As I mentioned in my entry on the physical versus the virtual approach to network drop wiring, we use the physical wiring approach and I think it's the right approach for us. Today I want to run down my view of the collection of reasons that make it so.

First off is that physical wiring can be done almost entirely with a collection of inexpensive and relatively small switches, since most switches are only for a single VLAN. Virtual wiring basically demands big switches with a lot of ports so that you can handle as many drops as possible through one switch (both for bandwidth and for ease of management and configuration changes). Unfortunately our environment makes it hard to buy big, expensive things. It would be very hard for us to buy, upgrade, and replace the quite expensive (by our standards) core switch or switch stack that the virtual approach calls for.

A related advantage of the physical approach using lots of smaller switches is that we can mix and match switch types, picking the best (or cheapest) model and company for any particular purpose. We can also upgrade switches piece by piece, which is very much how our migration from 100 Mbit to 1 GBit Ethernet happened (and yes, it took years).

Next is a cluster of issues related to making wiring changes either physically or virtually:

• making switch configuration changes is not as easy as it looks, especially if you bought relatively inexpensive switches.
• for the switches we can afford, it's generally easier to see your actual network configuration when it's embodied in physical wiring than when it's all virtual. Colour-coding important networks helps in this.

• it's much easier to share access to wiring closets than it is to switch configurations, at least in our environment.
• it seems easier to train people to do physical wiring changes than it is to get them to do switch changes (especially if switch changes involve a complex dance to also make backups or mirror the changes on a backup switch).
• I think the chances of errors are lower in practice with physical wiring changes because of the physical nature of things. People can make slips in switch configuration that are much less likely when they are moving network wires (especially if they're only supposed to touch their switches).

I suspect but don't know for sure that our port-isolated networks would add complexity (and heartburn) in a giant-switch environment. It's possible that modern switches are smart enough that you can set this as a default VLAN parameter or something and have it work.