An assumption in this blog is that if your company has a "network administrator" on staff, you have a network that is large enough to require constant "care and feeding". As such dumping a bunch of VoIP phones onto your network without VLAN's would never happen. After all, the fist job of a network administrator is to make the network broadcast space smaller and smaller. That is why we subnet! Take a typical Class C network with 100 network devices on it and dump another 100 VoIP phones in that subnet and you are asking for trouble if you don't VLAN. To suggest you don't need a VLAN or at the very least, a separate subnet is just plain silly.
Did you ever hear the expression 'fences make good neighbors"? Well the same concept applies to networks and VLANs make network applications like voice and data, excellent neighbors! Lets assume those 100 desktop computers are in the 192.168.1.0 /24 subnet and you created a new 192.168.2.0 /24 network for your VoIP phones. In a ShoreTel deployment, you will have personal call managers installed on the computers in one network that need to get to the ShoreTel server and switches in the other network. How are you planning to do this? Use the old "router on a stick" solution (send all my LAN traffic up one switch port to a router and back down again)? Let me help you here, no! You are going to set up VLANs and do inter-VLAN routing at backplane hardware speeds on that new POE Ethernet switch you purchased to support your VoIP deployment.
Data networks have become "mission critical" for even the smallest of companies today. Just unplug someone’s Internet connection and you will quickly find out just how important the "network" has become! Start bogging down the network with Voice, Video and Streaming audio and you will quickly learn the value of VLANs. We invest billions of IT dollars on firewalls, spam ware and website filtering software so why would anyone suggest that a VLAN is just to complex to bother with? By the same (excuse the pun) token, why would someone suggest buying a new POE Ethernet switch that was not VLAN capable?
Data networks need to be described within the context of the protocols and business applications that are running on them. Big or small, we continually find that VLANs are an essential component in the maintenance of proper network hygiene. Imagine even a small VoIP deployment in a company enraged in video animation and you can quickly realize that it is not only how many devices I have on the network, but how my network is being used that will determine the qualify of voice in this deployment. We need to make sure that streaming video over even our LAN, does not negatively impact our VoIP deployment. To do this, we need prioritize voice over data and that means we have to establish QOS. To enable LAN based QOS you have to VLAN, because the class of service markings live in the VLAN tag!
Put your VoIP deployment in a multi-site environment with WAN links and the VLAN discussion now moves into the realm of "must have". Routers use the TOS byte in the IP header to provide enable QOS. As an aside, ShoreTel had the advantage of enabling Transport layer QOS as the VoIP media stream as always on port 5004. With the move to SIP, this advantage has been minimized as the media stream now moves unpredictably over some 16K ports. We can pass QOS information to our WAN links through a variety of strategies, but VLAN’s are an essential element of that strategy.
At the end of the day, unless you have a network that is so small you are running Vonage as your VoIP solution, you need to VLAN! Make sure that your VoIP deployment includes an assessment of your network and that you graphically understand how the network is utilized before you deploy voice. As your internetwork becomes more essential to your network, VLANs will surface into high relief on your radar screen. Consider that your shiny new ShoreTel now provides for Internet messaging and desktop Video as part of its advanced feature set, the idea of deploying a solution without a VLAN is just plain silly.
To VLAN or not to VLAN, that is the question!
October 15th, 2009