Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: VLANs and their domains
Special Forums IP Networking VLANs and their domains Post 302910156 by gjws on Tuesday 22nd of July 2014 08:10:24 PM
Old 07-22-2014
Like Jim says, the main purpose would be security enforcement. It is very typical for an application to make use of a web server, an application server, and a database server. The Web server is obviously open on ports 80 and 443, and accessible from the internet. Web server may talk to the application server via, say DCOM, which by default used UDP ports 1024-5000. Lastly, the application server may talk to the Database server using SQL on TCP port 1433.

Ideally these servers would all talk to each other through a firewall, which can perform L3 - L7 application filtering and enforcement. So your firewall would have a leg in all 3 VLANS, and all traffic between the servers would be forced through the firewall. With things like virtual firewalls becoming more common things are becoming more and more complex in the DC. For example, the web, application and db server may all reside on the same physical host in a virtualised environment, so then you need to start thinking about things like 802.1q trunking etc, but that's another discussion Smilie
Last edited by gjws; 07-22-2014 at 09:10 PM.. Reason: spelling
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

multiple domains

Hello, I have 3 domains virtually hosted "name based" the first one "domain1.com" has its ServerName entered as domain1.com. this domain will load in a browser by www.domain1.com or simply domain1.com. the next two domains "domain2.com" and "domain3.com" ServerNames are listed as domain2.com and... (2 Replies)
Discussion started by: ericg
2 Replies

2. UNIX for Dummies Questions & Answers

blocking domains

Dear All , Kindly note I have sun solaries 7 . I want to block a domain who keep sending emails to my domain and users . thanks (1 Reply)
Discussion started by: tamemi
1 Replies

3. UNIX for Dummies Questions & Answers

creating domains

ok i am setting up dns or going to do it with solaris 9 once u setup the domain what file can u look @ to see if it setup or not (4 Replies)
Discussion started by: rmuhammad
4 Replies

4. UNIX for Advanced & Expert Users

Different Nameservers for Different Domains?

I have a system that is connected to a private network with its own DNS (call it "privnet."), and is also connected to the Internet on a separate interface. Is it possible to convince this server to query the private nameserver for the private network's domain (e.g. "host foo.privnet."), and the... (2 Replies)
Discussion started by: vertigo23
2 Replies

5. IP Networking

vlans

Hi All, I'm trying to configure a vlan interface, to do this I'm using the following command "vconfig add eth0 20". I have my interface up and running, but when I test it using "ping -I eth0.20 192.168.1.1" and in other console use "tcpdump -i eth0.20" I can not see any tagged frame. ... (0 Replies)
Discussion started by: lagigliaivan
0 Replies

6. AIX

AIX / Etherchannel / VLANs

I have 1 AIX server, 4 dual ported fiber attached ethernet cards and 4 VLANS coming in. Is it possible to present those 8 ports as 1 IP address using etherchannel? Thanks. (5 Replies)
Discussion started by: jwholey
5 Replies

7. UNIX for Dummies Questions & Answers

Sub domains from report

Hi, I have a report containing severals organization's email address. The address contain several sub domains, and i need to pull those out. mail domain ( example.com) .................. The report column contain mail address in this format : john1@sub1.example.com... (2 Replies)
Discussion started by: john_prince
2 Replies

8. UNIX for Dummies Questions & Answers

Help with VLANs

Hi Gurus, Can anyone explain me what is a Vlan and a Native vlan. How to check the native Vlan on my server having a solaris10 OS. Thanks in advance.:) (2 Replies)
Discussion started by: rama krishna
2 Replies

9. Solaris

Oracle VMs and VLANs

I've been given an IP address to assign to an ldom that is in a different subnet than the host, and I am looking for assistance in getting it online. I believe I need "VLAN tagging" as found in this link, but I do not understand all of the terminology. My host machine is on subnet 10.25.112.x,... (1 Reply)
Discussion started by: bstring
1 Replies

10. Proxy Server

Linux Networking - VLANs & Multiple IP's

In a "typical" data centre environment (telco, financial services etc), would a Linux OS typically have one IP address connected to one VLAN or would it have many IPs and/or VLANs. I say "Linux OS" as I'm referring to an instance of the OS not necessarily a Host or server. Think Linux OS = VM in a... (9 Replies)
Discussion started by: PCB
9 Replies

LEARN ABOUT FREEBSD

vlan

VLAN(4) 						   BSD Kernel Interfaces Manual 						   VLAN(4)

NAME

     vlan -- IEEE 802.1Q VLAN network interface

SYNOPSIS

     To compile this driver into the kernel, place the following line in your kernel configuration file:

	   device vlan

     Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5):

	   if_vlan_load="YES"

DESCRIPTION

     The vlan driver demultiplexes frames tagged according to the IEEE 802.1Q standard into logical vlan network interfaces, which allows rout-
     ing/bridging between multiple VLANs through a single switch trunk port.

     Each vlan interface is created at runtime using interface cloning.  This is most easily done with the ifconfig(8) create command or using the
     cloned_interfaces variable in rc.conf(5).

     To function, a vlan interface must be assigned a parent interface and numeric VLAN tag using ifconfig(8).	A single parent can be assigned to
     multiple vlan interfaces provided they have different tags.  The parent interface is likely to be an Ethernet card connected to a properly
     configured switch port.  The VLAN tag should match one of those set up in the switched network.

     vlan initially assumes the same minimum length for tagged and untagged frames.  This mode is selected by setting the sysctl(8) variable
     net.link.vlan.soft_pad to 0 (default).  However, there are network devices that fail to adjust frame length when it falls below the allowed
     minimum due to untagging.	Such devices should be able to interoperate with vlan after changing the value of net.link.vlan.soft_pad to 1.	In
     the latter mode, vlan will pad short frames before tagging them so that their length is not less than the minimum value after untagging by
     the non-compliant devices.

HARDWARE

     The vlan driver supports efficient operation over parent interfaces that can provide help in processing VLANs.  Such interfaces are automati-
     cally recognized by their capabilities.  Depending on the level of sophistication found in a physical interface, it may do full VLAN process-
     ing or just be able to receive and transmit long frames (up to 1522 bytes including an Ethernet header and FCS).  The capabilities may be
     user-controlled by the respective parameters to ifconfig(8), vlanhwtag, and vlanmtu.  However, a physical interface is not obliged to react
     to them: It may have either capability enabled permanently without a way to turn it off.  The whole issue is very specific to a particular
     device and its driver.

     At present, these devices are capable of full VLAN processing in hardware: ae(4), age(4), alc(4), ale(4), bce(4), bge(4), bxe(4), cxgb(4),
     cxgbe(4), em(4), igb(4), ixgb(4), ixgbe(4), jme(4), msk(4), mxge(4), nxge(4), nge(4), re(4), sge(4), stge(4), ti(4), txp(4), and vge(4).

     Other Ethernet interfaces can run VLANs using software emulation in the vlan driver.  However, some lack the capability of transmitting and
     receiving long frames.  Assigning such an interface as the parent to vlan will result in a reduced MTU on the corresponding vlan interfaces.
     In the modern Internet, this is likely to cause tcp(4) connectivity problems due to massive, inadequate icmp(4) filtering that breaks the
     Path MTU Discovery mechanism.

     These interfaces natively support long frames for vlan: axe(4), bfe(4), cas(4), dc(4), et(4), fwe(4), fxp(4), gem(4), hme(4), le(4), nfe(4),
     rl(4), sf(4), sis(4), sk(4), ste(4), tl(4), tx(4), vr(4), vte(4), and xl(4).

     The vlan driver automatically recognizes devices that natively support long frames for vlan use and calculates the appropriate frame MTU
     based on the capabilities of the parent interface.  Some other interfaces not listed above may handle long frames, but they do not advertise
     this ability.  The MTU setting on vlan can be corrected manually if used in conjunction with such a parent interface.

SEE ALSO

     ifconfig(8), sysctl(8)

BUGS

     No 802.1Q features except VLAN tagging are implemented.

BSD
								   June 4, 2012 							       BSD
All times are GMT -4. The time now is 05:13 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy