Common use cases for VLANs

Secure data and traffic

If you have sensitive data on your network, you can use a VLAN to help keep it secure. By isolating the devices in the network with privileged data, you decrease the possibility of confidential information breaches. For example, the devices in an organization can be segmented into VLANs such as management, sales, support, guests, and others. The devices in one VLAN cannot directly access devices on another VLAN.

Likewise, the traffic in the VLAN is secure. All packets sent over the network in the VLAN are private and protected from access by anyone outside of the network.

Example: web server and secure database

Web Server to VLAN Secure Database Configuration

In the diagram above, Compute Instance 1 is a web server and has access to the internet over the eth0 interface. It also has access to Compute Instance 2 and the VLAN over the eth1 interface. Compute Instance 2 on the VLAN is a secure database that houses sensitive data. Communication between Compute Instances 1 and 2 is transmitted over VLAN and is secure and private.

Example: Kubernetes cluster

Kubernetes Cluster with VLAN Configuration

In the diagram above, Compute Instances 1 and 2 are both in a Kubernetes cluster. Both nodes have services exposed to the internet over the eth0 interface and communication between Pods is kept private and secure on the VLAN over the eth1 interface.

Example: add a NodeBalancer

NodeBalancer with VLAN Configuration

You can increase performance and stability of your application by adding a NodeBalancer while securing the communication between two dedicated servers. In the high availability system above, Compute Instances 1 and 2 both run the same web application. They both have a connection to the VLAN with the network interface eth1 so they can communicate securely with each other and with Compute Instance 3 which is a database. All communications made over eth1 are private and secure. They are also connected to a NodeBalancer to manage the load over the eth0 interface. The NodeBalancer directs traffic, maintains load balancing, and performs active health checks to make sure the system only directs traffic to healthy servers.

Cost effective network management

VLANs reduce the cost of the networking by efficiently using the existing resources and bandwidth. For example, you can run a secure VLAN in the cloud that is protected from the rest of the internet without generating extra outbound network transfer costs since internal VLAN traffic is internal and private.

Multiple VLAN Configuration

In the diagram above, Compute Instance 1 has three virtual Ethernet NICs, one is attached to the internet and two others to separate VLANs. Compute Instances 1, 2, and 3 can communicate securely with each other over VLAN 1. Likewise, Compute Instances 1, 4, and 5 can communicate with each other over VLAN 2. However, Compute Instances 2 and 3 cannot directly communicate with Compute Instances 4 and 5.

Next steps

Visit the VLAN product documentation to learn how to create a VLAN.