Re: VPN Vs VLAN
- From: Albert Manfredi <bert22306@xxxxxxxxxxx>
- Date: Fri, 21 Dec 2007 16:12:55 -0800 (PST)
On Dec 21, 4:21 pm, "Tomás Ó hÉilidhe" <t...@xxxxxxxxxxx> wrote:
I'm after setting up two completely separate LAN's in my house (let's
call them LAN1 and LAN2). Each LAN has exactly one router which provides
access to the internet (one has cable internet, the other has DSL).
I want to set up a VLAN server on LAN2 so that a machine on LAN1 can
log on to LAN2 over the internet and act as if it's actually sitting on
LAN2's ethernet cable, and therefore send frames such as ARP requests and
so forth.
If you *want* the LAN1 and LAN2 hosts to have to use the Internet to
communicate with each other, then they would never be using ARP to
find each other directly. IEEE 802.1Q VLANs (or VPNs) do not change
this reality.
In principle, even if the two in-house LANs are made into two VLANs on
the same physical Ethernet, the same situation applies. To send
packets between the VLANs, you have to go through the router that
joins them. If the hosts in the two VLANs are on different IP subnets,
they don't ARP one another directly.
There are oddball ways of creating single IP subnets across different
routers, but I don't see that you'd have the option of using such odd
schemes. Because there's no way the different ISPs you are using would
support such tricks, I don't think.
A "possible" (not really) option would be to dual-home your in-house
network, assigning two IP addresses to each host. Then the hosts
themselves could decide how best to communicate with the each other.
But again, I doubt the two different ISPs you use would appreciate
such tricks. You'd have to know how to prevent you home net from
becoming a path between the two ISPs.
Here's a summary of VLANs vs VPNs.
VLANs
Consider a mesh of L2 switches, all interconnected together, with
routers to the Internet on the edges of this mesh. Think of a campus
network, for example. VLANs permit the hosts connected to interfaces
on many of these switches to be assigned to different IP subnets,
therefore often to different default routers. Maybe different
buildings want to belong to different IP subnets. Or maybe different
departments in each building want to belong to different IP subnets.
For example, the hosts connected to L2 switches 1,5,13, and 24 all
must belong to IP subnet 1. Hosts connected to L2 switches 2, 8, and
12 must belong to IP subnet 2. And so on. Or you can even
differentiate IP subnets between interfaces of a single L2 switch, by
assigning each L2 switch interface to a different VLAN.
VPNs
Consider a corporation with offices all over the country. These
offices are interconnected via the Internet. But you want traffic
within the corporation to remain separate from the greater Internet,
as if it were sent over dedicated, leased T3 telco links, for example.
MPLS allows Internet routers between the various corporate sites to
set up special "label-switched paths" to expedite traffic that remains
withing the corporation. And it allows that traffic to ONLY reach the
greater Internet by going through a specific subset of routers, so
that whatever filters, firewalls, etc. can be installed in these few,
well-known locations.
I just don't think either scheme can be used to do what you want,
given the fact that you are using two different ISPs.
Bert
.
- Follow-Ups:
- Re: VPN Vs VLAN
- From: Rich Seifert
- Re: VPN Vs VLAN
- References:
- VPN Vs VLAN
- From: Tomás Ó hÉilidhe
- Re: VPN Vs VLAN
- From: Tomás Ó hÉilidhe
- VPN Vs VLAN
- Prev by Date: Re: VPN Vs VLAN
- Next by Date: Re: VPN Vs VLAN
- Previous by thread: Re: VPN Vs VLAN
- Next by thread: Re: VPN Vs VLAN
- Index(es):
Relevant Pages
|
