Otherwise known as an ‘Interface VLAN’, an SVI (Switched Virtual Interface) is one of the things that really confused me when I first started studying for my CCNA.
VLANs as a concept were easy, but an “Interface VLAN”? That plagued me for a while. What follows is a brief, non-technical explanation (at first) of what an SVI is and why they are useful.
Note that while this isn’t the only use for an SVI, it is the most common one.
Imagine a garden with its own set of flowers, plants and ecosystem. What happens in the garden pretty much stays in the garden. It is fenced off and generally independent of anything outside.
For some purposes however, it is necessary for some ‘members’ of the garden to leave and access some resources from outside.
Seeing as it is all fenced off, it seems like they are pretty much out of options. However, the builder of this garden had this in mind. He knew that occasionally access to the outside world would be necessary for something/someone inside the garden. In his good wisdom, he built a gate for those members to pass through.
The gate is the exit point for everything in the garden that needs to access ‘outside’ resources. Without it, there is no exit or entry to the garden.
For members of the garden who do not require any outside resources, they will carry on their existence regardless if there is a gate or not, for members who require outside resources to function however, access and use of the gate is necessary.
I’m sure by now you have pieced the analogy together, but let’s detail the matter.
The garden in our example represents a VLAN, and its ‘members’ (the plants, trees, flowers and bugs) represent Hosts on that VLAN.
While some Hosts may function perfectly well within the garden and will not need anything additional, others will need access to resources which simply don’t exist within the self-contained VLAN. For example, should you want to browse to ‘EngineerKhan.com’ (great site, by the way, 10/10) on such a Host, it would need access to the Internet to reach the Server where this website is hosted.
For this to happen, we must understand that local LANs work at Layer 2 of the OSI Model. This means that at some point (especially when it comes to accessing the Internet), traffic will need to be routed (and thus become Layer 3 traffic).
This ‘conversion’ between Layer 2 (MAC Address based) and Layer 3 (IP Address based) traffic flow happens when traffic is sent from the Hosts to the IP Address of their Default Gateway, being the SVI of that VLAN. At this stage, the Ethernet Frame Headers are stripped and the Packet is routed.
In a typical traditional Network, the SVI for the VLAN will be configured on the closest Layer 3 device, whether that is a Layer 3 Switch or a Router on either the Distribution or Core Layers of the Network. (In a Layer 3 Routed Network however, the SVI is configured on the ‘Edge’/Access Switch).
If a Host needs to access resources outside of its VLAN, it will send the traffic to its Default Gateway, which will be an SVI on (for example) a Layer 3 Distribution Switch. At this point, the traffic becomes routed using routing protocols and static routes that we are familiar with.
The image below is a crude explanation of how SVIs are used in this manner.
One of the main uses of an SVI is that it is able to act as a Layer 3 virtual interface and behave as the Default Gateway for all devices in that VLAN. Traffic from Hosts wanting to leave the VLAN will be routed through it. Many SVIs can exist on a Layer 3 Switch/Router for each VLAN.
An SVI can also be used on a Layer 2 Switch, however this is for a singular purpose only. This is to give the Switch an IP Address which will allow it to be reachable remotely. Once this has been configured, no more SVIs can be added.
I hope this post has helped.