sub nets and vlans

Unanswered Question
Jan 7th, 2010

Hello All,

I need some help with links to some white papers or best practices documentation on using vlans when you have multiple subnets. I was just introduced to a new network with many different subnets public and  privet but they are all on the same vlan.  To me and many of my network admin friends this is totally wrong on very many levels, but after about a day on google I have had little luck finding any best practices or white papers explaining why this is bad. I am interested in any input on the subject.

Thanks

Byron

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 01/08/2010 - 00:28

Hello Byron,

simply put not having a one to one corrispondence between Vlan and IP subnet leads to suboptimal use of bandwidth regarding broadcast traffic.

In the scenario you have found where multiple IP subnets are associated to a single Vlan using secondary ip addresses, when one host sends an ARP request to resolve an IP address in subnet1 all hosts, including those in IP subnets 2,3,4 receive and need to process this message.

If each subnet has its own vlan = broadcast domain when the host sends out an ARP request for an IP address in subnet1 only hosts in subnet1 receive it. Hosts in vlans 2,3,4 do not even receive the message.

This makes the difference when hundreds of hosts are involved.

The usage of secondary IP addresses can be seen now as a legacy from a time where lan switches with multi vlan capabilities were still rare.

Hope to help

Giuseppe

axfalk Sun, 01/24/2010 - 20:11

Giuseppe, thnx for your reply. Wouldn't having multiple vlans for one subnet or multiple subnets for one vlan defeat the purpose of having a vlan in the first place? I have been taught to always allocate a subnet per vlan, so your would have multiple broadcast domain, which is what vlan is all about,,,what's your take on it?

thanks..

Jon Marshall Mon, 01/25/2010 - 02:30

axfalk wrote:

Giuseppe, thnx for your reply. Wouldn't having multiple vlans for one subnet or multiple subnets for one vlan defeat the purpose of having a vlan in the first place? I have been taught to always allocate a subnet per vlan, so your would have multiple broadcast domain, which is what vlan is all about,,,what's your take on it?

thanks..

Think that was what Giuseppe was saying ie. if you do not use a one to one vlan to subnet setup then you will end up with a suboptimal solution. So you were taught to allocate one IP subnet per vlan and that is a good general rule and one which Giuseppe is agreeing with.

The only time in standard design that you break this rule is when you are deploying service modules such as the FWSM (Firewall Service Module) and the ACE (Application Control Engine). These service modules can be deployed in a number of ways and one way is in transparent mode where they act at L2 and "bridge" traffic. To do that you must one IP subnet for 2 vlans and have the service module "join" the 2 vlans together.

But that example is an exception rather than the norm.

Jon

Actions

This Discussion