Improving the Throughput of a Network using VLAN Switch Techniques

High throughput with minimum delay is the ultimate demand being required from any network. Traffic congestion is the major problem that deteriorates the performance of a given network. Although switches help to a large extent in improving the traffic efficiency, but this is not the case with large scaled networks (WAN for example). VLAN switches play important roles in further improvements of network performance. The available types are based on port number and the new versions are based on MAC address, both types suffer from lack of security. The proposed VLAN switch provides higher network security because it is based on a simultaneous port and MAC functions. This benefit justifies the slight reduction in the throughput-delay performances as compared with the other types.

advantages: flexible network segmentation, simple management, increased performance and better use of same resources [4].
VLANs can be defined and created according to the following: Switch port: it is also called static VLAN, (all other types of VLAN are called dynamic VLAN). In this type, each access port in the switch is configured to be a member of a certain VLAN. It is the most popular one and could be implemented in hardware, since it does not require any processing of the packet to decide which VLAN it belongs to. The reallocation of any computer needs that the administrator must reconfigure the switches to enable the computer to stay in its original VLAN.
MAC address: This is a layer two definition, the membership table maps the switch port number with the MAC address and the VLAN identification. Reallocation of any previously stored computer does not need any intervention from the administrator.
IP address: It is based on layer three performance, the membership table maps the switch port with the IP address and the VLAN identification. Reallocation of user does not necessitate reallocation of his computer. Only his new computer is configured with his original IP.
Application: This is a layer seven definition, the membership table could be assigned according to applications or user identification, and the later is called authenticated VLAN. It needs deep inspection of the packet and provides maximum security in the case of authenticated VLAN. Before starting the study of the proposed VLAN switch structure and operation. It is an important task to have a look about ordinary switches. Figure (1) shows a flow chart of a conventional LAN switch, it is based on store and forward principle of operation.The processor of the switch builds a table that associates the MAC address of each local computer with the port number through which that device is reachable. When the switch receives a packet, it checks the CRC field to guarantee that the packet is correct. Then it is to be stored in a First In First Out (FIFO) buffer in order to have the required time to determine the port of the destination user and to forward the packet to it.

Figure
(2) shows a general block diagram of a VLAN switch, it consists of access links, access input and output buffers, a trunk link, trunk input and output buffer, a scheduler, and VLAN controller with switching fabric. The performance of this kind of switches differs than conventional LAN switches. It must have the capability to distinguish whether the packet is received from an access link or a trunk link. The access link is designed to connect workstations to the switch. Figure (3) shows a flow chart about the steps to be followed when a packet is received from an access link. The workstations are VLAN-unaware, (i.e they deal with normal packet frames). Each access link belongs to one VLAN only. A trunk is a point-to-point link; it transmits and receives traffic between switches. Figure (4) shows a flow chart about the procedure to be followed when receiving a packet from a trunk port. All devices connected to a trunk link are VLAN-aware (i.e. they understand the VLAN memberships). All frames on the trunk link have a special tags located on the header. Trunk link does not belong to any VLAN. They can carry frames from all VLANs.
The application of VLAN follows the IEEE 802.1q standard [5]. According to this protocol, VLAN tag is inserted in the layer two of the packet frame as shown in figure (5).The tag unit is consisting of: Tag protocol identifier. The tag protocol identifier is one that indicates that a tag header is following; this indication is the hexadecimal number 8100.
Tag control Information. This field contains the user priority, canonical format indicator (CFI), and the VLAN ID. The fields are: This field allows priority information to be encoded in the frame. Eight levels of priority are allowed, where zero is the lowest priority and seven is the highest priority.
This bit indicates that all MAC addresses in the MAC data field are in the canonical format, it must be "0" for Ethernet frames.
This field is used to uniquely identify the VLAN to which the frame belongs.
The design of the proposed VLAN switch is based on the following: The packet format is similar to Ethernet packet format. The VLAN switch is designed to support VLAN membership by ports or/and MAC. Each VLAN switch consists of eight ports, seven of them are access ports devoted for users' connections and the eighth port is for the VLAN switches interconnection (trunk port).
The trunk port buffer capacity is ten times greater than the access port buffer to prevent saturation. The switch fabric is partially crossbar type.
The model is developed using SIMULINK with the extensive application of state flow block (in order to simulate discrete event system which this block provides). Input and Output Buffer: It is based on the blocks available in Simulink library. The buffer is controlled by many signals as follows: push signal is initiated during the arrival of a packet; it is generated by the output of a digital comparator that synchronizes the arrival of the packet with the timing signals of the switch. Initiating the pop signal will force the data to be polled from the buffer; this signal is generated from the scheduler unit. The scheduler unit is initiated by the status signal generated from the buffer unit; this signal indicates the status of the buffer (empty, ready, number of buffered packets, and full).

2.
Scheduler unit: The operation of this unit is based on the round robin polling technique. The polling cycle can take one of the following: a) In the case that full signals are not activated, the polling cycle will take one packet from each buffer. b) If the full signal of any buffer is activated, then during the polling sequence of that buffer, n (≥3) packets can be popped continuously from the intended buffer and goes back to the one packet polling strategy from the next buffer. Figure (7) shows a flow chart of the scheduler polling technique operation. This unit will accept the "status" signals of the input buffers including the input trunk buffer, through a multiplexer and the "ready" signal from the VLAN controller. The scheduler output will pass to the pop inputs of the buffers through a demultiplexer. To synchronize the operation of the buffers with the crossbar selection, a control signal is passed from the scheduler unit to the VLAN controller unit to force the proper connection to be closed.

3.
VLAN controller: Figure (8) shows a functional block diagram of this unit, it controls the switch fabric unit and the trunk traffic. In the case of a packet popped from the input trunk buffer, the packet processing unit will check weather it is directed to a user within the ports of the same switch or it is directed to a user within ports of another switch. In the first case, the tag remover unit will remove the tag information and checks the address of the destination user and the port location associated with this address will be taken from the lookup table. After that the packet processing unit will apply the following algorithm: a) If the packet is directed to a user within the same VLAN, then the processing unit will close the proper crossbar switch to forward the packet to the required destination output buffer. b) If the packet is not within the same VLAN, the packet processing unit will add the tag information and direct it to the output trunk buffer. a) : Figure (9) shows a simulation model of a single VLAN switch; it consists of the following:-Work station: This unit is used for the generation and reception of packets. There are seven work stations connected to the access ports of the VLAN switch. The packet to be transmitted is composed of: (preamble, destination and source MAC addresses, packet length, and variable length of data). VLAN switch: This is the proposed VLAN switch that was explained in the past section. Since VLAN by port is the only available technique provided by the famous OPNET ITGURU software [6], therefore and as a matter of check, it is used here to validate the accuracy of the proposed VLAN switch performance. Figure (10) shows an acceptable throughput-offered load relationship whether it is obtained from SIMULINK or from OPNET simulation techniques.
Three VLANs are assigned for example to the three departments (administration, accounting, and engineering). The lookup table for the VLAN switch is shown in table (1). The simulation deals with four different cases; the first one is devoted to the case in which all the workstations are connected to a single LAN (i.e. the VLAN switch will act as a conventional LAN switch), the second case defines VLAN membership by port, the third case defines VLAN membership by MAC address, and finally VLAN membership is defined by both port and MAC jointly. The last type is proposed to ensure more security which is achieved by checking port number and MAC address simultaneously to get VLAN identification. Figure (11) shows the throughput-offered load relationship, the improvement in the throughput using different VLAN techniques is obvious as compared with the conventional switching network. Although the throughput of VLAN by port is the best followed by VLAN by MAC, the security benefits from VLAN by port and MAC justify the slight reduction in the throughput performance (with respect to VLAN by port or MAC).  Figure (12). Since traffic among different VLANs needs layer three routing device; interVLAN traffic is avoided in this layout. Figure (13) shows a SIMULINK representation of the simple network. The lookup tables of VLAN switch1 and VLAN switch2 are shown in tables (2) and (3) respectively. It is important to mention that the administration VLAN computers (PC1, PC4, and PC7) will behave in a similar way as if they were connected to a conventional LAN switch network, but if PC1 is trying to send a packet to PC8 which is connected to the other switch, the VLAN switch1 will add a tag (with the VLANID=10) to the packet before sending it through the trunk port.
The controller unit of the VLAN switch is responsible about the decision whether the packet should be tagged or not. Tagging will be also required if the destination work station is in the same VLAN but is not connected to the same VLAN switch. All tagged packets are forwarded to the trunk buffer and then to the trunk port (port no. 8 in our model).  (14) shows the throughput-offered load relationship, the effect of increasing the number of workstations on throughput for the case of no VLAN facilities is as expected. It is worth noting that as the offered load increased the throughput of the different VLAN types will be converged, this result will further justify the use of the proposed VLAN technique. Figure (15) shows the relationship between packet delay and packet length, as expected, the application of VLAN facility increased the packet delay slightly, but the difference is almost diminish with longer packets. Finally throughput-delay relationship is demonstrated in figure  (16), it reveals that the high improvement in throughput using various VLAN techniques compensates the slightly increased packet delay.
It is obvious that by introducing the VLAN switches, a function separation between the different services is possible, and the possibility of minimizing the congestion problem is increased. The results show that an improvement in the throughput performance is obtained specially for high offered loads. On the other hand, checking the MAC address in addition to the port number will secure the network to a large extant, with only slight effect on the throughput and delay performances.