I moved from Massachusetts to North Carolina in September of 1993. My extended family still lives there, so I drive once or twice annually north and south. Driving on I-95 was always the most challenging part of my journey. The congestion, the delays, the obnoxious drivers, and on and on…. Everybody was driving on the same road network with no good alternatives.
Recently, we’ve attempted to address congestion by the use of reversible lanes, high occupancy vehicle (HOV) lanes, high-occupancy toll (HOT) lanes, express lanes, and bus-on-shoulder systems (BOSS). These strategies segment our road network! One must pay or qualify to drive on these special lanes, sort of like a membership scheme. The benefits of these facilities are quality of service (QoS), travel-time reliability, less congestion, safety, and security. This segmentation of the road network is analogous to the segmentation of data networks into Virtual Local Area Networks (VLANs) and subnetworks (subnets).
What are VLANs and subnets?
These networking technologies or techniques are used to break down a large network into smaller and more manageable segments and separate network traffic, just like the HOT lanes and express lanes do in a highway facility.
VLANs and subnets have much in common. Both techniques allow for segmentation of a network for efficiency, security, manageability, QoS, functionality, and more. A VLAN is a subnet, but a subnet is not necessarily a VLAN.
How do VLANs work?
VLANs operate in Layer 2 of the Open Systems Interconnection model (OSI model), which is the Data Link Layer, using managed ethernet switches. A switch port or group of switch ports can be assigned to a particular VLAN. For example, a 24-port ethernet switch could be logically divided into three 8-port switches, with each set belonging to a particular VLAN. Another switch at a different location can be configured similarly. The hosts on each of the three VLANs can communicate with each other (intra-VLAN) through the same switches, and yet be invisible to the other two VLANs. In other words, each VLAN has its own broadcast domain and privacy from the other VLAN users.
In an Intelligent Transportation System (ITS) network, surveillance cameras, traffic signals, and Dynamic Message Signs (DMSs) each could be on separate VLANs with different sets of security and QoS policies.
How do subnets work?
Subnets, on the other hand, function at OSI Layer 3. Subnetting allows a large network to be divided into smaller ones for efficiency, manageability, security, etc. Postal ZIP codes offer a good analogy for conceptualizing subnets. According to USPS, there are 41,692 ZIP codes and 161.4 million addresses. The first digit of a ZIP code represents a general geographic area, starting with 0 in the East (e.g., Worcester, MA 01608), moving to 9 in the West (e.g., Los Angeles, CA 91007). The next two digits represent a general area, and the last two are specific to a Post Office or Zone. When mail arrives in a post office, it is sorted based on the ZIP code and forwarded to the right geographic location for further processing. How difficult would it have been to deliver mail without ZIP codes and regional post offices? VERY! Without them, one single post office would have had to know every last one of the 161.4 million addresses. A post office functions like a router in a network. It looks at the ZIP code on an envelope, and forwards it to the next post office until it arrives to the local post office for delivery to the recipient.
Subnets function in the same way in networking as zip codes in mail delivery. Each device in a network has an Internet Protocol (IP) address, which uniquely identifies that device in the network. An IP address is a 32-bits binary number represented in four groups of 3-digit decimal numbers separated by dots (aka dotted decimal notation), e.g., 192.168.218.121. This number is divided into two parts: one part represents a network and the other represents a host on that network. In a Class A IP address, the leftmost group represents network addresses, and the remaining three groups represent host addresses on the network. Each host group ranges from 0 to 255, so the total number of hosts in a Class A network is 16,777,216 (256*256*256). A network this big presents many challenges, such as bandwidth efficiency, congestion management, collision avoidance, locating hosts, etc. Therefore, a mechanism like the postal ZIP code is needed to quickly locate an address in a network as well as manage network traffic and delivery more efficiently. Subnetting or sub-networking accomplishes this goal by diving a large network into smaller and more manageable segments.
How would this work in practice?
Let us assume Mead & Hunt is given the Class A IP address 5.0.0.0. Every computer, printer, IP phone, employees’ workstations, and other network assets could be placed in one large flat network, with thousands of devices and one network with the ID of 5.0.0.0. This would be the equivalent of having no ZIP code in the US postal system, and would be very inefficient. So, in this scenario with Mead & Hunt, it would make sense to sub-divide the network based on some logical metric—for example, states, cities, and local offices. This would allow us to manage the network more efficiently. Let us assume Mead & Hunt has 14 offices in each of the 50 states and DC. Subnetting the Class A IP will look something like this:
The IP address 5.0.0.0 will be the registered web address of Mead & Hunt for the outside world. We will subdivide this number starting with 0 in the east and move up as we go west. We will follow the same logic within each state. For example, John’s PC in the Raleigh, NC office will have the address 5.0.0.55. In this example, the subnet ID will be 5.0.0 and 55 identifies John’s PC. Jennifer’s PC network address in Sacramento, CA could be 5.50.0.33. Here, 5.50.0 is the subnet ID and 33 is Jennifer’s PC ID. If John wants to print a document in his office printer, the network traffic doesn’t leave his office’s Local Area Network (LAN) or subnet. But if he wants to send an email to Jennifer in Sacramento, the email traverses many routes before it is delivered to Jennifer. Communication between subnets requires a network router(s) to forward data between the two subnets. This is similar to a local post office sorting and forwarding mail to other post offices for final delivery.
The motivation for subnetting is the same as for VLANs: to reduce the size of the network for manageability, security, and reliability, amongst other benefits. The following is a list of few differences between subnets and VLANs:
VLANs vs subnets
- VLANs allow creation of different logical and physical networks, whereas subnets allow creation of a logical network through the same physical network
- VLANs operate at Layer 2 and use both IP addresses and MAC addresses (hard-coded address burned onto a network device); subnets use IP addresses and function at Layer 3 of OSI model
- VLANs isolate network traffic at the switch level; subnets isolate network traffic at the router level
- VLANs uses 802.1Q protocol; subnets use IPv4/IPv6
- VLANs save infrastructure costs through logical partitioning of network switches and creation of router sub-interfaces for inter-VLAN routing
So how does this affect transportation infrastructure?
Modern ITS communications networks are built on the IP/Ethernet technology. Both VLANs and subnets are used to separate network traffic generated by various ITS devices for the purpose of security, manageability, functionality, QoS, etc., as mentioned above.
I’ve written before about how new technologies are shifting the future of transportation infrastructure. In today’s connected world, with the evolution of Connected Automated Vehicles (CAV) and Smart Cities, and fusion of ITS networks with agencies’ enterprise networks, cybersecurity is more relevant than ever. Every roadside ITS device increases the “attack surface” by one—and there are thousands of them! A hacker may not be much interested in breaking into a DMS, but they may be much more interested in using a DMS as an entry point to an agency’s enterprise network in order to launch a ransomware attack. Separating and isolating ITS networks with VLANs and subnets is one of the many tools available to secure the network.
Why put an enterprise network at risk by fusing it with an ITS network? Well, that is a topic for another day!!!
