Understanding Virtual Networks – Ports and VLAN

In the previous post we looked at the fundamental building blocks of physical and virtual networks. Now let us look at two key concepts in physical and virtual networks. They are Ports and VLAN.

What are Ports?

In the world of networking, a port represents the entry and exit point for data traffic on computing and networking devices. Ports can exist as software as well as hardware entities.

  • Software ports exist within an operating system. They are usually entry and exit points for application traffic. For example port 80 on a server is associated with Web server and for HTTP traffic.
  • Hardware ports are physical connectivity points on devices such as switches, computers, routers etc. For example, home routers have 4 RJ45 (L2/Ethernet) ports to connect home computers.

Types of Switch Ports

We have seen that data traffic from virtual machines is carried over virtual switches and then over physical switches. Hence two types of ports are very significant when it comes to virtual networks.

  • Physical Switch Ports: For the commonly used L2/Ethernet switches, the physical switch port is identified by the RJ45 port. An RJ45 connector/cable connects the ports on the switch to the port on the Network Interface Card (NIC) of the computing device.
  • Virtual Switch Ports: Similar to physical switch ports, a virtual switch port exists as a software entity on a virtual switch.  As both virtual NIC (vNIC) and virtual port are software entities, the underlying software maintains an association between the two. This association represent the virtual cables that connect vNIC to a virtual switch port.

The picture below captures the two types of switch ports. All the ports on the virtual switch are called virtual ports. Similarly ports on physical switches are called physical switch ports. The blue arrows that connect pNIC to a physical switch port are real cables, whereas the red arrows connect a vNIC to virtual switch ports are associations maintained in software.

Physical And Virtual Ports

Physical And Virtual Ports

Why are Ports important?

Ports are very important in networking for various reasons. Here are some of them:

  1. The first obvious reason is that ports are entry and exit points for data traffic. Without data traffic, networks are not that meaningful.
  2. Users of switches (physical and virtual) decide which ports to use and which not to use. Since ports have a user controlled element, they are important from network management perspective.
  3. Once again ports are the entities that provide the ability regulate/control data traffic. For example a user may want to throttle the amount data being sent into a switch port. Network administrators may want to restrict the type of data traffic using firewalls. All these example are realized by configuring ports.

What is VLAN?

VLAN stands for Virtual LAN or Virtual Local Area Network.

In order to understand the concept of VLAN let us look at the analogy of hard disk partitioning. We partition hard disks on a computer into several logical partitions. The main purpose is to organize the disk space as well as to ensure that corruption/exhaustion of one logical partition does not impact another partition.

Similarly in L2/Ethernet networks, VLAN give us the capability to partition a L2/Ethernet into multiple logical L2/Ethernet networks. This allows us to ensure that traffic from one VLAN does not mix with traffic from another VLAN. As seen in the picture below, the traffic from Device 2 on Switch 1 can only reach Device 4 on Switch 2, because the corresponding physical switch ports are on the same VLAN.

VLAN Basics

VLAN Basics

A great overview of VLAN can be found here.

Why do we need VLAN?

Here are some important reasons why we need VLAN:

  1. VLAN give us the capability to create a L2 Broadcast domain across multiple physical switches. In other words devices on multiple switches can be considered on the same LAN.
  2. In normal Layer 2 operation flooding of L2 frames can happen for various reasons. By segmenting the physical network with VLAN, the impact of flooding can be well regulated.

Further reading: Why we need VLAN?

Why is VLAN important for Virtual Networks?

Virtual networks share many characteristics of physical networks hence it is logical to see that VLAN is important for virtual networks as well.

The advent of cloud computing has only increased the importance of VLAN. In Infrastructure as a Service (IaaS) products such as Amazon EC2, Rackspace etc virtual machines are created and deleted all the time. In addition, users who request virtual machines expect that the traffic intended for their virtual machines is not shared with virtual machines belonging to other users of the cloud service. Hence there is a strong argument in favour of network segmentation in a cloud infrastructure. VLAN provide a simple and well established solution for this segmentation.

Relationship between Ports and VLAN

We have seen that Ports are the entry and exit points for data traffic. We have also discussed that VLAN allow us to segregate traffic in a L2 network. Naturally there is a relationship between Ports and VLAN.

The VLAN information is configured on the objects representing the switch ports. Based on the VLAN configuration, the data plane software in the switch handles traffic bound for the port in a different manner.


In the next installment of this series, we will take a quick look at the different options for virtual switch available in the market.