Name: draft-sanjib-private-vlan-02
Title: PRIVATE VLANS: Addressing vlan scalability and security issues in a multi-client environment
State: Active
Authors: Sanjib HomChaudhuri, Marco Foschiano
Group: Individual Submissions (none)
Date: 2004-06-18
This document describes the concept of layer 2 isolation among devices that
are members of the same layer 2 domain. A vlan is a layer 2 broadcast
domain in which all devices can establish direct communication with one
another at layer 2. As a consequence, devices that are connected to the
same vlan have an implicit trust relationship with each other. If
because trusted and untrusted devices end up sharing the same broadcast
domain. The traditional solution to this kind of problem is to assign a
separate vlan to each device that is concerned about layer 2 security
issues. That however is not a scalable solution. The mechanism proposed in
this document can offer total layer 2 isolation between devices connected
to the same vlan. What that means is that, on the one hand, each customer
will enjoy the benefits that come with a separate dedicated vlan, while on
the other hand the service provider will enjoy the benefit of consuming as
few as two vlan identifiers.
[sh-index] Back to list of manuals
|
| |
