VLAN's and consumer level routers and switches

[ldw]

I have a user who needs to use our LAN with some audio/video equipment that has some strict real-time requirements. Apparently our LAN is not meeting his needs and he has suggested that we create a VLAN to isolate a section of the LAN for his use.

Now, while I am knowledgeable in things computerish, I had never heard of VLANs. After some reading, spec studying and naval gazing I decided that the equipment I have, consumer level equipment, did not have this capability.

Now a couple questions....

1. Am I right? Is VLAN capability not a part of the usual consumer level networking equipment?
2. Assuming that I'm not gonna upgrade my equipement or learn the wonders of VLANs, how might I achieve the isolation that my user needs to give him the real time performance his equipment requires?

Thanks for the help,
ldw

 

[JackMDS]

I have a user who needs to use our LAN with some audio/video equipment that has some strict real-time requirements. Apparently our LAN is not meeting his needs and he has suggested that we create a VLAN to isolate a section of the LAN for his use.

What exactly it means?

I.e., what is it that will be done better in a Separate LAN.

Just saying Real time Video editing is meaningless.

 

[ldw]

Hi Jack,
Its not editing, but video and audio capture and transmission. Cameras in one place and video/audio display in another. The real time requirement has to do with the way the equipment behaves on the network - it transmits a heart-beat and if not received in a given amount of time it will misbehave.

This is not my equipment so I can't offer much detail. Just that the company doing the installation had a problem with connecting to our LAN and their offered solution was to create a VLAN for them.

I am looking for another way to solve their isolation needs while avoiding VLANs.

ldw

 

[Emulex]

A VLAN could be a separate switch isolated from your main network!

 

[azazel1024]

Is all of this occuring within the same LAN? If so, then a VLAN may help, especially if you set QoS priority to that VLAN.

HOWEVER, VLANs are primarily going to help if capacity is maxed out and/or you have a large network.

A VLAN will keep ICMP queries and broadcasts from the rest of the network from being heard by the devices on the VLAN. If a large network, this can be very useful. On a small one, nada.

A VLAN can also help in setting higher priority for just that VLAN, which is generally only an issue if the network has heavy traffic (as in hundreds of Mbps on the ports that are being transited by the VLAN, if not fully maxed. Light traffic is going to cause no real difference in end-to-end lag within the LAN between having a VLAN with maxed priority compared to not, at most microseconds of difference).

If this is going outside of the network, the issue almost certainly has NOTHING to do with the local network setup and all about how it transists the internet.

The other possible issue is how the person has their equipment setup, the equipment itself might simply not be capable of realtime capture and transmission and it has nothing to do with lag in transmission across the network.

Generally you are talking hundreds of microseconds lag per hop on a gigabit network for a packet for a lightly loaded port. A congested port could add up to anything from another few hundred microseconds up to a few dozen miliseconds (of course a HAMMERED port that has a BIG stack of packets trying to pass through could add seconds to lag as packets are getting dropped like crazy and have to be retransmitted).

Multiply by the number of hops needed to be made that are congested. One of the best ways to improve performance is improve the speed of each hop. So if you have any 100Mbps ports, convert to gigabit, as that potentially reduces latency by a factor of 10 (10x more packets can be handled in a second or another way of looking at it, each packet gets transmitted in 1/10th the time).

 

[Railgun]

Is all of this occuring within the same LAN? If so, then a VLAN may help, especially if you set QoS priority to that VLAN.

HOWEVER, VLANs are primarily going to help if capacity is maxed out and/or you have a large network.

A VLAN will keep ICMP queries and broadcasts from the rest of the network from being heard by the devices on the VLAN. If a large network, this can be very useful. On a small one, nada.

If the switch is getting hammered, a separate vlan isn't going to do anything. QoS will, but there, only if the switch is getting hammered or is generally busy. If the switch has plenty of capacity, QoS won't really do much.


There is still a lot of information missing from this issue. Where is the equipment in relation to each other? Based on the description, it's on the same switch, in which case a vlan isn't going to help. If they're several hops away from each other, then you need to look at the network in between for any obvious issues. There too, a vlan isn't going to help.

Unless the main segment has a ton of broadcast going on that's screwing up his apps, that's one possible reason to go with that plan, but until you analyze what's going on...

 

[JackMDS]

ldw, it is Not uncommon that Enthusiasts start something either for themselves or for someone else. They save money and find clever solutions.

At times the system grows and might involved other Entities that do not have the Time and resources to Keep "playing" the Enthusiast End-User "game". It is Not a matter of good or bad it is a Pratical matter.

By putting their system on a VLAN who ever is responsible for the Camera system can deal with their system without Interfering or being Interfered by the other system that is Not under their control/management.

It is a good practical solution.

 

[afasoas]

For a start, there are two types of VLANs.
There's VLAN tagging (IEEE 802.1Q) and then there are port based VLans.

It's difficult to make any direct suggestions without first knowing more about the situation. I would start by connecting a PC where the video is transmitted from and then another PC where the video is transmitted to.

You can then start looking at the available bandwidth and latency. Tools like ping, traceroute, mtr (http://manpages.debian.org/cgi-bin/man.cgi?query=mtr) can help give an indication of what is going on.

If you'd like to share a bit more information about your network (number of hosts, topology etc.) then we can probably give you some more specific advice.

 

[ldw]

Thanks to everyone for the helpful comments and questions...

I do recognize that I have given you limited information here. My knowledge of VLANs and the issues involved with them is limited and likely the source of the problem. Mea culpa.

What I gather from the discussion is that isolation of the customer with real time requirements is a good thing, and VLAN's are a good way of doing it. And isolation on their own LAN is another way of achieving this.

One person asked if the network in question was large and highly utilized... No and No. I'm sure most of you would think that is is laughably small and the network utilization is expected to be light. Our equipment is generally consumer grade ... stuff you might find in Best Buy.

As I have looked over the LAN in question (we'll call it 'my' LAN though that is not really quite right) I have determined there are several wireless routers set up as routers on it rather than Access Points creating the possibility of a double-NAT depending on the direction of traffic. I plan to correct this, and do wonder if this could be a part of the real-time issues seen by the customer in question.

To summarize, the current plan is this... 1) Isolate the real time equipment on their own network. 2) fix the double NAT problems on 'my' network... 3) gingerly connect the two and see if a problem still exists for the real time equipment. 4) If the problem still exists, look into ways of fixing it - including upgrading the networking equipment from consumer grade to commercial grade to enable the use of VLANs.

Suggestions and alternatives are welcome.
ldw

 

[azazel1024]

How is their stuff traversing the network? That is the most important thing.

Is it wireless, to a switch, to the equipment? Is it traversing multiple switches? Is it making multiple wireless hops?

VLANs are only particularlly helpful because it is easier to give the entire VLAN QoS priority over anything else.

However, if utilization is light on the network in general, it is unlikely to do anything for the customer and the issue lies elsewhere.

 

[imagoon]

For a start, there are two types of VLANs.
There's VLAN tagging (IEEE 802.1Q) and then there are port based VLans.

These are one and the same (generally, barring older VLAN techs). "Port based" works identically to 802.1q.

Example: Ports 1/2 are "vlan 10" and Ports 3/4 are "vlan 20"

[Data frame] -> port 1 -> switch fabric -> [Vlan10][Data Frame] -> Switch fabric -> Port 2 [vlan tag stripped] -> [Data Frame]

Port one receives an untagged frame, its native vlan is "10" in the switch fabric it is tagged with 10. Data is sent out port 2. Native vlan is 10, switch strips the vlan 10 tag and sends it untagged. Ports 3/4 are unaffected as they are not tagged or untagged for vlan 10.

VLANs work entirely on the concept of tagged and untagged frames and the rules applied on the port transition.

 

[ldw]

azazel: their traffic is using UDP to traverse the network. Since they described it as having real time requirements that seems like a reasonable thing to me.

ima: the question of VLAN's is moot at this point since it will take a major effort to re-create our network to make them possible. Our equipment is consumer level and it isn't capable of implementing a VLAN.

I've restructured the network to eliminate a double-NAT situation of two routers in the path to the internet. I think that that may improve things for the customer but will not know until they show up and give it another try.

Their plan is to implement their equipment on their own private (wired) network and once its working try connecting to ours again and see if they still have a problem. If they do we will have to go to Plan B.

Plan B: will be to get a second ASUS router and set it up as an AP for their private network. That should achieve the isolation that they require for their usage. I will be careful to keep it away from the wireless channel that our current ASUS router is using.

ldw