHz 51.26 or better@16 MHz 36.99 or better@100 MHz 18.06 or better

3 Patch Cord (Enhanced CAT-5)7 ft3 ft

Comply with TIA/EIA/568 A/BUTP / RJ45 Patch cords4 Pair cable assembly that is fully compatible with voice, data and video applicationsConstructed of stranded UTP cable for maximum flexibility and integrityBuilt in strain relief on connectors(Boots)Mechanical SpecificationsCableGauge: 24 AWG stranded copper wire pair count: 4 pairs individually colour codedSequenceWiring sequence in 568 A and 568 B availableLengths: 0.3m; 0.6mm; 1.0mm; 1.5mm; 2.0mm; 3.0mm; 4.5mm; 5.0mm; 6.0mm; 7.0mm; 8.0mm; 9.0mm; 10.0mm;Temperature range: -40 0C to 60 0CCrimping PlugHousing: natural polycarbonate UL 94V-2Contract Material: Phosphor BronzeContact Plating: 1.25mm gold over 2.5mm NickelCable to PlugTensile strengths: 7.71 kg minElectrical characteristicsCableTIA/EIA category 5 LAN PerformanceETL verified

Page | 52

DC resistance per lead 0.085 Ω/m nominalDC resistance unbalanced 3% nominalNominal mutual capacitance 49.6 pF/mCharacteristic Impedance 100Ω (15 % from 1 to 100MHz)ACA Approval

4 Jack panels / patch panels (Enhanced CAT-5)

Comply with TIA/EIA/568 A/BCapable accommodating 22-26 AWG solid/standard wires along with cable management clamps on rear and front sideCapable of mounting on 19” rack

5 Wall mount racks 12 U

Single/Double section rack 600 mm wide X 500 mm deepRigid frame which can be fixed to the wallAdjustable 19” rails in the frontFixed mounting rails in the rearTop & Bottom cable entry facilityFront section with glass doorLoad rating 40 KGMaterial made of steel & power coatedSteel door & glass door trims to be powder coated

6 Floor mount rack 42 U

With 800 mm deepFront Glass Door and back Steel Door

PVC channel casing & capping

ISI makeStandard class – A PVC channelPVC channel used should have 25% free space to accommodate the further requirementsThe PVC channel with casing & capping should be fired & cold/alkali retardant and rodent proof

8 GI pipe Class B typeISI Make

9 Information outlet

EN 60603 – 7 (IEC 603 – 7) and EN 28877 (ISO 8877)8 positions modular MGS 200 connector and of the insulation displacement typeCapable of receiving of 24 AWG solid and stranded wiresShould be either surface or flush mounted, single or dual sockets

Page | 53

VIRUAL LOCAL AREA NETWORKS (VLANs)

Page | 54

Introduction

Virtual LANs (Vlans) have recently developed into an integral feature of switched LAN solutions from every major LAN equipment vendor. Although end user enthusiasm for Vlan implementation has yet to take off, most organizations have begun to look for vendors that have a well articulated Vlan strategy, as well as Vlan functionality built into products today. One of the reasons for the attention placed on Vlan functionality now is the rapid deployment of LAN switching that began in 1994/1995. The shift toward LAN switching as a replacement for local or departmental routers- and now even shared media devices (hubs)- will only accelerate in the future. With the rapid decrease in Ethernet and token ring switch prices a per port basis, many more ambitious organizations are moving quickly toward networks featuring private port (single user/port) LAN switching architectures. Such a desktop switching architecture is ideally suited to Vlan implementation. to understand why private port LAN switching is so well suited to Vlan implementation, it is useful to review the evolution of segmentation and broadcast containment in the network over the past several years.

In the early 1990s, organizations began to replace two port bridges with multiport, collapsed backbone routers in order to segment their networks at layer 3 and thus also contain broadcast traffic. In network using only routers for segmentation, segments and broadcast domains corresponds on one-to one basis. Each segment typically contained between 30-100 users. With the introduction of switching, organizations were able to divide the network into smaller, layer -2 defined segments, enabling increase

Page | 55

bandwidth per segment. Routers could now focus on providing broadcast containment, and broadcast domains could now span multiple switched segments, easily supporting 500 or more users per broadcast domains. However the continued deployment of switches, dividing the network into more and more segments (with fewer and fewer users per segment) does not reduce he need for broadcast containment. Using routers, broadcast domains typically remain in 100-500 user range. Vlans represent an alternative solution to routers for broadcast containment, since Vlans also allow switches to contain broadcast traffic. With the implementation of switches in conjunction with Vlans, each network segment can contain as few as one user (approaching private port LAN switching), while broadcast domains can be as large as 1000 users or perhaps even more. In addition, if implemented properly, Vlans can track workstation movements to new locations without requiring manual reconfiguration of IP address. Why haven’t more organizations deployed Vlans? For the vast majority of end user organizations, switches have yet to be implemented on large scale to necessitate Vlans. That situation will soon change. There are, however, other reasons for the lukewarm reception that Vlans have received from network users up to now.

Vlans have been, and are still, propriety, single-vendor solutions. As the network industry has shown, propriety solutions are anathema to the multivendor/open systems policies that have developed in the migration to local area networks and the client server model.

Page | 56

Despite the frequently quoted numbers illuminating the hidden costs of networking, such a administration and moves/adds/changes, customers realize that Vlans have their own administrative cost, both straight forward and hidden

Although many analysts have suggested that Vlans enhance the ability to deploy centralized servers, customers may look at enterprise wide Vlan implementation and see difficulties in enabling full high performance to centralized servers.

Defining VLANs

With the multitude of vendor specific Vlan solutions and implementations strategies, defining precisely what Vlans has become a contentious issue. Nevertheless, most people would agree that a Vlan can be roughly equated to a broadcast domain. More specifically, Vlans can be seen as analogous to a group of end stations, perhaps on multiple physical LAN segments, that are not constrained by their physical location and can communicate as if they were on common LAN. However, at this, issues such as the extent to which end station are not constrained by physical locations, the way Vlan membership is defined, and the relationship between Vlans and routing, and he relationship between Vlans and ATM have been left up to

Page | 57

each vendor. To a certain extent these are tactical issues, but how they are resolved has important strategic implications. Because there are several ways in which Vlan membership can be defined, this paper divides Vlan solutions into four general types: port grouping, MAC layer grouping, network layer grouping and IP multicast grouping.

Membership by Port Group:

Many initial vlan implementation defined vlan membership by group of switch ports (for example ports 1,3,2,7 and 8make up vlan A, while ports 4, 5, 6 make up vlan B). Further more in initial implementations vlan could only be supported by single switch. Second generation implementation support vlan that span multiple switches ( for example , ports 1 and 2 of switch # 1 and ports 4,5,6,7 of switch #2 make up vlan A ; while ports 3,4,5,6,7 and 8 of switch #1 combined with ports 1, 2,3,and 8 of switch #2 make up Vlans B). this scenario is depicted in figure.1 port grouping is still the most common method of defining vlan membership, and configuration is fairly straightforward defining Vlans purely by port group does not allow multiple vlan to include the same physical segment. However, the primary limitation of defining Vlans by port is that network manager must reconfigure Vlans membership when user moves from one port to another.

Membership by MAC Address:

Vlans membership based on MAC layer addresses has a different set of advantages and disadvantages. Since

Page | 58

MAC-layer addresses are hard wired into workstation’s network interface card (NIC), Vlans based on MAC addresses enable network manager to move a workstation to different physical location on the network and have that work station automatically retain is Vlans membership. In this way, a Vlans defined by MAC addresses can be thought of as a user based Vlan.

One of the drawbacks of MAC address based vlan solution is the requirement that al, user must initially be configured to be in at least one Vlan. After that initial manual configuration, automatic tracking of users is possible, depending on the specific vendor solution. However, the disadvantage of having to initially configure Vlans becomes clear in very large networks. Where thousand of users must each is explicitly assigned to a particular Vlans. Some vendors have mitigated the onerous task of initially configuring he MAC based Vlans by using tools that create Vlans based on the current state of the networks- that is , a MAC address – based Vlan is created for each subnet. MAC address based Vlans that are implemented in shared media environments will run into serious performance degradation as member of different Vlans coexist on singe switch port. in addition, the primary method of communicating Vlans membership information between switches in Mac address – defined Vlan also runs into performance degradation with large scale implementations.

Another, but minor drawback to vlan based only on MAC layer addresses emerges in environment that use significant numbers of notebook pc’s with some docking station and integrated network adapter usually remain on the desktop, while the notebook travels with the users.

Page | 59

When the user moves to a new desk and docking station, the MAC layer address changes, making Vlan membership impossible to track. In such an environment, Vlan membership must be updated constantly as the users move around and use different docking stations. While this problem may particularly not be common, I does illustrate some f the limitations of the MAC address based Vlans.

Layer 3 – Based VLANs:

Vlan based on layer 3 information take into account protocol type (if multiple protocol is supported) or network layer-layer address (for example, subnet address for Tcp/ip address) in determining Vlan membership. Although these Vlan are based on layer 3 information, this does not constitute “routing” function and should not be confused with network layer routing. Even though switch inspects a packet ip-address o determine valn membership, no route calculation is undertaken, RIP or OSPF protocols are not employed and frame traversing the switch are usually bridged according to implementation of the spanning tree algorithm. Therefore from the point of view of switch employing layer5 Vlans, connectivity within any vlan is still seen as a bridged topology. Having made he distinction between Vlan based on layer 3 information and routing, it should be noted that some vendors are incorporating varying amounts of layer 3 intelligence int switches, enabling functions normally associated with routing. Furthermore, “layer 3 aware “or “multilayer swiches” often have the packet forwarding function of routing built into ASIC chipsets, greatly improving performance over CPU based routers. No matter where it is located in Vlan solution

Page | 60

routing is necessary to provide connectivity between distinct Vlans. There are several advantages to defined Vlan at layer 3.

First it enables partioning by protocols type. This may be an attractive option for network managers who are dedicated to a service or application strategy.

Second users can physically move there workstation without having to reconfigure each workstation network address- a benefit of typically TCP/IP users.

Third defining Vlan at layer 3 can eliminate the need for frame tagging in order to communicate Vlan membership between switches, reducing transport overhead.

One of the disadvantages of defining Vlan a network a layer 3 (Vs MAC or port based Vlan) can be performance. Inspecting layer three 3 addresses in packets is ore time consuming than looking at MAC address at frames. For this reason layer3 information for Vlan definition are generally slower than that use layer2 information. It should be noted that this performance difference is rue for most, but not all, vendor implementations. Vlans defined at layer 3 is particularly effective in dealing with TCP/IP but less effective in protocols such as IPXtm, DECnet, or AppleTalk which do not involve manual configuration at desktop. Furthermore layer3 defined Vlans have particular difficulty in being with “unroutable “protocols such as NetBIOS.

IP Multicast Groups as VLANs:

Page | 61

Ip multicast groups represent a somewhat different approach to Vlans definition, although the fundamental concept of Vlans as broadcast domains still applies. When an ip address is sent via multicast, it is sent t an address that is proxy for explicitly d4efined group of IP address that is that is group of IP address that is established dynamically. Each workstation is given the opportunity to join the IP multicast group. by responding affirmatively to a broadcast notification , which signals group existence .all station ha join IP multicast group can be seen as members of the same virtual LAN however the are only members f a particular multicast group for certain period of time . Therefore the dynamic nature of Vlans defined by IP multicast group enable a very high degree of flexibility and application sensitivity. I addition, Vlans defined by IP multicast groups would inherently be able to span routers and thus wan connections.

Combination VLAN definitions

Due to trade offs between various types of Vlans; many vendors are planning to multiple method of Vlan definition. Such a flexible definition of Vlans membership enables networks managers to configure their Vlans to best suit there particular network environment.

Automation of VLAN Configuration:

Another issue central to Vlans deployment is the degree to which Vlans configuration is automated. to a certain extent

Page | 62

, this degree of automation is correlated to how Vlans are defined but in the end the specific vendor solution will determine the level of automation . There are three primary configurations of Vlans configuring.

Manual with purely manual Vlans configuration both the initial setup and all subsequent moves and changes are controlled by network administrator. Purely manual configuration enables high degree of control. The ever in large enterprise networks manual configuration is not practical. Furthermore it defeat the primary benefits of Vlans : elimination of time it takes to administer moves and changes – although moving users manually with Vlans may actually be easier than moving users across routers subnets depending on the\e specific vendor’s Vlans management interface .

Semi automated It refers to the options to automate initial configuration, subsequent reconfigurations or both. Initial configuration automation is normally accomplished with a set of tools that map Vlans to existing subnets or other criteria. It also refers to the situation where Vlans are initially configured manually, with all subsequent move being tracked automatically combining both initial and subsequent configuration because the network administrator always has he option of manual configuration.

Fully automatic a system that fully automated Vlans configuration implies that workstation automatically and dynamically joins Vlans depending on application, user id or other criteria and policies that are preset by the administrator.

Page | 63

Communicating VLAN Membership Information:

Switch must have a way of understanding Vlans membership when network traffic arrives from other switches; otherwise Vlans would be limited to single switch. In general; layer 2 based Vlans (defined by port or MAC address) must communicate Vlans membership explicitly, while Vlans membership in IP based Vans in implicitly communicated by IP address. Depending on the particular vendor’ solution, communication of vans membership must also been in case of layer 3 based Vlans in multiprotocol environment to date outside of implementing an ATM. Backbone.

Three methods have been implemented for inters witch communication of Vlans information across a backbone:

Table maintenance via signalingFrame taggingTime division multiplexing

Table Maintenance Via Signaling: - when end station broadcasts is first frame , the switch resolves the Mac address or attached port with its Vlans membership in cached address tables . This information is broadcast to all other switches. as Vlans membership changes, these tables are manually updated by system administrator a management console . As the network expands and

Page | 64

switches are added , the constant signaling necessary to update the cached address tables of each switch can cause substantial congestion of the backbone for this reason , this method does not scale particularly well .

Frame tagging: - a header is typically inserted into each frame on inters switch trunks to uniquely identify which LAN a particular which MAC-layer frame belongs to. Vendors differ in the way they solve the problem of occasionally exceeding the maximum length of Mac layer frames as these headers are inserted. These headers also add to network over traffic.

TDM: - works the same way as the network backbone to support Vlans as it does in the van environment to support multiple traffic types- here channels are reserved for each Vlans. This approach cuts some of the overhead problems inherent in signaling and frame tagging , but it also waste bandwidth, because the time slot dedicated to one Vlan cannot be used by other Vlans , even if the traffic is not carrying the traffic . Deploying an ATM backbone also enables he communication of Vlans information between switches, but it introduces a new set of issues with regard to LAN emulation (LANE). The LANE standard provides for a nonproprietary method of communicating Vlan membership across a backbone.

Standards and the Proprietary Nature of VLANs: Given the variety of types of Vlans definitions and variety of ways that switches can communicate Vlan information, it

Page | 65

should not be surprising that each vendor has developed its own unique and propriety la solutions and products. The fact that switches from one vendor will not interoperate entirely with Vlans from other vendor’s ay force customers to buy from single vendor for Vlan deployment across the enterprise. An exception to this arises when we use ATM backbone and LANE. It also implies that purchase decision should be more highly centralized or coordinated than they may traditionally have been. Thus from both procurement and a technological perspective, Vlan should be considered as element of strategic approach. Following two Vlan standards have been proposed:

802.10 ”Vlan Standard”In 1995 cisco systems, proposed the use of IEEE 802.10, which was originally established to address LAN’s security for Vlans. Cisco attempted to take the optional 802.10frame header format and reuse it to convey Vlan frame tagging instead of security information. Although this can be made to work technically, most members of 802 committee have been strongly opposed to using one standard for two discrete purposes. In addition, this solution would be based on variable length fields, which make implementations of ASIC based frame possessing more difficult and thus slower and more expensive.

802.1 Internetworking SubcommitteeIn march 1996, the IEEE 802.1 internetworking subcommittee completed the initial phase of investigating the initial phase for developing a Vlan standard, and passed resolution concerning three issues:The architectural approach of Vlans; a standardized format for frame tagging to communicate vlan membership information across multiple and multi vendor devices. And the future direction of Vlan standardization. The standardized format for frame tagging , in particular is

Page | 66

known as 802.1Q represents major milestone in enabling Vlans to be implemented using equipment from several vendors , and will be key in developing major rapid development of Vlans . Furthermore establishment of frames formats specification will allow vendor to immediately begin incorporating this standard into there switches. All major switch vendors, including 3Com, Alantec, Baynetworks, Cisco and IBM voted in favor of this proposal. However due to the lag tie necessary for some v\vendors to incorporate the frame forma specification and he desire on the part of most organization to have a unified Vlan management platform, Vlans will, in practice continue to retain characteristics of single vendor solution for some time. This has significant ramifications for deployment and procurement of Vlans. Department level procurement for LAN equipment, particularly in the backbone, is not practical for organization deploying Vlans. Purchasing decisions and standardization on a particular vendor solution throughout the enterprise will become the norm, and price based product competition will decrease the structure of the industry itself may also sift in favor of the larger networking vendors that can furnish a wide range of components.

VLAN Implementation BenefitsWhy are vendors paying so much attention to Vlan implementation? Will Vlan solve ll the network manager’s problems wit respect to moves, changes broadcasts, and performance?

Reducing the Cost of Moves and ChangesThe reason most often given for Vlan implementation is the reductin in the cos of handling.

VLANs over the WAN.Theoretically Vlans can be extended over WAN. However this is generally not advised, since Vlans defined over the WAN will

Page | 67

permit Lan broadcast traffic to consume expensive WAN bandwidth. Because routers filter broadcast traffic, they neatly solve this problem. However if bandwidth is free for a particular organizing ( for example an electric utility with dark fiber installed in its right of way) , then extending Vlans can be considered , finally depending n how they are constructed., IP multicast group can be extended across the WAN, as well as the routers providing the WAN connections , without wasting the WAN bandwidth.

SecurityThe ability of Vlans to create firewalls can also satisfy more stringent security requirements and thus replace much of the functionality of routers in this area. This is primarily true when Vlans are implemented in conjunction with private port switching. The only broadcast traffic on single user segment would be from that user’s Vlans (that is traffic intended for that user). Conversely it would be impossible to broadcast or unicast traffic not intended for that user because such traffic does not physically traverse that segment.

VLANs and ATM While the concept of Vlans originated with lan switches, their use may need to be extended to environment network where ATM network and ATM-attached devices are also present. Combing Vlans with ATM networks creates a new set of issues for network managers , such as relating Vlans to ATM emulated LANs (ELANS), and determining where to place the routing function.

VLANs Transparent to ATMIn a LAN backbone with Vlan spanning more than one Lan switch. In an environment where ATM exist only in the backbone (that is there are no ATM-connected end stations), ATM permanent virtual circuits (PVCs) may be set up in a logical mesh to carry intra Van traffic between these multiple LAN switches. In this environment, any proprietary technique the vendor has employed is transparent to the ATM backbone. ATM switches do

Page | 68

not have to be Vlan aware. This means that ATM backbone switches could be for different than the Lan switches; ATM backbone switches could be selected without regarding for Vlan functionality, allowing network managers to focus ore on performance related issues. As convenient as this situation sounds, it does not reflect reality for many network environments.

Complexity Arising with ATM attached DevicesUsually, organizations that implement ATM backbone could also like to connect workstations or more likely, servers, directly to those backbones. As soon as any logical endstations is connected via ATM, a new level of complexity arises. LAN emulations must be introduced into the network to enable ATM connected endstations and non ATM connected end stations to communicate.

LAN EmulationWith he introduction of ATM connected end stations, the network becomes truly mixed environments , with two types of networks operating under fundamentally different technologies : connectionless Lans (Ethernet, Token Ring, FDDI, etc.) and connection oriented ATM. This environment puts the responsibility on the ATM side of the network to emulate the characteristics of broadcast LANs and provide MAC to ATM address resolution. The LAN emulation (LANE) specification, standardized in 1995by the ATM forum, specifies how this emulation is accomplished in a multivendor environment. LANE specifies a LAN emulation server (LES), which can be incorporated into one or more switches or separate workstations to provide the MAC-to-ATM address resolution in conjunction with LAN Emulation clients (LECs), which are incorporated into ATM edge switches and ATM NICs. Figure 2: briefly illustrates how LANE operates:

The LAN switch receives a frame fro an Ethernet-connected end stations, his frame is destined for another Ethernet end-station across the stations across the ATM backbone. the

Page | 69

LEC(which in this situation resides in the LAN switch)send a MAC-to-ATM address resolution request to the LES(which in this case resides in the ATM switch).

The LES sens a multicast ot all the other LECs in the network.

Only the LEC ha the Destination MAC address in its tables responds tot the LES.

The LES then broadcasts this response to all other LECs.

The original LEC recognize this response , learns he ATM address of the destinations switch , and then sets up a switched virtual circuit(SVC)to transport the frame via ATM cells a per AAL5, which governs segmentation and reassembly

In looking the path of traffic between an Ethernet attached client and an ATM attached server , the section that is governed by LANE extends from the LEC in he ATM interface of the LAN switch to the LEC residing in server’s ATM NIC. From the standpoint of the MAC driver, frame pass directly between them just as if they were connected by a non- ATM backbone, with each LEC acting as a proxy MAC address. Vlans defined by port group would treat the ATM interface on the LAN switch just as another Ethernet port, and all ATM attached device would then be member of the Vlan. In this way, Vlans could be deployed without regard to whether the ATM switches In the backbone are fro the same vendor (so long as they support LANE). However from an administrative pint of view, many organizations may not want to employ separate management software for the ATM backbone and may prefer o source both edge devices (LAN switches) and backbone devices (ATM switches) for the same vendor . LANE can also allow for multiple ELANs by establishing more that one LEC in the ATM interfaces of participating devices (as well as a separate LES for each ELAN). Each LEC in the ATM interface of

Page | 70

the LAN switch is treated as the separate logical Ethernet port, and each LEC In single ATM attached device is seen as a separate Ethernet attached end stations. Therefore multiple LECs in a single ATM attached device can be members of different Vlans, allowing these Vlans to overlap at ATM attached devices, while Vlans are defined for both ATM and NON-ATM network devices, Vlans can be seen as supersets of ELANs figure 3 with this structure, an ATM backbone can enable all end stations from multiple Vlans to access a centralized servers or servers without passing through a router by establishing a separate ELAN for each Vlan. Since most traffic in a network in a network is between client and server, establishing Vlans that overlap at ATM attached servers greatly reduces the umber of packets that must be routed between Vlans. Of course, there is still likely to be a small amount of inter Vlan traffic remaining. Therefore, a router is still required for traffic to pass from one Vlan to another (and, therefore, from one ELAN to another).figure- 4 depicts this type of structure.

Routing Between Emulated LANs and VLANs Since routing remain necessary in any mixed ATM/shared media environment to forward inter Vlan traffic, network designer are faced with the question of where to locate the router functionality. The following are four architectural solutions to the problem of where to locate the routing functionality:

Edge routing:Basically, edge routing dictates that the routing function across the ATM backbone be incorporated into each LAN switch at the edge of the ATM backbone. Traffic within Vlans can be switched across the ATM backbone with minimum delay, while inter –Vlan packets are processed by the routing function built into the switch. In this way, an inter-Vlan packet does not have to make a special trip to external router, eliminating a extra hop. There are three other major advantages to this architecture. First, unlike solution have central routing, there is no single point of failure with edge routing architecture.

Page | 71

Second several solutions featuring edge routing is available today. Third, edge routing will function in multivendor environment if each vendor equipment supports LAN emulation.The primary disadvantage of edge routing is the difficulty of managing the multiple devices relating to having centralized management of a consolidated router function. Additionally, edge routing solutions may be more expensive than centralized routing solutions made up of centralized router and multiple, less expensive edge switches.

The One-Armed router: The concept of the so called “one-armed router” has become particularly attractive because it removes the more processing intensive, higher latency routing function fro the primary data path. A One Armed router sits off the side of an ATM backbone switch with a single ATM link, allowing packets that do not need to transverse the router to pass through he ATM backbone unimpeded. Another advantage of the One Armed router is that, relative to other configurations, it is less complex to configure and administer.the key to the One armed router structure, is shown in figure-5, is to keep as much traffic as possible out of the one armed router. By structuring Vlans to support the 80/20 rule, the router I not required to handle most traffic. For this to work well, optimal configuration of Vlans to minimize the inter Vlan traffic is critical. There are several vendors presently shipping one armed router solutions.One of the disadvantages of the one armed router is that it represents a single point of failure the network. For this reason, two or more redundant one router is generally preferred. However, perhaps the most significant drawback of the one armed router is that its one arm can develop into a backbone if Vlan traffic does not support the 80/20 rule. This can occur particularly in networks with large amounts of peer to peer traffic.

The Route server:The route server model as shown in figure-6 is physically similar to the one armed router model, but logically very different in that it breaks the routing function into distributed parts. In a armed router configuration, a packet from Vlan a heading to the user

Page | 72

moves and changes. Since these are quite substantial, this argument for Vlan implementation can be compelling. Many vendors are promising that Vlan implementation will result in a vastly increased ability to manage dynamic networks and realize substantial cost savings. This value proposition is most valid for IP networks. Normally when a user moves to different subnet, IP address must be manually updated in the workstation. This can consume a substantial amount of time that could be used for more productive endeavors such as developing a new network services. Vlans eliminate that hassle, because a Vlan membership is not tied to a workstation location in the network, allowing workstation to retain their original IP addresses and subnet membership. It certainly true that the phenomenon of increasingly dynamic networks absorbs a substantial portion of the budgets of most IS departments. However not just any Vlan implementations will reduce these costs. Vlans themselves add another layer of virtual connectivity that must be managed in conjunction with physical connectivity. This is not to say that Vlans cannot reduce the cost of moves, and changes if properly implemented, they will. However organization must be careful to throw the Vlan at the network, and they must make sure that the solution does not generate more network administration than it saves.

Virtual Workgroups: one of the more ambitious Vlan objectives is the establishment of the virtual workgroup models. The concept is that, with full Vlan implementation across the campus network environment, members of the same department or section can all appear to share the same LAN with most of the network traffic saying within the same VLAN broadcast domain. Someone moving to a new physical location but remaining in the same department could move without having workstations reconfigured. Conversely, a user would not have to change his or her physical location when changing departments- the network manager would simply change the user’s Vlan membership. This functionality promises to enable a more dynamic organizational environment, enhancing the recent trend toward cross functional teams. The logic of the virtual workgroup model goes like this: team formed on temporary, project basis could be virtually connected to same LAN without

Page | 73

requiring the people to physically move in order to minimize the traffic network across the collapsed backbone. Additionally these workgroups would be dynamic: Vlans corresponding to these cross functional project teams could be set for the duration of project and torn down when the project was completed, all the while allowing users to remain in the same physical locations. Although this scenario seems attractive, reality is that Vlans cannot alone pave the way for full utilizations of virtual workgroup model. There are several managerial and architectural issues that at this point, pose problems for the virtual workgroup model. There are several managerial and architectural issues that, at this point, pose problems for the virtual workgroup model.

Managing Virtual Workgroups: from a network management perspective, the transitory nature of these virtual workgroups may grow to the point where updating Vlan membership becomes as onerous as updating routing tables keep up with ads moves and changes today (although it may save the time and effort involved in physically moving the user’s workstation). Moreover there are cultural hurdles to overcome in the virtual workgroup model: people usually move to be close to the people with whose they work, rather than to reduce the the traffic across the collapsed backbone.

Maintaining the 80/20 Rule: virtual LAN support for virtual workgroups is often tied to support of the 80/20 rule that is 80% of the traffic is “local” to the workgroup while 20% is remote or outside of the workgroup. In theory, by properly configuring the Vlans to match workgroups, only the 20% of the traffic that is non local will need to pass through a router and out of the workgroup, improving performance of the traffic that is within is within the workgroup. However, many believe that the applicability of the 80/20 rule is waning due to the development of servers and network applications such as e-mail and Lotus notes that users throughout the enterprise access on equal basis.

Page | 74

Access to Local Network Resources: the victuals workgroups concept may run into the simple problem that users must sometimes be physically close to certain resources such as printers. For example, a user is in the accounting Vlan, but is physically located in the area populated by members of sales Vlan. The local network printer is also in the sales Vlan. Every time this accounting Vlan member prints to the local printer, his print file must traverse the router connecting the two Vlans. This problem can be avoided by making that printer a member of both Vlans. This clearly favors LAN solution that enable overlapping Vlans .if overlapping Vlans is not possible this scenario would require that routing functionality be built into the backbone switch. Then, the example print file would be routed by he switch rather than having to go through an external router.

Centralized Servers frames: server frames refer to the placement of the departmental servers in data center, where they can be provided with consolidated backup, uninterrupted power supply, and proper operating environment. The trend toward server farm architecture has accelerated recently and is expected to continue in order to continue administrative costs .centralized server’s farm raise problems for the virtual workgroups model when vendor solutions do not provide the ability for a server to belong to more than one Vlan simultaneously. If overlapping vlan is not possible, traffic between a centralize server and clients not belonging to that server’s Vlan must traverse a router. However if the switch incorporates built in routing and is able to route inter Vlan packets at wire speed. There is no performance advantage for over lapping Vlans over routing between Vlans to allow universal access to centralized servers. Remember only inter Vlans packets would need to be routed not all packets. Several vendors support integrated routing as an alternative to overlapping Vlans. While workgroup Vlans may be extended to centralized servers farms. This is not always possible. In some networks, the MIS people who control the servers may want to place the routers between

Page | 75

the server’s farms and rest of the network in order to create a separate administrative domain or to enhance network security via router access control lists. Depending on vendor implementations, most switching products will not support Vlans that across routers (the exception would be Vlans that equate to IP multicast groups). It should be kept pt in mind that cordoning of servers with external routers conflict with one of the reasons for utilizing switches and Vlans in the first place to avoid the delay introduced by the routers.

Reduction of Routing for Broadcast ContainmentEven the most router –centric networking vendors have common to embrace the philosophy of “switch when you can, route when you must”. Although the switches provide substantial performance enhancement over layer 3 packet forwarding (routing), as users learned years ago with bridges, switches normally do not filter LAN broadcast traffic; in general they replicate it on all ports. This not only can cause large switched LAN environments to become flooded with broadcasts, it is also wasteful of precious wide area network bandwidth. As a result, users have traditionally been forced to partition there networks with routers that act as broadcasts” firewalls”. Hence simple switches alone do not allow users t phase out routers completely. One of the primary benefits of Vlans is that LAN switches supporting Vlans can be used to control effectively control broadcast traffic, reducing the need for routing. Broadcast traffic from servers and end stations from a particular Vlan is reacted only on those switches ports connected to end stations belonging to that Vlan. Broadcast traffic is blocked from ports with no end station belonging to that Vlan, in effect creating the same firewall that a router provides. Only packets that are destined for addresses outside the Vlan need to proceed to a router for forwarding. There are multiple reasons for utilizing Vlans to reduce the need for routing in the network:

Higher Performance and Reduced Latency

Page | 76

As the network expands, more and more routers are required to divide the network into broadcast domains. As the numbers of routers increases, latency begins to degrade network performance. A high degree of latency in the network is a problem now for many applications. But it is particularly troublesome for newer applications that feature delay sensitive multimedia and interactivity. Switches that employ Vlans can accomplish the same division of the network into broadcast domains, but can do so at latencies much lower than those than those of routers. In addition performance, measured in packets per seconds, is usually higher for switches than for traditional routers. However it should be noted that there are some switches supporting network layer defined Vlans that may not perform substantially faster than routers. Additionally, latency is also highly correlated to the number of hops a packet must traverse, no matter what internetworking device (switch or router) is located at each hop.

Ease of Administration: Routers require much more complex configuration than switches; “they are administratively rich”. Reducing the number of routers in the network saves time spent on network management.

Cost: Router ports are more expensive than switch ports, also by utilizing cheaper switch ports, switching and Vlans allow networks to be segmented at a lower cost that would be the case if routers alone were used for segmentations. In comparing Vlans with routing, Vlans have there disadvantages as well. most significant weakness is that , Vlans have been to date, single vendor solutions and there for may lead to switch vendor lock in the primary benefits of Vlans over routing are the creation of broadcast domains without the disadvantages of routing and the reduction in the cost of moves and changes in the network, therefore if neither of these are problem , then the user organization may want to forgo Vlans and continue deploying a multivendor network backbone and segmented by a mix of a few routers and a relatively large number of simple switches. Assuming a major implementation of Vlans what

Page | 77

is the role of routers in a network? Routers have two remaining responsibilities: to provide connectivity between Vlans, and to provide broadcast filtering capabilities for WAN links where Vlans are not generally appropriate.

Routing Between Vlans. Vlans can be used to establish broadcast domains within the network as routers do, but they cannot forward traffic from one Vlan to another. Routing is still required for inter Vlan traffic. Optimal Vlan traffic is predicated on keeping as much traffic from traversing the router as possible. Minimizing this traffic reduces the chance of the router developing into a bottleneck. As a result , “a corollary to “ switch when you can, route when you must” in Vlan environment becomes “ routing is used only to connect Vlans “ having said this, however keep in mind that in some cases routing may not prove to be much of bottleneck . as mentioned earlier integrating routing functionality into the backbone switch eliminates this bottleneck if this routing is accomplished at high speed for inter Vlan packets.Vlan B is sent to the one armed router, where it wais for address resolution, path calculation, establishment of a connection across the ATM backbone, and finally, transmission. In a route server scheme, the same packets wait in the cache of the LAN switch at the edge of the ATM backbone before transmission. In this process, the packet itself never traverses a router. The only traffic to and from the route server is the signaling required to set up a connection between LAN switches across the ATM backbone. The advantage is that less routed traffic must be diverted to the route server, of reducing the number of hops required through the backbone. Also overall traffic across the route server’s one arm is reduced. There are of course disadvantages to the route server approach as well. First initial Vendor implementations are strictly proprietary and do not support standard routing protocols. Secondly, at this point available route servers only support IP. Of course servers share one of the one armed router’s this problem can be mitigated by redundancy. Finally because route server architecture requires LAN switches to have a certain level of routing functionality, route server solutions tend to be more expensive and more complex to configure than the relatively

Page | 78

simple LAN switches developed in the one armed router architecture.

MPOA There is at least one development that ma eventually standardize the route server approach. The multi protocol over ATM (MPOA) standards working group of the ATM forum is currently working out the details of n implementation model for MPOA service. While a variety of models have been proposed, MPOA is expected to provide a direct virtual circuit connectivity between ATM networks attached devices that may belong to different routing subnets. In other words MPOA can let logical end stations that are part of different ELANS that communicate directly across an ATM network without requiring an intervening router. Since ELANs are subnets of Vlans, MPOA holds the promise of enabling an ATM backbone to connect Vlans without the need for an external router. MPOA can be considered an enhancement beyond LANE that integrates routing functionality into the LAN-ATM edge switch. All inter VLAN traffic would be able to leverage this capability, and network latency would be reduced. An MPOA standard is not expected to be finalized until at least 1997, and the initial implementation will most likely support only TCP/IP. It should be noted that some f the disadvantages of the route server approach, such as cost and management complexity, would remain in MPOA solutions.

VLANs and DHCP: Overlapping Solutions With Microsoft recent introduction of the Dynamic Host Configuration protocol (DHCP), users now have another alternative for reducing the workload associated with administration of workstation IP address. Unfortunately, DHCP can actually conflict with Vlan implementation, especially with layer-3, IP-based Vlans.

DHCP Functionality

Page | 79

When considering the ability of Vlans to deal with ever changing networks, it should be remembered that most of the difficulty in supporting adds, moves, and changes occur in IP networks. In order to deal with reconfiguring IP addresses, Microsoft has developed DHCP, a TCP/IP based solution incorporated into windows NTtm server and most windows clients. Rather than establishing location independent broadcast domains as Vlans do, DHCP dynamically allocates IP address to logical end stations for fixed period of time. When he DHCP server detects a workstation whose physical location no longer corresponds to its allocated IP address, it simply allocates that end station a new address. By doing so , DHCP enables workstations to be moved from subnet to subnet without network administrator having to manually reconfigure the workstation’s IP address or update host table information. The element of DHCP that equates most closely to Vlan functionality in the network administrator ability to specify a range of IP address available for a particular logical workgroup. These logical groups are termed as “scopes” in a Microsoft Lexicon. However scopes should not be equated with Vlans, because members of single scope are still bound by their physical subnet. Although there an be multiple scopes residing in each subnet. Consequently, DHCP implementation may reduce the labors intensive administration of TCP/IP network broadcasts in the same way as Vlans do.

Best Use for EachIn what types of network environments should Vlans be implemented, and in what types of network environments does DHCP, takes the most sense? Since DHCP is solely an IP- based solution, it has little appeal in environments where IP users are a minority, since all TCP/IP clients would be excluded fro scope membership. In particular, network environments where non TCP/IP protocols are required for mission’s critical applications may benefit more from Vlan implementation, since Vlan can be used to contain multiprotocol broadcast traffic. However for smaller purely TCP/IP network environments (under 500 nodes), DHCP alone may suffice. By simply having fewer total network nodes and fewer physical subnets, the needs to establish fully location independent logical groups is greatly reduced.

Page | 80

Additionally, for medium sized organizations that, for what ever reason, do not support location independent workgroups, Vlans lose much of there appeal when compared to DHCP. There is one area in which Vlans and DHCP do not compete: dynamically maintain address tables, hey lack routing functionality and cannot create broadcast domains. Therefore DHCP has no impact on an organization need for routing in the network. In environments where the containment of broadcast traffic without having t resort to routers is major requirement, Vlans are a better solution.

Overlap Between DHCP and VLANsIn what ways can DHCP and Vlan work together, and in what situation do they represent competitive solutions? DHCP and layer 3, IP based Vlans clearly represent competitive solutions because of addressing problems that seem from implementing layer 3 based Vlans in conjunction with DHCP. If a client workstation physically moves to new subnet, the DHCP server will allocate a new IP address for that workstation. Yet his workstation’s Vlan membership is based on the old IP address. Therefore the network administrator would have to manually update the client’s IP address. Therefore he network administrator would have to manually update the client’s IP address in the switch’s Vlan tables. This would eliminate the primary benefit of DHCP and one of the primary benefits of IP based Vlans .in summary these two solutions represent an either proposition for most network environments. Implementing Vlans defined by MAC layer address in conjunction with DHCP in a somewhat more plausible solution. However DHCP together with MAC based Vlans would create a two tiered, redundant matrix of logical groups (AC address based Vlans and DHCP scopes). Having two tiers of logical groups would make otherwise easy to manage, “drag and drop” moves, adds and changes unnecessarily difficult and might entail more labor intensive network administration and if neither solution was implemented. Port –group based Vlans and DHCP can co-exist, and there joint implementation can be complementary. As stated earlier, when users in Vlans based purely on port groups move from one port group to another, their Vlan membership changes. In a non DHCP environment where IP subnets corresponds one-to-one with Vlans, users who move from one port group to another

Page | 81

would still need to have there workstations reconfigured to reflect there new IP subnet. Implementing this DHCP would make this reconfiguration automatic. The port group based Vlans, of course, provide he broadcast containment that DHCP implementation alone does not. In this way, DHCP and port group base Vlans can work together to accomplish both broadcast containment and automation of moves and changes. Port group based Vlans and DHCP, in conjunction with deployment of architectures that reduce the need for external routing of inter Vlan traffic (such a multiple Vlan membership or integrating routing into the switch), represent a fairly complete short-to medium term solution, which will alleviate the most pressing problems faced in many network environments.

VLAN Architecture Going ForwardDue trends towards server centralization, enterprise-wide e-mail, and collaborative applications, various network resources will need to make available to users regardless of heir Vlan membership. Ideally, this access should be provided without most user traffic having to traverse a router. Organizations hat implement Vlans recognize the need for certain logical end-stations (for example, centralized servers) to communicate with multiple Vlans on a regular basis, either through overlapping Vlans (in which network attached end stations simultaneously belong to more than one Vlan) or via integrated routing that can process inter Vlan packets at wire speed. From a strategic standpoint, these organizations have two ways to deploy Vlans: an “infrastructural” Vlan implementation or “service based” Vlan implementation. The choices of approach have substantial impact on the overall network architecture, and may even affect the management structure and business model of the organization.

Infrastructural VLANsAn infrastructural approach to Vlans is based on the functional groups (that is the departments, workgroups, sections, etc.) that make up the organization. Each functional group, such as accounting, sales, and engineering, is assigned to its own uniquely defined Vlan. Based on the 80/20 rule, the majority of network

Page | 82

traffic is assumed to be within these functional groups, a thus within each Vlan. In this model, Vlan overlap occurs at network resources that must be share by multiple workgroups. These resources are normally servers, but could not include printers, routers providing WAN access, workstations functioning as gateways, a so forth. The amount of Vlan overlap in the infrastructure model is minimal, involving only servers rather than user workstations-making Vlan administration relatively straight forward. In general, this approach fits well in those organizations that maintain clean, discrete organizational boundaries. The infrastructural model is also the approach most easily enabled by presently available solutions and fits more easily with networks deployed today. Moreover, this approach does not require network administrator to alter hoe they view the network, and entails a lower cost of deployment. For these reasons, most organizations should begin with an infrastructural approach to Vlan implantation. As can be seen in the example in figure 7, the e-mail server is a member of all the departments Vlans, while the accounting database server is only a member of the accounting Vlan.

Service-Based VLANsA service-based approach to Vlan implementation looks, not at organizational or functional groups, but an individual server access to servers and applications-that Is, network resources. In this model, each Vlan corresponds to server or service on the network. Servers do not belong to multiple Vlans-groups of users. In a typical organization, all users would belong to the e-mail server Vlan. While only a specified group such as the accounting department plus top level executives would be member of accounting database server’s Vlan.By its nature, the service based approach creates a much more complex set of Vlan membership relations to be managed. Given the level of most Vlan visualization tools presently available, a large number of overlapping Vlans using the service based approach could generate incomprehensible multilevel network diagrams at a management console. Therefore to be practical, service based Vlan solutions must include a high level of automatic configuration features. However in response to types of

Page | 83

applications organizations want to deploy in future, as well as he shift away fro the traditional, more rigid organizational structures, the trend in Vlan implementation will be toward the service based approach, and figure 8 depicts the service based Vlan model. s bandwidth to desktop increases and s vendor solutions becomes available to better mange greater Vlan overlap, the size of group that belongs to a particular set of Vlan may become smaller and smaller. At the same time, the number of these groups becomes larger and larger, to the point where each individual could have a customized mix of services delivered to his or her workstation. Taking that concept a step further, control over what services are delivered at a given time could be left upto each individual user. At that point, the network structure begins to take on the multiple-channel characteristics of a cable TV network. In fact, at this stage, this model finds the greatest degree of similarity in Vlans defined by IP multicast group-each workstation has the choice of which IP multicast or “channel” it wants to belong to. In such a future environment, Vlans lose the characteristics of static or semi static broadcast domains defined by the network manager, and become channels to which users subscribe. Users simply sign up for the applications they need delivered to them at a particular time. Applications use could be accounted for, enabling precise and automated chargeback for network services. Network mangers could also retain control in order to block access to specific channels b certain users for security purposes.

VLAN Migration StrategiesAs this paper has demonstrated, there are many factors to be considered in Vlan implementation: technological, architectural, and organizational. Given the effects of Vlans on network architecture, organizational structure, and even the business model of some organizations, it is difficult to deploy Vlan technology solely as a tactical solution, only where and when it is needed. However this not imply an all-or-nothing strategy in which the network architecture is transformed overnight from one based on physical subnets and router based segmentation to one of service based Vlans. What steps are necessary before applying Vlans to

Page | 84

enterprise network? Initially, Vlans should be seen as solution al least one of the two problems.

Containment of broadcast traffic to minimize dependence on routers

Reduction in the cost of network moves and changes

An organization where broadcast traffic is not yet a problem or where the cost of network moves and changes is tolerable, may want to forgo implementing Vlans for the time being. However the majority of large enterprise networks are now experiencing new or both of these problems. In organizations that are rapidly replacing routers with switches and may soon face broadcast traffic containment issues, element architecture should be considered: the degree to which the network has evolved toward a single user/port switched LAN architecture. If the majority of users are still on shared LAN segments, the ability of Vlans to contain broadcasts is greatly reduced. If multiple users belong to different Vlans on the same shared LAN segment would receive broadcast from each Vlan- defeating the goal of broadcast containment. Having determined that Vlans need to be a part of network planning in the immediate future, server access, server location, and application utilization must all be thoroughly analyzed to determine the nature of traffic flow in the network. This analysis should answer the remaining questions about where Vlan broadcast domains should be deployed, what role ATM needs to play, and where the routing functions should be placed. Because f the limitations of the present Vlan technology, initials Vlans are likely to employ an infrastructural approach.

However, as vendor solutions develop, many organizations will want to consider migration toward a more service based model, which will more easily let users subscribe to various network services. This concept of user controlled subscriber ship, as opposed to administrator-controlled membership, is augmented by NICs with built in Vlan functionality operating in environments wit single user per switch port. In this scheme, the NIc driver dynamically tells the switch which multicast groups or Vlans it

Page | 85

wants to belong to. Certainly, his type of distributed Vlan control leverages the increasing processing power of the desktop and enables a higher degree of other, related functionality such as automatic Vlan configuration and traffic monitoring. In addition, agents residing in each NIC will enable the workstation to collect and report information n specific application usage (rather than just simple layer2 traffic statistics in the case of RMON10. This capability facilitates the automatic charge back for network services described earlier for service based Vlans. If individual users control Vlan membership, what about security? Clearly, users cannot be allowed to simply subscribe to any network service they wish. The network administrator must be able to establish policies that define which users have access to what resources and what class of service each user is entitled to. One solution to security may come in the form of an authentication server. These servers may well develop into the primary method by which the Vlans of the future are defined. Authentication servers define Vlan membership by user Id rather than by MAC address or IP address. Defining Vlans in this way greatly increases flexibility and also implies a certain level of integration of Vlans with the network operating systems, which typically ask the user for a password anyway to allow or deny access to network resources. One of the primary advantages of authentication servers is that they allow the user to take his or her Vlan anywhere, without regard to which workstation or protocol is being used. The analysis of network traffic, application usage, server access, and so on that is necessary in the Vlan migration process, and which will greatly be furthered by implementation of RMON2, may simply produce Vlans that corresponds to functional teams or departments. On the other hand, if migration is undertaken by a holistic view of the capabilities of Vlan technology, and the network designers ask the question, “who should talk to whome ?”. Rather than “who is talking to whom ?”.it may become apparent that fundamental process and organizational changes: trends such as flatter hierarchies , revamped workflows, and innovative business models are fully helping leverage the possibility of emerging applications.

Page | 86

CONCLUSION

The industrial training at Bharat Electronics, Ghaziabad has given me an exposure of the activities of a large public sector-undertaking unit. This being a large organization deals with wide spectrum of technologies. The concept of service-based VLAN technology holds the potential for harmonizing many of today’s organizational and managerial changes with the structural and technological developments in the network. Despite the promise of this vision, VLAN implementation must solve real world problems in

Page | 87

order to be financially justified. Organizations that have deployed or are planning to deploy large of switch ports, dividing the network into smaller segments to increase bandwidth per user, can make a very strong case for VLAN implementation in order to contain broadcasts. However, any organization that expends substantial resources dealing with moves and changes in the network may also be able to justify VLAN implementation. This is simply because VLANs, if implemented as a part of strategic solution, may be able to substantially reduce the cost of dealing with moves and changes. For these organizations, the switching infrastructure upon which most VLAN solutions are based can be seen as an added and quite valuable benefit.

Page | 88

Page | 89