Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

best practice for intervlan routing?

are there some best practices for intervlan routing ?

I've been reading allot and I have seen these scenarios

router on a stick

intervlan at core layer

intervlan at distribution layer.

or is intervlan needed at all if the switches will do the routing?

I've done all of the above but I just want to know what's current.

Hall of Fame Super Blue

The simple answer is it

The simple answer is it depends because there is no one right solution for everyone. 

So there are no specific best practices. For example in a small setup where you may only need a couple of vlans you could use a L2 switch connected to a router or firewall using subinterfaces to route between the vlans.

But that is not a scalable solution. The commonest approach in any network where there are multiple vlans is to use L3 switches to do this. This could be a pair of switches interconnected and using HSRP/GLBP/VRRP for the vlans or it could be stacked switches/VSS etc. You would then dual connect your access layer switches to them.

In terms of core/distro/access layer in general if you have separate switches performing each function you would have the inter vlan routing done on the distribution switches for all the vlans on the access layer switches. The core switches would be used to route between the disribution switches and other devices eg. WAN routers, firewalls, maybe other distribution switch pairs.

Again, generally speaking, you may well not need vlans on the core switches at all ie. you can simply use routed links between the core switches and everything else. 

The above is quite a common setup but there are variations eg. -

1) a collapsed core design where the core and distribution switches are the same pair. For a single building with maybe a WAN connection plus internet this is quite a common design because having a completely separate core is usually quite hard to justify in terms of cost etc.

2) a routed access layer. Here the access layer switches are L3 and the vlans are routed at the access layer. In this instance you may not not even need vlans on the distribution switches although again to save cost often servers are deployed onto those switches so you may.

So a lot of it comes down to the size of the network and the budget involved as to which solution you go with.

All of the above is really concerned with non DC environments.

In the DC the traditional core/distro or aggregation/access layer was also used and still is widely deployed but in relatively recent times new designs and technologies are changing the environment which could have a big impact on vlans.

It's mainly to do with network virtualisation, where the vlans are defined and where they are not only routed but where the network services such as firewalling, load balancing etc. are performed.

It's quite a big subject so i didn't want to confuse the general answer by going into it but feel free to ask if you want more details.


CreatePlease to create content