probably an easy routing question, so please help

Discussion in 'Cisco' started by pk, May 15, 2007.

  1. pk

    pk Guest

    I'm not routing master, so this might be obvious, but I've been
    curious about the answer to this question. Say an individual was
    issued two IP blocks from their ISP.

    IP Block 1 : 123.123.123.0 /28
    IP Block 2 : 123.123.123.128 /28

    If the individual doesn't really care to separate the two networks for
    any reason and was just unfortunately issued two /28 blocks instead of
    one /27 block, isn't the link between the two networks going to suffer
    unnecessarily? For instance, if Server A located in Block 1 is
    plugged into the same gigabit switch as Server B in Block 2 and they
    want to initiate a file transfer, they are required to run out to the
    default gateway (ISPs router) through a T1 (perhaps) connection and
    back in when it would have been much faster for them to go directly to
    the other's gigabit ethernet port on the switch? If this is the case,
    would this be remedied, albeit poorly, by just subnetting both of
    these ranges together into one giant class C address range? (I
    understand fully that they wouldn't be able to access the rightful
    owners of the rest of the IP addresses in that range as they would
    search on their local LAN for them and time out, but this is a
    hypothetical situation and only serves to educate myself on the
    concept.) That said, how SHOULD this be handled in order to keep the
    connection between the subnets optimal?

    I'm quite sure that I'm missing some key concepts here, so please be
    kind and explain them to me.

    Thanks.

    pk
     
    pk, May 15, 2007
    #1
    1. Advertising

  2. pk

    Trendkill Guest

    On May 15, 3:33 pm, pk <> wrote:
    > I'm not routing master, so this might be obvious, but I've been
    > curious about the answer to this question. Say an individual was
    > issued two IP blocks from their ISP.
    >
    > IP Block 1 : 123.123.123.0 /28
    > IP Block 2 : 123.123.123.128 /28
    >
    > If the individual doesn't really care to separate the two networks for
    > any reason and was just unfortunately issued two /28 blocks instead of
    > one /27 block, isn't the link between the two networks going to suffer
    > unnecessarily? For instance, if Server A located in Block 1 is
    > plugged into the same gigabit switch as Server B in Block 2 and they
    > want to initiate a file transfer, they are required to run out to the
    > default gateway (ISPs router) through a T1 (perhaps) connection and
    > back in when it would have been much faster for them to go directly to
    > the other's gigabit ethernet port on the switch? If this is the case,
    > would this be remedied, albeit poorly, by just subnetting both of
    > these ranges together into one giant class C address range? (I
    > understand fully that they wouldn't be able to access the rightful
    > owners of the rest of the IP addresses in that range as they would
    > search on their local LAN for them and time out, but this is a
    > hypothetical situation and only serves to educate myself on the
    > concept.) That said, how SHOULD this be handled in order to keep the
    > connection between the subnets optimal?
    >
    > I'm quite sure that I'm missing some key concepts here, so please be
    > kind and explain them to me.
    >
    > Thanks.
    >
    > pk


    Provided both of those networks are off the same edge router, and
    routing is enabled, the traffic will not have to go across the WAN/
    Internet link, and will instead route to the directly connected
    network. This should work without issue.
     
    Trendkill, May 15, 2007
    #2
    1. Advertising

  3. pk

    pk Guest

    On May 15, 2:55 pm, Trendkill <> wrote:
    > On May 15, 3:33 pm, pk <> wrote:
    >
    >
    >
    > > I'm not routing master, so this might be obvious, but I've been
    > > curious about the answer to this question. Say an individual was
    > > issued two IP blocks from their ISP.

    >
    > > IP Block 1 : 123.123.123.0 /28
    > > IP Block 2 : 123.123.123.128 /28

    >
    > > If the individual doesn't really care to separate the two networks for
    > > any reason and was just unfortunately issued two /28 blocks instead of
    > > one /27 block, isn't the link between the two networks going to suffer
    > > unnecessarily? For instance, if Server A located in Block 1 is
    > > plugged into the same gigabit switch as Server B in Block 2 and they
    > > want to initiate a file transfer, they are required to run out to the
    > > default gateway (ISPs router) through a T1 (perhaps) connection and
    > > back in when it would have been much faster for them to go directly to
    > > the other's gigabit ethernet port on the switch? If this is the case,
    > > would this be remedied, albeit poorly, by just subnetting both of
    > > these ranges together into one giant class C address range? (I
    > > understand fully that they wouldn't be able to access the rightful
    > > owners of the rest of the IP addresses in that range as they would
    > > search on their local LAN for them and time out, but this is a
    > > hypothetical situation and only serves to educate myself on the
    > > concept.) That said, how SHOULD this be handled in order to keep the
    > > connection between the subnets optimal?

    >
    > > I'm quite sure that I'm missing some key concepts here, so please be
    > > kind and explain them to me.

    >
    > > Thanks.

    >
    > > pk

    >
    > Provided both of those networks are off the same edge router, and
    > routing is enabled, the traffic will not have to go across the WAN/
    > Internet link, and will instead route to the directly connected
    > network. This should work without issue.


    OK, that makes sense, but if the uplink is coming out of the switch
    from a 10Mb link to the router and the computers are both hooked into
    gigabit ports then it is a big difference right? There's no way for
    that switch to be a bit smarter (without turning into a router) and
    not run out the 10Mb port to the router with all of its traffic,
    correct? Whereas before they would have transferred at gigabit rate,
    they now will be 100 times slower?
     
    pk, May 16, 2007
    #3
  4. pk

    pk Guest

    On May 16, 8:57 am, pk <> wrote:
    > On May 15, 2:55 pm, Trendkill <> wrote:
    >
    >
    >
    > > On May 15, 3:33 pm, pk <> wrote:

    >
    > > > I'm not routing master, so this might be obvious, but I've been
    > > > curious about the answer to this question. Say an individual was
    > > > issued two IP blocks from their ISP.

    >
    > > > IP Block 1 : 123.123.123.0 /28
    > > > IP Block 2 : 123.123.123.128 /28

    >
    > > > If the individual doesn't really care to separate the two networks for
    > > > any reason and was just unfortunately issued two /28 blocks instead of
    > > > one /27 block, isn't the link between the two networks going to suffer
    > > > unnecessarily? For instance, if Server A located in Block 1 is
    > > > plugged into the same gigabit switch as Server B in Block 2 and they
    > > > want to initiate a file transfer, they are required to run out to the
    > > > default gateway (ISPs router) through a T1 (perhaps) connection and
    > > > back in when it would have been much faster for them to go directly to
    > > > the other's gigabit ethernet port on the switch? If this is the case,
    > > > would this be remedied, albeit poorly, by just subnetting both of
    > > > these ranges together into one giant class C address range? (I
    > > > understand fully that they wouldn't be able to access the rightful
    > > > owners of the rest of the IP addresses in that range as they would
    > > > search on their local LAN for them and time out, but this is a
    > > > hypothetical situation and only serves to educate myself on the
    > > > concept.) That said, how SHOULD this be handled in order to keep the
    > > > connection between the subnets optimal?

    >
    > > > I'm quite sure that I'm missing some key concepts here, so please be
    > > > kind and explain them to me.

    >
    > > > Thanks.

    >
    > > > pk

    >
    > > Provided both of those networks are off the same edge router, and
    > > routing is enabled, the traffic will not have to go across the WAN/
    > > Internet link, and will instead route to the directly connected
    > > network. This should work without issue.

    >
    > OK, that makes sense, but if the uplink is coming out of the switch
    > from a 10Mb link to the router and the computers are both hooked into
    > gigabit ports then it is a big difference right? There's no way for
    > that switch to be a bit smarter (without turning into a router) and
    > not run out the 10Mb port to the router with all of its traffic,
    > correct? Whereas before they would have transferred at gigabit rate,
    > they now will be 100 times slower?


    It looks like I've just described the idea behind a Layer 3 switch! I
    didn't know those existed until just now. I'm slowly figuring this
    whole thing out.
     
    pk, May 16, 2007
    #4
  5. pk wrote:

    >OK, that makes sense, but if the uplink is coming out of the switch
    >from a 10Mb link to the router and the computers are both hooked into
    >gigabit ports then it is a big difference right? There's no way for
    >that switch to be a bit smarter (without turning into a router) and


    Use a gigabit L3 switch and you're done.

    But for a special case of your scenario, the question is: if the two /28
    blocks are adjacent (which is not the case in your example), why not set a
    /27 netmask, keeping in mind that the broadcast address of block 1 and the
    network address of block 2 will not be visible from outside? Shouldn't this
    work?

    Slightly modifying your example:

    IP block 1 : 123.123.123.0/28
    IP block 2 : 123.123.123.16/28

    Internally, you turn this to 123.123.123.0/27, which eliminated the need
    for a L3 switch but implies that 123.123.123.15 and 123.123.123.16 are not
    valid host addresses for incoming traffic.

    Regards

    fw
     
    Frank Winkler, May 16, 2007
    #5
  6. pk

    Scooby Guest

    "pk" <> wrote in message
    news:...
    > On May 15, 2:55 pm, Trendkill <> wrote:
    >> On May 15, 3:33 pm, pk <> wrote:
    >>
    >>
    >>
    >> > I'm not routing master, so this might be obvious, but I've been
    >> > curious about the answer to this question. Say an individual was
    >> > issued two IP blocks from their ISP.

    >>
    >> > IP Block 1 : 123.123.123.0 /28
    >> > IP Block 2 : 123.123.123.128 /28

    >>
    >> > If the individual doesn't really care to separate the two networks for
    >> > any reason and was just unfortunately issued two /28 blocks instead of
    >> > one /27 block, isn't the link between the two networks going to suffer
    >> > unnecessarily? For instance, if Server A located in Block 1 is
    >> > plugged into the same gigabit switch as Server B in Block 2 and they
    >> > want to initiate a file transfer, they are required to run out to the
    >> > default gateway (ISPs router) through a T1 (perhaps) connection and
    >> > back in when it would have been much faster for them to go directly to
    >> > the other's gigabit ethernet port on the switch? If this is the case,
    >> > would this be remedied, albeit poorly, by just subnetting both of
    >> > these ranges together into one giant class C address range? (I
    >> > understand fully that they wouldn't be able to access the rightful
    >> > owners of the rest of the IP addresses in that range as they would
    >> > search on their local LAN for them and time out, but this is a
    >> > hypothetical situation and only serves to educate myself on the
    >> > concept.) That said, how SHOULD this be handled in order to keep the
    >> > connection between the subnets optimal?

    >>
    >> > I'm quite sure that I'm missing some key concepts here, so please be
    >> > kind and explain them to me.

    >>
    >> > Thanks.

    >>
    >> > pk

    >>
    >> Provided both of those networks are off the same edge router, and
    >> routing is enabled, the traffic will not have to go across the WAN/
    >> Internet link, and will instead route to the directly connected
    >> network. This should work without issue.

    >
    > OK, that makes sense, but if the uplink is coming out of the switch
    > from a 10Mb link to the router and the computers are both hooked into
    > gigabit ports then it is a big difference right? There's no way for
    > that switch to be a bit smarter (without turning into a router) and
    > not run out the 10Mb port to the router with all of its traffic,
    > correct? Whereas before they would have transferred at gigabit rate,
    > they now will be 100 times slower?
    >


    That is correct. Probabaly even more so, since you'll get a lot of dropped
    packets and retransmits. Unless the switch is L3 capable, the traffic will
    need to be sent to the router. One option is to possibly just configure
    your internal network to use the whole class C. This isn't a great option,
    since you will lose the ability to route traffic to the rest of the address
    space not in your blocks. But, chances are minimal that you would need to
    anyway. I would suggest researching what the rest of the block is used for
    and see if you don't find it important.

    But, perhaps a better solution would be to go back to the ISP and see if
    they could give you a single contiguous block. Without that, probably the
    best option would be to implement an L3 switch inside the router. Even if
    your router had GB ports, chances are that they could not keep up with the
    traffic and you would overwhelm the CPU.

    Hope that helps,

    Jim
     
    Scooby, May 16, 2007
    #6
  7. pk

    Sam Wilson Guest

    In article <>,
    pk <> wrote:

    > On May 15, 2:55 pm, Trendkill <> wrote:
    > > On May 15, 3:33 pm, pk <> wrote:
    > >
    > >
    > >
    > > > I'm not routing master, so this might be obvious, but I've been
    > > > curious about the answer to this question. Say an individual was
    > > > issued two IP blocks from their ISP.

    > >
    > > > IP Block 1 : 123.123.123.0 /28
    > > > IP Block 2 : 123.123.123.128 /28

    > >
    > > > If the individual doesn't really care to separate the two networks for
    > > > any reason and was just unfortunately issued two /28 blocks instead of
    > > > one /27 block, isn't the link between the two networks going to suffer
    > > > unnecessarily? For instance, if Server A located in Block 1 is
    > > > plugged into the same gigabit switch as Server B in Block 2 and they
    > > > want to initiate a file transfer, they are required to run out to the
    > > > default gateway (ISPs router) through a T1 (perhaps) connection and
    > > > back in when it would have been much faster for them to go directly to
    > > > the other's gigabit ethernet port on the switch? If this is the case,
    > > > would this be remedied, albeit poorly, by just subnetting both of
    > > > these ranges together into one giant class C address range? (I
    > > > understand fully that they wouldn't be able to access the rightful
    > > > owners of the rest of the IP addresses in that range as they would
    > > > search on their local LAN for them and time out, but this is a
    > > > hypothetical situation and only serves to educate myself on the
    > > > concept.) That said, how SHOULD this be handled in order to keep the
    > > > connection between the subnets optimal?

    > >
    > > > I'm quite sure that I'm missing some key concepts here, so please be
    > > > kind and explain them to me.

    > >
    > > > Thanks.

    > >
    > > > pk

    > >
    > > Provided both of those networks are off the same edge router, and
    > > routing is enabled, the traffic will not have to go across the WAN/
    > > Internet link, and will instead route to the directly connected
    > > network. This should work without issue.

    >
    > OK, that makes sense, but if the uplink is coming out of the switch
    > from a 10Mb link to the router and the computers are both hooked into
    > gigabit ports then it is a big difference right? There's no way for
    > that switch to be a bit smarter (without turning into a router) and
    > not run out the 10Mb port to the router with all of its traffic,
    > correct? Whereas before they would have transferred at gigabit rate,
    > they now will be 100 times slower?


    Depends on what you mean by "before". If they've always been attached
    to two, non-contiguous /28s then there will always[1] have had to be a
    router between the networks.

    [1] Depending on the end stations involved and how much control you have
    over them you might be able to do things with the multiple subnets on
    the same VLAN or physical network, secondary addressing in Cisco
    parlance. On some Unix and Unix-like systems you can do the same thing,
    effectively configuring the endstations to see the other /28 on the same
    interface as their own /28. We don't do that but other people here are
    probably familar with the techniques.

    Sam
     
    Sam Wilson, May 16, 2007
    #7
  8. pk

    Trendkill Guest

    On May 16, 9:57 am, pk <> wrote:
    > On May 15, 2:55 pm, Trendkill <> wrote:
    >
    >
    >
    > > On May 15, 3:33 pm, pk <> wrote:

    >
    > > > I'm not routing master, so this might be obvious, but I've been
    > > > curious about the answer to this question. Say an individual was
    > > > issued two IP blocks from their ISP.

    >
    > > > IP Block 1 : 123.123.123.0 /28
    > > > IP Block 2 : 123.123.123.128 /28

    >
    > > > If the individual doesn't really care to separate the two networks for
    > > > any reason and was just unfortunately issued two /28 blocks instead of
    > > > one /27 block, isn't the link between the two networks going to suffer
    > > > unnecessarily? For instance, if Server A located in Block 1 is
    > > > plugged into the same gigabit switch as Server B in Block 2 and they
    > > > want to initiate a file transfer, they are required to run out to the
    > > > default gateway (ISPs router) through a T1 (perhaps) connection and
    > > > back in when it would have been much faster for them to go directly to
    > > > the other's gigabit ethernet port on the switch? If this is the case,
    > > > would this be remedied, albeit poorly, by just subnetting both of
    > > > these ranges together into one giant class C address range? (I
    > > > understand fully that they wouldn't be able to access the rightful
    > > > owners of the rest of the IP addresses in that range as they would
    > > > search on their local LAN for them and time out, but this is a
    > > > hypothetical situation and only serves to educate myself on the
    > > > concept.) That said, how SHOULD this be handled in order to keep the
    > > > connection between the subnets optimal?

    >
    > > > I'm quite sure that I'm missing some key concepts here, so please be
    > > > kind and explain them to me.

    >
    > > > Thanks.

    >
    > > > pk

    >
    > > Provided both of those networks are off the same edge router, and
    > > routing is enabled, the traffic will not have to go across the WAN/
    > > Internet link, and will instead route to the directly connected
    > > network. This should work without issue.

    >
    > OK, that makes sense, but if the uplink is coming out of the switch
    > from a 10Mb link to the router and the computers are both hooked into
    > gigabit ports then it is a big difference right? There's no way for
    > that switch to be a bit smarter (without turning into a router) and
    > not run out the 10Mb port to the router with all of its traffic,
    > correct? Whereas before they would have transferred at gigabit rate,
    > they now will be 100 times slower?


    Technically yes you are correct. Unless you have a L3 switch or a
    router with gig ports, you will potentially have limits for any
    bandwidth going inter VLAN. I've been trying to think through your
    option of running a /24 behind the scenes and simply not addressing
    nodes in the two networks you don't own. I'm not really sure if this
    would work or not, as it your router technically would have to
    advertise the /24, unless of course you could use distribution lists
    or something to split it up as necessary. I think your best bet is to
    sit down and really analyze your servers/nodes and come up with a
    design that keeps your high traffic boxes on one switch/subnet or the
    other. I doubt you have 126 boxes that are the same application, etc,
    and probably could be split into some kind of logical groups by high
    traffic. Thus ensuring that intra VLAN traffic is maximized, and
    inter-vlan traffic is minimized. If you do have a server (database or
    such) that is central to both networks, perhaps its better to just
    dual home it to each network. All depends on your requirements......
     
    Trendkill, May 16, 2007
    #8
  9. pk

    pk Guest

    On May 16, 10:18 am, Trendkill <> wrote:
    > On May 16, 9:57 am, pk <> wrote:
    >
    >
    >
    > > On May 15, 2:55 pm, Trendkill <> wrote:

    >
    > > > On May 15, 3:33 pm, pk <> wrote:

    >
    > > > > I'm not routing master, so this might be obvious, but I've been
    > > > > curious about the answer to this question. Say an individual was
    > > > > issued two IP blocks from their ISP.

    >
    > > > > IP Block 1 : 123.123.123.0 /28
    > > > > IP Block 2 : 123.123.123.128 /28

    >
    > > > > If the individual doesn't really care to separate the two networks for
    > > > > any reason and was just unfortunately issued two /28 blocks instead of
    > > > > one /27 block, isn't the link between the two networks going to suffer
    > > > > unnecessarily? For instance, if Server A located in Block 1 is
    > > > > plugged into the same gigabit switch as Server B in Block 2 and they
    > > > > want to initiate a file transfer, they are required to run out to the
    > > > > default gateway (ISPs router) through a T1 (perhaps) connection and
    > > > > back in when it would have been much faster for them to go directly to
    > > > > the other's gigabit ethernet port on the switch? If this is the case,
    > > > > would this be remedied, albeit poorly, by just subnetting both of
    > > > > these ranges together into one giant class C address range? (I
    > > > > understand fully that they wouldn't be able to access the rightful
    > > > > owners of the rest of the IP addresses in that range as they would
    > > > > search on their local LAN for them and time out, but this is a
    > > > > hypothetical situation and only serves to educate myself on the
    > > > > concept.) That said, how SHOULD this be handled in order to keep the
    > > > > connection between the subnets optimal?

    >
    > > > > I'm quite sure that I'm missing some key concepts here, so please be
    > > > > kind and explain them to me.

    >
    > > > > Thanks.

    >
    > > > > pk

    >
    > > > Provided both of those networks are off the same edge router, and
    > > > routing is enabled, the traffic will not have to go across the WAN/
    > > > Internet link, and will instead route to the directly connected
    > > > network. This should work without issue.

    >
    > > OK, that makes sense, but if the uplink is coming out of the switch
    > > from a 10Mb link to the router and the computers are both hooked into
    > > gigabit ports then it is a big difference right? There's no way for
    > > that switch to be a bit smarter (without turning into a router) and
    > > not run out the 10Mb port to the router with all of its traffic,
    > > correct? Whereas before they would have transferred at gigabit rate,
    > > they now will be 100 times slower?

    >
    > Technically yes you are correct. Unless you have a L3 switch or a
    > router with gig ports, you will potentially have limits for any
    > bandwidth going inter VLAN. I've been trying to think through your
    > option of running a /24 behind the scenes and simply not addressing
    > nodes in the two networks you don't own. I'm not really sure if this
    > would work or not, as it your router technically would have to
    > advertise the /24, unless of course you could use distribution lists
    > or something to split it up as necessary. I think your best bet is to
    > sit down and really analyze your servers/nodes and come up with a
    > design that keeps your high traffic boxes on one switch/subnet or the
    > other. I doubt you have 126 boxes that are the same application, etc,
    > and probably could be split into some kind of logical groups by high
    > traffic. Thus ensuring that intra VLAN traffic is maximized, and
    > inter-vlan traffic is minimized. If you do have a server (database or
    > such) that is central to both networks, perhaps its better to just
    > dual home it to each network. All depends on your requirements......


    Well, the issue is that there is one computer that will need to access
    every other computer at a very high rate, our backup server. I've
    spent the last 45 minutes wading through the poorly organized Cisco
    website just trying to find the most inexpensive non end-of-sale/end-
    of-life Layer 3 switch with 2 gigabit (non-fiber) uplink ports and
    probably 24 10/100 ports. You're correct in presuming that all of the
    network devices don't need gigabit connections (iLOs and such) so I
    have no problem placing them on 10/100 ports on a new Layer 3 switch.
    What's the deal with end-of-sale/end-of-life products? Are they to be
    avoided? Can you guys offer me any suggestions as to hardware devices
    I should be looking at? I'm lost...the product catalog is so
    extensive.
     
    pk, May 16, 2007
    #9
  10. pk

    pk Guest

    On May 16, 10:47 am, pk <> wrote:
    > On May 16, 10:18 am, Trendkill <> wrote:
    >
    >
    >
    > > On May 16, 9:57 am, pk <> wrote:

    >
    > > > On May 15, 2:55 pm, Trendkill <> wrote:

    >
    > > > > On May 15, 3:33 pm, pk <> wrote:

    >
    > > > > > I'm not routing master, so this might be obvious, but I've been
    > > > > > curious about the answer to this question. Say an individual was
    > > > > > issued two IP blocks from their ISP.

    >
    > > > > > IP Block 1 : 123.123.123.0 /28
    > > > > > IP Block 2 : 123.123.123.128 /28

    >
    > > > > > If the individual doesn't really care to separate the two networks for
    > > > > > any reason and was just unfortunately issued two /28 blocks instead of
    > > > > > one /27 block, isn't the link between the two networks going to suffer
    > > > > > unnecessarily? For instance, if Server A located in Block 1 is
    > > > > > plugged into the same gigabit switch as Server B in Block 2 and they
    > > > > > want to initiate a file transfer, they are required to run out to the
    > > > > > default gateway (ISPs router) through a T1 (perhaps) connection and
    > > > > > back in when it would have been much faster for them to go directly to
    > > > > > the other's gigabit ethernet port on the switch? If this is the case,
    > > > > > would this be remedied, albeit poorly, by just subnetting both of
    > > > > > these ranges together into one giant class C address range? (I
    > > > > > understand fully that they wouldn't be able to access the rightful
    > > > > > owners of the rest of the IP addresses in that range as they would
    > > > > > search on their local LAN for them and time out, but this is a
    > > > > > hypothetical situation and only serves to educate myself on the
    > > > > > concept.) That said, how SHOULD this be handled in order to keep the
    > > > > > connection between the subnets optimal?

    >
    > > > > > I'm quite sure that I'm missing some key concepts here, so please be
    > > > > > kind and explain them to me.

    >
    > > > > > Thanks.

    >
    > > > > > pk

    >
    > > > > Provided both of those networks are off the same edge router, and
    > > > > routing is enabled, the traffic will not have to go across the WAN/
    > > > > Internet link, and will instead route to the directly connected
    > > > > network. This should work without issue.

    >
    > > > OK, that makes sense, but if the uplink is coming out of the switch
    > > > from a 10Mb link to the router and the computers are both hooked into
    > > > gigabit ports then it is a big difference right? There's no way for
    > > > that switch to be a bit smarter (without turning into a router) and
    > > > not run out the 10Mb port to the router with all of its traffic,
    > > > correct? Whereas before they would have transferred at gigabit rate,
    > > > they now will be 100 times slower?

    >
    > > Technically yes you are correct. Unless you have a L3 switch or a
    > > router with gig ports, you will potentially have limits for any
    > > bandwidth going inter VLAN. I've been trying to think through your
    > > option of running a /24 behind the scenes and simply not addressing
    > > nodes in the two networks you don't own. I'm not really sure if this
    > > would work or not, as it your router technically would have to
    > > advertise the /24, unless of course you could use distribution lists
    > > or something to split it up as necessary. I think your best bet is to
    > > sit down and really analyze your servers/nodes and come up with a
    > > design that keeps your high traffic boxes on one switch/subnet or the
    > > other. I doubt you have 126 boxes that are the same application, etc,
    > > and probably could be split into some kind of logical groups by high
    > > traffic. Thus ensuring that intra VLAN traffic is maximized, and
    > > inter-vlan traffic is minimized. If you do have a server (database or
    > > such) that is central to both networks, perhaps its better to just
    > > dual home it to each network. All depends on your requirements......

    >
    > Well, the issue is that there is one computer that will need to access
    > every other computer at a very high rate, our backup server. I've
    > spent the last 45 minutes wading through the poorly organized Cisco
    > website just trying to find the most inexpensive non end-of-sale/end-
    > of-life Layer 3 switch with 2 gigabit (non-fiber) uplink ports and
    > probably 24 10/100 ports. You're correct in presuming that all of the
    > network devices don't need gigabit connections (iLOs and such) so I
    > have no problem placing them on 10/100 ports on a new Layer 3 switch.
    > What's the deal with end-of-sale/end-of-life products? Are they to be
    > avoided? Can you guys offer me any suggestions as to hardware devices
    > I should be looking at? I'm lost...the product catalog is so
    > extensive.


    I'm now taking a hard look at the Netgear FSM7326P. I examined
    comparable Cisco products and I just can't see the price
    justification. It's literally twice as costly for the comparable
    Cisco product (which as far as I can tell is the Catalyst 3560-24TS.
    There are some stats about the Netgear switch that concern me. The
    maximum number of routes is 16. What does that mean? Does that mean
    that only 16 subnets can be handled through this switch? This
    shouldn't be a problem, but it still seems like a low number. The
    maximum number of routed VLANs is more applicable to my situation, and
    that's topped off at 6. Again, this shouldn't be a problem, but it
    seems like an arbitrarily low number. I can't find the corresponding
    stats for the 3560-24TS, so I don't know if this is a normal cap or
    not.

    Secondly, let's look at another resolution to the above problem that I
    don't think is necessarily a good idea, but I'm curious if it would
    work. If I assigned IPs to the backup server in each subnet where it
    will be remotely backing up machines, would BackupExec use the
    corresponding IP address for the subnet of the computer it was backing
    up? How is that decided or configured? Pro/Cons?

    pk
     
    pk, May 16, 2007
    #10
  11. pk

    JF Mezei Guest

    pk wrote:
    > I'm now taking a hard look at the Netgear FSM7326P. I examined
    > comparable Cisco products and I just can't see the price
    > justification.



    Prior to buying a used cisco switch, I looked at buying a new Netgear
    switch. I called Netgear's 800 number and after hours of being switched
    from one place to another, once continent to another, even being told
    that since i didn't have a support contract I couldn't get pre-sales
    help (in both american and indian accents), I was still unable to get
    information on the differences between two models to help me choose
    which to buy.

    Cisco may be more expensive, but you have access to on-line manuals,
    detailed specs. And I bought a used switch, and was able to register for
    access to more areas of the Cisco web site.


    Buying a new Cisco switch may be more expensive, but you need to look at
    the quality of the support you are getting. (both on-line documentation
    as well as actual human support).

    Yeah, there are times where the difference in price just doesn't warrant
    the extra features/support. But it is something to consider.

    Years ago, when I had bought a netgear hub and a netgear router, I had
    had excellent and easy 24 hour support from Netgear. But this time
    around, I couldn't get the time of day for pre-sales information.
    Wouldn't touch Netgear anymore because of that.
     
    JF Mezei, May 16, 2007
    #11
  12. pk

    stephen Guest

    "Trendkill" <> wrote in message
    news:...
    > On May 16, 9:57 am, pk <> wrote:
    > > On May 15, 2:55 pm, Trendkill <> wrote:
    > >
    > >
    > >
    > > > On May 15, 3:33 pm, pk <> wrote:

    > >
    > > > > I'm not routing master, so this might be obvious, but I've been
    > > > > curious about the answer to this question. Say an individual was
    > > > > issued two IP blocks from their ISP.

    > >
    > > > > IP Block 1 : 123.123.123.0 /28
    > > > > IP Block 2 : 123.123.123.128 /28

    > >
    > > > > If the individual doesn't really care to separate the two networks

    for
    > > > > any reason and was just unfortunately issued two /28 blocks instead

    of
    > > > > one /27 block, isn't the link between the two networks going to

    suffer
    > > > > unnecessarily? For instance, if Server A located in Block 1 is
    > > > > plugged into the same gigabit switch as Server B in Block 2 and they
    > > > > want to initiate a file transfer, they are required to run out to

    the
    > > > > default gateway (ISPs router) through a T1 (perhaps) connection and
    > > > > back in when it would have been much faster for them to go directly

    to
    > > > > the other's gigabit ethernet port on the switch? If this is the

    case,
    > > > > would this be remedied, albeit poorly, by just subnetting both of
    > > > > these ranges together into one giant class C address range? (I
    > > > > understand fully that they wouldn't be able to access the rightful
    > > > > owners of the rest of the IP addresses in that range as they would
    > > > > search on their local LAN for them and time out, but this is a
    > > > > hypothetical situation and only serves to educate myself on the
    > > > > concept.) That said, how SHOULD this be handled in order to keep

    the
    > > > > connection between the subnets optimal?

    > >
    > > > > I'm quite sure that I'm missing some key concepts here, so please be
    > > > > kind and explain them to me.

    > >
    > > > > Thanks.

    > >
    > > > > pk

    > >
    > > > Provided both of those networks are off the same edge router, and
    > > > routing is enabled, the traffic will not have to go across the WAN/
    > > > Internet link, and will instead route to the directly connected
    > > > network. This should work without issue.

    > >
    > > OK, that makes sense, but if the uplink is coming out of the switch
    > > from a 10Mb link to the router and the computers are both hooked into
    > > gigabit ports then it is a big difference right? There's no way for
    > > that switch to be a bit smarter (without turning into a router) and
    > > not run out the 10Mb port to the router with all of its traffic,
    > > correct? Whereas before they would have transferred at gigabit rate,
    > > they now will be 100 times slower?

    >
    > Technically yes you are correct. Unless you have a L3 switch or a
    > router with gig ports, you will potentially have limits for any
    > bandwidth going inter VLAN. I've been trying to think through your
    > option of running a /24 behind the scenes and simply not addressing
    > nodes in the two networks you don't own.


    you can use proxy ARP to do this. i leant this trick on Bay / Nortel kit
    which was really good at it, but it works on Cisco as well.

    both /28s are configured on the same Enet port, with proxy ARP enabled.

    end stations are set up to use the overall /24.

    The router then lets local ARP take care of traffic between the 2 /28s, but
    will respond to ARP reqs for addresses on other parts of the /24.

    Once the ARP table is pointing at the correct device, then IP packets get
    sent to the right place - result is the router has a bit more broadcasts to
    handle, but the local traffic doesnt need to "touch" the router.

    I'm not really sure if this
    > would work or not, as it your router technically would have to
    > advertise the /24, unless of course you could use distribution lists
    > or something to split it up as necessary. I think your best bet is to
    > sit down and really analyze your servers/nodes and come up with a
    > design that keeps your high traffic boxes on one switch/subnet or the
    > other. I doubt you have 126 boxes that are the same application, etc,
    > and probably could be split into some kind of logical groups by high
    > traffic. Thus ensuring that intra VLAN traffic is maximized, and
    > inter-vlan traffic is minimized. If you do have a server (database or
    > such) that is central to both networks, perhaps its better to just
    > dual home it to each network. All depends on your requirements......


    Personally i prefer a L3 switch - a single Catalyst 3560 or 3750 will give
    you enough ports for both /28s.

    if you have enough servers to need 2 x /28, then paying for the switch is
    going to be trivial. And if you dont need lots of servers, then redo the
    design to use NAT and reduce the number of needed addresses.

    clever system designs can be great, but follow on work often hits side
    effects, or the next engineer to do changes doesnt understand and breaks the
    design....
    >

    --
    Regards

    - replace xyz with ntl
     
    stephen, May 17, 2007
    #12
  13. pk

    PATCHES Guest

    On May 15, 2:33 pm, pk <> wrote:
    > I'm not routing master, so this might be obvious, but I've been
    > curious about the answer to this question. Say an individual was
    > issued two IP blocks from their ISP.
    >
    > IP Block 1 : 123.123.123.0 /28
    > IP Block 2 : 123.123.123.128 /28
    >
    > If the individual doesn't really care to separate the two networks for
    > any reason and was just unfortunately issued two /28 blocks instead of
    > one /27 block, isn't the link between the two networks going to suffer
    > unnecessarily? For instance, if Server A located in Block 1 is
    > plugged into the same gigabit switch as Server B in Block 2 and they
    > want to initiate a file transfer, they are required to run out to the
    > default gateway (ISPs router) through a T1 (perhaps) connection and
    > back in when it would have been much faster for them to go directly to
    > the other's gigabit ethernet port on the switch? If this is the case,
    > would this be remedied, albeit poorly, by just subnetting both of
    > these ranges together into one giant class C address range? (I
    > understand fully that they wouldn't be able to access the rightful
    > owners of the rest of the IP addresses in that range as they would
    > search on their local LAN for them and time out, but this is a
    > hypothetical situation and only serves to educate myself on the
    > concept.) That said, how SHOULD this be handled in order to keep the
    > connection between the subnets optimal?
    >
    > I'm quite sure that I'm missing some key concepts here, so please be
    > kind and explain them to me.
    >
    > Thanks.
    >
    > pk


    What you are suggesting should work fine. You would just have to make
    sure that the IP address on the local segment is blocked or translated
    to another IP address before it hits the internet.
     
    PATCHES, May 17, 2007
    #13
  14. pk

    pk Guest

    I was all ready to purchase a Layer 3 switch and start testing this setup
    when I came across some Cisco documentation and discovered this little gem
    from the "Routers and Layer 3 Switching" section of the document.
    http://www.cisco.com/warp/public/473/lan-switch-cisco.shtml#prereq

    It states, in no uncertain terms, "Note: Routers are necessary for
    communication between two VLANs."

    Is that true? This throw a serious kink in my plans. I need to use VLANs
    in order to be able to simulate transparent mode with multiple subnets with
    my Sonicwall 3060. For the record, I have 4 IP blocks (three /28s and one
    /27). I do not want to deal with NATing this many addresses. Is a Layer 3
    switch STILL going to pass my VLAN traffic up to the router? This is
    killing me.

    Thanks for all the help so far.

    pk

    "stephen" <> wrote in message
    news:RpX2i.58$...
    > "Trendkill" <> wrote in message
    > news:...
    >> On May 16, 9:57 am, pk <> wrote:
    >> > On May 15, 2:55 pm, Trendkill <> wrote:
    >> >
    >> >
    >> >
    >> > > On May 15, 3:33 pm, pk <> wrote:
    >> >
    >> > > > I'm not routing master, so this might be obvious, but I've been
    >> > > > curious about the answer to this question. Say an individual was
    >> > > > issued two IP blocks from their ISP.
    >> >
    >> > > > IP Block 1 : 123.123.123.0 /28
    >> > > > IP Block 2 : 123.123.123.128 /28
    >> >
    >> > > > If the individual doesn't really care to separate the two networks

    > for
    >> > > > any reason and was just unfortunately issued two /28 blocks instead

    > of
    >> > > > one /27 block, isn't the link between the two networks going to

    > suffer
    >> > > > unnecessarily? For instance, if Server A located in Block 1 is
    >> > > > plugged into the same gigabit switch as Server B in Block 2 and
    >> > > > they
    >> > > > want to initiate a file transfer, they are required to run out to

    > the
    >> > > > default gateway (ISPs router) through a T1 (perhaps) connection and
    >> > > > back in when it would have been much faster for them to go directly

    > to
    >> > > > the other's gigabit ethernet port on the switch? If this is the

    > case,
    >> > > > would this be remedied, albeit poorly, by just subnetting both of
    >> > > > these ranges together into one giant class C address range? (I
    >> > > > understand fully that they wouldn't be able to access the rightful
    >> > > > owners of the rest of the IP addresses in that range as they would
    >> > > > search on their local LAN for them and time out, but this is a
    >> > > > hypothetical situation and only serves to educate myself on the
    >> > > > concept.) That said, how SHOULD this be handled in order to keep

    > the
    >> > > > connection between the subnets optimal?
    >> >
    >> > > > I'm quite sure that I'm missing some key concepts here, so please
    >> > > > be
    >> > > > kind and explain them to me.
    >> >
    >> > > > Thanks.
    >> >
    >> > > > pk
    >> >
    >> > > Provided both of those networks are off the same edge router, and
    >> > > routing is enabled, the traffic will not have to go across the WAN/
    >> > > Internet link, and will instead route to the directly connected
    >> > > network. This should work without issue.
    >> >
    >> > OK, that makes sense, but if the uplink is coming out of the switch
    >> > from a 10Mb link to the router and the computers are both hooked into
    >> > gigabit ports then it is a big difference right? There's no way for
    >> > that switch to be a bit smarter (without turning into a router) and
    >> > not run out the 10Mb port to the router with all of its traffic,
    >> > correct? Whereas before they would have transferred at gigabit rate,
    >> > they now will be 100 times slower?

    >>
    >> Technically yes you are correct. Unless you have a L3 switch or a
    >> router with gig ports, you will potentially have limits for any
    >> bandwidth going inter VLAN. I've been trying to think through your
    >> option of running a /24 behind the scenes and simply not addressing
    >> nodes in the two networks you don't own.

    >
    > you can use proxy ARP to do this. i leant this trick on Bay / Nortel kit
    > which was really good at it, but it works on Cisco as well.
    >
    > both /28s are configured on the same Enet port, with proxy ARP enabled.
    >
    > end stations are set up to use the overall /24.
    >
    > The router then lets local ARP take care of traffic between the 2 /28s,
    > but
    > will respond to ARP reqs for addresses on other parts of the /24.
    >
    > Once the ARP table is pointing at the correct device, then IP packets get
    > sent to the right place - result is the router has a bit more broadcasts
    > to
    > handle, but the local traffic doesnt need to "touch" the router.
    >
    > I'm not really sure if this
    >> would work or not, as it your router technically would have to
    >> advertise the /24, unless of course you could use distribution lists
    >> or something to split it up as necessary. I think your best bet is to
    >> sit down and really analyze your servers/nodes and come up with a
    >> design that keeps your high traffic boxes on one switch/subnet or the
    >> other. I doubt you have 126 boxes that are the same application, etc,
    >> and probably could be split into some kind of logical groups by high
    >> traffic. Thus ensuring that intra VLAN traffic is maximized, and
    >> inter-vlan traffic is minimized. If you do have a server (database or
    >> such) that is central to both networks, perhaps its better to just
    >> dual home it to each network. All depends on your requirements......

    >
    > Personally i prefer a L3 switch - a single Catalyst 3560 or 3750 will give
    > you enough ports for both /28s.
    >
    > if you have enough servers to need 2 x /28, then paying for the switch is
    > going to be trivial. And if you dont need lots of servers, then redo the
    > design to use NAT and reduce the number of needed addresses.
    >
    > clever system designs can be great, but follow on work often hits side
    > effects, or the next engineer to do changes doesnt understand and breaks
    > the
    > design....
    >>

    > --
    > Regards
    >
    > - replace xyz with ntl
    >
    >
     
    pk, May 17, 2007
    #14
  15. pk

    stephen Guest

    "pk" <> wrote in message news:f2i9ls$ljh$...
    > I was all ready to purchase a Layer 3 switch and start testing this setup
    > when I came across some Cisco documentation and discovered this little gem
    > from the "Routers and Layer 3 Switching" section of the document.
    > http://www.cisco.com/warp/public/473/lan-switch-cisco.shtml#prereq
    >
    > It states, in no uncertain terms, "Note: Routers are necessary for
    > communication between two VLANs."


    more accurately - a routing is needed. A layer 3 switch is really a hardware
    based router - so you are covered.
    >
    > Is that true? This throw a serious kink in my plans. I need to use VLANs
    > in order to be able to simulate transparent mode with multiple subnets

    with
    > my Sonicwall 3060.


    VLANs might complicate what you end up doing - it sounds like the default
    gateway on each device needs to "point" to the firewall for the outside
    world, but local comms goes via the L3 switch.

    However - it tends to be easier in a routed network to offload route
    management and path selection to a routing device, and let that sort out
    what goes where.

    then you only need to configure the L3 switch to alter the routing if you
    change things, not every device.

    but it sounds like your firewall might not like that arrangement, so i
    suggest you sort how the firewall and a "router" need to interact before
    finalising the design.

    For the record, I have 4 IP blocks (three /28s and one
    > /27). I do not want to deal with NATing this many addresses. Is a Layer

    3
    > switch STILL going to pass my VLAN traffic up to the router?


    No - or not if you design it properly.

    This is
    > killing me.
    >
    > Thanks for all the help so far.
    >
    > pk
    >
    > "stephen" <> wrote in message
    > news:RpX2i.58$...
    > > "Trendkill" <> wrote in message
    > > news:...
    > >> On May 16, 9:57 am, pk <> wrote:
    > >> > On May 15, 2:55 pm, Trendkill <> wrote:
    > >> >
    > >> >
    > >> >
    > >> > > On May 15, 3:33 pm, pk <> wrote:
    > >> >
    > >> > > > I'm not routing master, so this might be obvious, but I've been
    > >> > > > curious about the answer to this question. Say an individual was
    > >> > > > issued two IP blocks from their ISP.
    > >> >
    > >> > > > IP Block 1 : 123.123.123.0 /28
    > >> > > > IP Block 2 : 123.123.123.128 /28
    > >> >
    > >> > > > If the individual doesn't really care to separate the two

    networks
    > > for
    > >> > > > any reason and was just unfortunately issued two /28 blocks

    instead
    > > of
    > >> > > > one /27 block, isn't the link between the two networks going to

    > > suffer
    > >> > > > unnecessarily? For instance, if Server A located in Block 1 is
    > >> > > > plugged into the same gigabit switch as Server B in Block 2 and
    > >> > > > they
    > >> > > > want to initiate a file transfer, they are required to run out to

    > > the
    > >> > > > default gateway (ISPs router) through a T1 (perhaps) connection

    and
    > >> > > > back in when it would have been much faster for them to go

    directly
    > > to
    > >> > > > the other's gigabit ethernet port on the switch? If this is the

    > > case,
    > >> > > > would this be remedied, albeit poorly, by just subnetting both of
    > >> > > > these ranges together into one giant class C address range? (I
    > >> > > > understand fully that they wouldn't be able to access the

    rightful
    > >> > > > owners of the rest of the IP addresses in that range as they

    would
    > >> > > > search on their local LAN for them and time out, but this is a
    > >> > > > hypothetical situation and only serves to educate myself on the
    > >> > > > concept.) That said, how SHOULD this be handled in order to keep

    > > the
    > >> > > > connection between the subnets optimal?
    > >> >
    > >> > > > I'm quite sure that I'm missing some key concepts here, so please
    > >> > > > be
    > >> > > > kind and explain them to me.
    > >> >
    > >> > > > Thanks.
    > >> >
    > >> > > > pk
    > >> >
    > >> > > Provided both of those networks are off the same edge router, and
    > >> > > routing is enabled, the traffic will not have to go across the WAN/
    > >> > > Internet link, and will instead route to the directly connected
    > >> > > network. This should work without issue.
    > >> >
    > >> > OK, that makes sense, but if the uplink is coming out of the switch
    > >> > from a 10Mb link to the router and the computers are both hooked into
    > >> > gigabit ports then it is a big difference right? There's no way for
    > >> > that switch to be a bit smarter (without turning into a router) and
    > >> > not run out the 10Mb port to the router with all of its traffic,
    > >> > correct? Whereas before they would have transferred at gigabit rate,
    > >> > they now will be 100 times slower?
    > >>
    > >> Technically yes you are correct. Unless you have a L3 switch or a
    > >> router with gig ports, you will potentially have limits for any
    > >> bandwidth going inter VLAN. I've been trying to think through your
    > >> option of running a /24 behind the scenes and simply not addressing
    > >> nodes in the two networks you don't own.

    > >
    > > you can use proxy ARP to do this. i leant this trick on Bay / Nortel kit
    > > which was really good at it, but it works on Cisco as well.
    > >
    > > both /28s are configured on the same Enet port, with proxy ARP enabled.
    > >
    > > end stations are set up to use the overall /24.
    > >
    > > The router then lets local ARP take care of traffic between the 2 /28s,
    > > but
    > > will respond to ARP reqs for addresses on other parts of the /24.
    > >
    > > Once the ARP table is pointing at the correct device, then IP packets

    get
    > > sent to the right place - result is the router has a bit more broadcasts
    > > to
    > > handle, but the local traffic doesnt need to "touch" the router.
    > >
    > > I'm not really sure if this
    > >> would work or not, as it your router technically would have to
    > >> advertise the /24, unless of course you could use distribution lists
    > >> or something to split it up as necessary. I think your best bet is to
    > >> sit down and really analyze your servers/nodes and come up with a
    > >> design that keeps your high traffic boxes on one switch/subnet or the
    > >> other. I doubt you have 126 boxes that are the same application, etc,
    > >> and probably could be split into some kind of logical groups by high
    > >> traffic. Thus ensuring that intra VLAN traffic is maximized, and
    > >> inter-vlan traffic is minimized. If you do have a server (database or
    > >> such) that is central to both networks, perhaps its better to just
    > >> dual home it to each network. All depends on your requirements......

    > >
    > > Personally i prefer a L3 switch - a single Catalyst 3560 or 3750 will

    give
    > > you enough ports for both /28s.
    > >
    > > if you have enough servers to need 2 x /28, then paying for the switch

    is
    > > going to be trivial. And if you dont need lots of servers, then redo the
    > > design to use NAT and reduce the number of needed addresses.
    > >
    > > clever system designs can be great, but follow on work often hits side
    > > effects, or the next engineer to do changes doesnt understand and breaks
    > > the
    > > design....
    > >>

    > > --
    > > Regards
    > >
    > > - replace xyz with ntl
    > >

    - replace xyz with ntl
     
    stephen, May 17, 2007
    #15
  16. pk

    pk Guest

    I've just realized that VLANs don't just divide subnets, they also COMBINE
    subnets. I don't actually want my 4 IP blocks separate for any reason, so
    there's no reason I can't just combine them into a singular VLAN with my
    existing switches, right? As far as I can tell (until I decide that I want
    more than one VLAN to communicate with each other without contacting the
    router) I won't need to use a Layer 3 switch at all. Is that correct? If
    that's the case, my life got a whole lot easier, even though it would be fun
    to play around with a Layer 3 switch!

    pk

    "stephen" <> wrote in message
    news:HW23i.33$...
    > "pk" <> wrote in message
    > news:f2i9ls$ljh$...
    >> I was all ready to purchase a Layer 3 switch and start testing this setup
    >> when I came across some Cisco documentation and discovered this little
    >> gem
    >> from the "Routers and Layer 3 Switching" section of the document.
    >> http://www.cisco.com/warp/public/473/lan-switch-cisco.shtml#prereq
    >>
    >> It states, in no uncertain terms, "Note: Routers are necessary for
    >> communication between two VLANs."

    >
    > more accurately - a routing is needed. A layer 3 switch is really a
    > hardware
    > based router - so you are covered.
    >>
    >> Is that true? This throw a serious kink in my plans. I need to use
    >> VLANs
    >> in order to be able to simulate transparent mode with multiple subnets

    > with
    >> my Sonicwall 3060.

    >
    > VLANs might complicate what you end up doing - it sounds like the default
    > gateway on each device needs to "point" to the firewall for the outside
    > world, but local comms goes via the L3 switch.
    >
    > However - it tends to be easier in a routed network to offload route
    > management and path selection to a routing device, and let that sort out
    > what goes where.
    >
    > then you only need to configure the L3 switch to alter the routing if you
    > change things, not every device.
    >
    > but it sounds like your firewall might not like that arrangement, so i
    > suggest you sort how the firewall and a "router" need to interact before
    > finalising the design.
    >
    > For the record, I have 4 IP blocks (three /28s and one
    >> /27). I do not want to deal with NATing this many addresses. Is a Layer

    > 3
    >> switch STILL going to pass my VLAN traffic up to the router?

    >
    > No - or not if you design it properly.
    >
    > This is
    >> killing me.
    >>
    >> Thanks for all the help so far.
    >>
    >> pk
    >>
    >> "stephen" <> wrote in message
    >> news:RpX2i.58$...
    >> > "Trendkill" <> wrote in message
    >> > news:...
    >> >> On May 16, 9:57 am, pk <> wrote:
    >> >> > On May 15, 2:55 pm, Trendkill <> wrote:
    >> >> >
    >> >> >
    >> >> >
    >> >> > > On May 15, 3:33 pm, pk <> wrote:
    >> >> >
    >> >> > > > I'm not routing master, so this might be obvious, but I've been
    >> >> > > > curious about the answer to this question. Say an individual
    >> >> > > > was
    >> >> > > > issued two IP blocks from their ISP.
    >> >> >
    >> >> > > > IP Block 1 : 123.123.123.0 /28
    >> >> > > > IP Block 2 : 123.123.123.128 /28
    >> >> >
    >> >> > > > If the individual doesn't really care to separate the two

    > networks
    >> > for
    >> >> > > > any reason and was just unfortunately issued two /28 blocks

    > instead
    >> > of
    >> >> > > > one /27 block, isn't the link between the two networks going to
    >> > suffer
    >> >> > > > unnecessarily? For instance, if Server A located in Block 1 is
    >> >> > > > plugged into the same gigabit switch as Server B in Block 2 and
    >> >> > > > they
    >> >> > > > want to initiate a file transfer, they are required to run out
    >> >> > > > to
    >> > the
    >> >> > > > default gateway (ISPs router) through a T1 (perhaps) connection

    > and
    >> >> > > > back in when it would have been much faster for them to go

    > directly
    >> > to
    >> >> > > > the other's gigabit ethernet port on the switch? If this is the
    >> > case,
    >> >> > > > would this be remedied, albeit poorly, by just subnetting both
    >> >> > > > of
    >> >> > > > these ranges together into one giant class C address range? (I
    >> >> > > > understand fully that they wouldn't be able to access the

    > rightful
    >> >> > > > owners of the rest of the IP addresses in that range as they

    > would
    >> >> > > > search on their local LAN for them and time out, but this is a
    >> >> > > > hypothetical situation and only serves to educate myself on the
    >> >> > > > concept.) That said, how SHOULD this be handled in order to
    >> >> > > > keep
    >> > the
    >> >> > > > connection between the subnets optimal?
    >> >> >
    >> >> > > > I'm quite sure that I'm missing some key concepts here, so
    >> >> > > > please
    >> >> > > > be
    >> >> > > > kind and explain them to me.
    >> >> >
    >> >> > > > Thanks.
    >> >> >
    >> >> > > > pk
    >> >> >
    >> >> > > Provided both of those networks are off the same edge router, and
    >> >> > > routing is enabled, the traffic will not have to go across the
    >> >> > > WAN/
    >> >> > > Internet link, and will instead route to the directly connected
    >> >> > > network. This should work without issue.
    >> >> >
    >> >> > OK, that makes sense, but if the uplink is coming out of the switch
    >> >> > from a 10Mb link to the router and the computers are both hooked
    >> >> > into
    >> >> > gigabit ports then it is a big difference right? There's no way for
    >> >> > that switch to be a bit smarter (without turning into a router) and
    >> >> > not run out the 10Mb port to the router with all of its traffic,
    >> >> > correct? Whereas before they would have transferred at gigabit
    >> >> > rate,
    >> >> > they now will be 100 times slower?
    >> >>
    >> >> Technically yes you are correct. Unless you have a L3 switch or a
    >> >> router with gig ports, you will potentially have limits for any
    >> >> bandwidth going inter VLAN. I've been trying to think through your
    >> >> option of running a /24 behind the scenes and simply not addressing
    >> >> nodes in the two networks you don't own.
    >> >
    >> > you can use proxy ARP to do this. i leant this trick on Bay / Nortel
    >> > kit
    >> > which was really good at it, but it works on Cisco as well.
    >> >
    >> > both /28s are configured on the same Enet port, with proxy ARP enabled.
    >> >
    >> > end stations are set up to use the overall /24.
    >> >
    >> > The router then lets local ARP take care of traffic between the 2 /28s,
    >> > but
    >> > will respond to ARP reqs for addresses on other parts of the /24.
    >> >
    >> > Once the ARP table is pointing at the correct device, then IP packets

    > get
    >> > sent to the right place - result is the router has a bit more
    >> > broadcasts
    >> > to
    >> > handle, but the local traffic doesnt need to "touch" the router.
    >> >
    >> > I'm not really sure if this
    >> >> would work or not, as it your router technically would have to
    >> >> advertise the /24, unless of course you could use distribution lists
    >> >> or something to split it up as necessary. I think your best bet is to
    >> >> sit down and really analyze your servers/nodes and come up with a
    >> >> design that keeps your high traffic boxes on one switch/subnet or the
    >> >> other. I doubt you have 126 boxes that are the same application, etc,
    >> >> and probably could be split into some kind of logical groups by high
    >> >> traffic. Thus ensuring that intra VLAN traffic is maximized, and
    >> >> inter-vlan traffic is minimized. If you do have a server (database or
    >> >> such) that is central to both networks, perhaps its better to just
    >> >> dual home it to each network. All depends on your requirements......
    >> >
    >> > Personally i prefer a L3 switch - a single Catalyst 3560 or 3750 will

    > give
    >> > you enough ports for both /28s.
    >> >
    >> > if you have enough servers to need 2 x /28, then paying for the switch

    > is
    >> > going to be trivial. And if you dont need lots of servers, then redo
    >> > the
    >> > design to use NAT and reduce the number of needed addresses.
    >> >
    >> > clever system designs can be great, but follow on work often hits side
    >> > effects, or the next engineer to do changes doesnt understand and
    >> > breaks
    >> > the
    >> > design....
    >> >>
    >> > --
    >> > Regards
    >> >
    >> > - replace xyz with ntl
    >> >

    > - replace xyz with ntl
    >
    >
     
    pk, May 17, 2007
    #16
  17. You can run 4 disjoint subnets on the same broadcast domain (in the same
    VLAN). I used to set this up ages ago (back in the ancient days, before
    L3 switches), by using multiple secondary addresses on the router
    interface on this broadcast domain. I.e. something like this:

    interface ethernet1
    ip address 1.1.1.1 255.255.255.0
    ip address 2.1.1.1 255.255.0.0 secondary
    ip address 3.1.1.1 255.255.255.192 secondary
    ip route-cache same-interface

    Not ideal from the standpoint of traffic management, but it'll get the
    job done till you decide to budget for some new hardware.

    Aaron

    ---

    ~ I've just realized that VLANs don't just divide subnets, they also COMBINE
    ~ subnets. I don't actually want my 4 IP blocks separate for any reason, so
    ~ there's no reason I can't just combine them into a singular VLAN with my
    ~ existing switches, right? As far as I can tell (until I decide that I want
    ~ more than one VLAN to communicate with each other without contacting the
    ~ router) I won't need to use a Layer 3 switch at all. Is that correct? If
    ~ that's the case, my life got a whole lot easier, even though it would be fun
    ~ to play around with a Layer 3 switch!
    ~
    ~ pk
    ~
    ~ "stephen" <> wrote in message
    ~ news:HW23i.33$...
    ~ > "pk" <> wrote in message
    ~ > news:f2i9ls$ljh$...
    ~ >> I was all ready to purchase a Layer 3 switch and start testing this setup
    ~ >> when I came across some Cisco documentation and discovered this little
    ~ >> gem
    ~ >> from the "Routers and Layer 3 Switching" section of the document.
    ~ >> http://www.cisco.com/warp/public/473/lan-switch-cisco.shtml#prereq
    ~ >>
    ~ >> It states, in no uncertain terms, "Note: Routers are necessary for
    ~ >> communication between two VLANs."
    ~ >
    ~ > more accurately - a routing is needed. A layer 3 switch is really a
    ~ > hardware
    ~ > based router - so you are covered.
    ~ >>
    ~ >> Is that true? This throw a serious kink in my plans. I need to use
    ~ >> VLANs
    ~ >> in order to be able to simulate transparent mode with multiple subnets
    ~ > with
    ~ >> my Sonicwall 3060.
    ~ >
    ~ > VLANs might complicate what you end up doing - it sounds like the default
    ~ > gateway on each device needs to "point" to the firewall for the outside
    ~ > world, but local comms goes via the L3 switch.
    ~ >
    ~ > However - it tends to be easier in a routed network to offload route
    ~ > management and path selection to a routing device, and let that sort out
    ~ > what goes where.
    ~ >
    ~ > then you only need to configure the L3 switch to alter the routing if you
    ~ > change things, not every device.
    ~ >
    ~ > but it sounds like your firewall might not like that arrangement, so i
    ~ > suggest you sort how the firewall and a "router" need to interact before
    ~ > finalising the design.
    ~ >
    ~ > For the record, I have 4 IP blocks (three /28s and one
    ~ >> /27). I do not want to deal with NATing this many addresses. Is a Layer
    ~ > 3
    ~ >> switch STILL going to pass my VLAN traffic up to the router?
    ~ >
    ~ > No - or not if you design it properly.
    ~ >
    ~ > This is
    ~ >> killing me.
    ~ >>
    ~ >> Thanks for all the help so far.
    ~ >>
    ~ >> pk
    ~ >>
    ~ >> "stephen" <> wrote in message
    ~ >> news:RpX2i.58$...
    ~ >> > "Trendkill" <> wrote in message
    ~ >> > news:...
    ~ >> >> On May 16, 9:57 am, pk <> wrote:
    ~ >> >> > On May 15, 2:55 pm, Trendkill <> wrote:
    ~ >> >> >
    ~ >> >> >
    ~ >> >> >
    ~ >> >> > > On May 15, 3:33 pm, pk <> wrote:
    ~ >> >> >
    ~ >> >> > > > I'm not routing master, so this might be obvious, but I've been
    ~ >> >> > > > curious about the answer to this question. Say an individual
    ~ >> >> > > > was
    ~ >> >> > > > issued two IP blocks from their ISP.
    ~ >> >> >
    ~ >> >> > > > IP Block 1 : 123.123.123.0 /28
    ~ >> >> > > > IP Block 2 : 123.123.123.128 /28
    ~ >> >> >
    ~ >> >> > > > If the individual doesn't really care to separate the two
    ~ > networks
    ~ >> > for
    ~ >> >> > > > any reason and was just unfortunately issued two /28 blocks
    ~ > instead
    ~ >> > of
    ~ >> >> > > > one /27 block, isn't the link between the two networks going to
    ~ >> > suffer
    ~ >> >> > > > unnecessarily? For instance, if Server A located in Block 1 is
    ~ >> >> > > > plugged into the same gigabit switch as Server B in Block 2 and
    ~ >> >> > > > they
    ~ >> >> > > > want to initiate a file transfer, they are required to run out
    ~ >> >> > > > to
    ~ >> > the
    ~ >> >> > > > default gateway (ISPs router) through a T1 (perhaps) connection
    ~ > and
    ~ >> >> > > > back in when it would have been much faster for them to go
    ~ > directly
    ~ >> > to
    ~ >> >> > > > the other's gigabit ethernet port on the switch? If this is the
    ~ >> > case,
    ~ >> >> > > > would this be remedied, albeit poorly, by just subnetting both
    ~ >> >> > > > of
    ~ >> >> > > > these ranges together into one giant class C address range? (I
    ~ >> >> > > > understand fully that they wouldn't be able to access the
    ~ > rightful
    ~ >> >> > > > owners of the rest of the IP addresses in that range as they
    ~ > would
    ~ >> >> > > > search on their local LAN for them and time out, but this is a
    ~ >> >> > > > hypothetical situation and only serves to educate myself on the
    ~ >> >> > > > concept.) That said, how SHOULD this be handled in order to
    ~ >> >> > > > keep
    ~ >> > the
    ~ >> >> > > > connection between the subnets optimal?
    ~ >> >> >
    ~ >> >> > > > I'm quite sure that I'm missing some key concepts here, so
    ~ >> >> > > > please
    ~ >> >> > > > be
    ~ >> >> > > > kind and explain them to me.
    ~ >> >> >
    ~ >> >> > > > Thanks.
    ~ >> >> >
    ~ >> >> > > > pk
    ~ >> >> >
    ~ >> >> > > Provided both of those networks are off the same edge router, and
    ~ >> >> > > routing is enabled, the traffic will not have to go across the
    ~ >> >> > > WAN/
    ~ >> >> > > Internet link, and will instead route to the directly connected
    ~ >> >> > > network. This should work without issue.
    ~ >> >> >
    ~ >> >> > OK, that makes sense, but if the uplink is coming out of the switch
    ~ >> >> > from a 10Mb link to the router and the computers are both hooked
    ~ >> >> > into
    ~ >> >> > gigabit ports then it is a big difference right? There's no way for
    ~ >> >> > that switch to be a bit smarter (without turning into a router) and
    ~ >> >> > not run out the 10Mb port to the router with all of its traffic,
    ~ >> >> > correct? Whereas before they would have transferred at gigabit
    ~ >> >> > rate,
    ~ >> >> > they now will be 100 times slower?
    ~ >> >>
    ~ >> >> Technically yes you are correct. Unless you have a L3 switch or a
    ~ >> >> router with gig ports, you will potentially have limits for any
    ~ >> >> bandwidth going inter VLAN. I've been trying to think through your
    ~ >> >> option of running a /24 behind the scenes and simply not addressing
    ~ >> >> nodes in the two networks you don't own.
    ~ >> >
    ~ >> > you can use proxy ARP to do this. i leant this trick on Bay / Nortel
    ~ >> > kit
    ~ >> > which was really good at it, but it works on Cisco as well.
    ~ >> >
    ~ >> > both /28s are configured on the same Enet port, with proxy ARP enabled.
    ~ >> >
    ~ >> > end stations are set up to use the overall /24.
    ~ >> >
    ~ >> > The router then lets local ARP take care of traffic between the 2 /28s,
    ~ >> > but
    ~ >> > will respond to ARP reqs for addresses on other parts of the /24.
    ~ >> >
    ~ >> > Once the ARP table is pointing at the correct device, then IP packets
    ~ > get
    ~ >> > sent to the right place - result is the router has a bit more
    ~ >> > broadcasts
    ~ >> > to
    ~ >> > handle, but the local traffic doesnt need to "touch" the router.
    ~ >> >
    ~ >> > I'm not really sure if this
    ~ >> >> would work or not, as it your router technically would have to
    ~ >> >> advertise the /24, unless of course you could use distribution lists
    ~ >> >> or something to split it up as necessary. I think your best bet is to
    ~ >> >> sit down and really analyze your servers/nodes and come up with a
    ~ >> >> design that keeps your high traffic boxes on one switch/subnet or the
    ~ >> >> other. I doubt you have 126 boxes that are the same application, etc,
    ~ >> >> and probably could be split into some kind of logical groups by high
    ~ >> >> traffic. Thus ensuring that intra VLAN traffic is maximized, and
    ~ >> >> inter-vlan traffic is minimized. If you do have a server (database or
    ~ >> >> such) that is central to both networks, perhaps its better to just
    ~ >> >> dual home it to each network. All depends on your requirements......
    ~ >> >
    ~ >> > Personally i prefer a L3 switch - a single Catalyst 3560 or 3750 will
    ~ > give
    ~ >> > you enough ports for both /28s.
    ~ >> >
    ~ >> > if you have enough servers to need 2 x /28, then paying for the switch
    ~ > is
    ~ >> > going to be trivial. And if you dont need lots of servers, then redo
    ~ >> > the
    ~ >> > design to use NAT and reduce the number of needed addresses.
    ~ >> >
    ~ >> > clever system designs can be great, but follow on work often hits side
    ~ >> > effects, or the next engineer to do changes doesnt understand and
    ~ >> > breaks
    ~ >> > the
    ~ >> > design....
    ~ >> >>
    ~ >> > --
    ~ >> > Regards
    ~ >> >
    ~ >> > - replace xyz with ntl
    ~ >> >
    ~ > - replace xyz with ntl
    ~ >
    ~ >
    ~
     
    Aaron Leonard, May 18, 2007
    #17
  18. pk

    pk Guest

    Hmm, it took no less than a week for me to come to this conclusion, but I'm
    glad I figured it now rather than later.

    If you remember, I'd decided that I was going to combine my 4 distinct,
    non-contiguous subnets into one VLAN and avoid having to run out to the
    router for intra-VLAN traffic, thus maintaining my gigabit connections. As
    far as I can tell (and I've spent hours trying to verify this with actual
    documentation, so PLEASE help me out if you know of some), VLANs only handle
    broadcast traffic and the unicast traffic (read: stuff i really care about)
    would still be banished to the router only to return at a much slower rate
    than if the switch had handled it to begin with. Is that all true?

    Here are things that I think are facts, please correct me now if I'm wrong.
    Fact 1: VLAN capable Layer 2 switches ignore VLAN tags on unicast traffic.
    Fact 2: A Layer 3 switch can route intraVLAN/interVLAN unicast traffic AS
    WELL AS non-VLANed disjoint subnetted traffic avoiding the slow uplink to
    the router.
    Fact 3: If I had a well stocked computer lab, I could answer these
    questions on my own and learn a great deal in the process. (This I KNOW is
    true.)

    I appreciate the feedback from all of you.

    pk

    "Aaron Leonard" <> wrote in message
    news:...
    > You can run 4 disjoint subnets on the same broadcast domain (in the same
    > VLAN). I used to set this up ages ago (back in the ancient days, before
    > L3 switches), by using multiple secondary addresses on the router
    > interface on this broadcast domain. I.e. something like this:
    >
    > interface ethernet1
    > ip address 1.1.1.1 255.255.255.0
    > ip address 2.1.1.1 255.255.0.0 secondary
    > ip address 3.1.1.1 255.255.255.192 secondary
    > ip route-cache same-interface
    >
    > Not ideal from the standpoint of traffic management, but it'll get the
    > job done till you decide to budget for some new hardware.
    >
    > Aaron
    >
    > ---
    >
    > ~ I've just realized that VLANs don't just divide subnets, they also
    > COMBINE
    > ~ subnets. I don't actually want my 4 IP blocks separate for any reason,
    > so
    > ~ there's no reason I can't just combine them into a singular VLAN with my
    > ~ existing switches, right? As far as I can tell (until I decide that I
    > want
    > ~ more than one VLAN to communicate with each other without contacting the
    > ~ router) I won't need to use a Layer 3 switch at all. Is that correct?
    > If
    > ~ that's the case, my life got a whole lot easier, even though it would be
    > fun
    > ~ to play around with a Layer 3 switch!
    > ~
    > ~ pk
    > ~
    > ~ "stephen" <> wrote in message
    > ~ news:HW23i.33$...
    > ~ > "pk" <> wrote in message
    > ~ > news:f2i9ls$ljh$...
    > ~ >> I was all ready to purchase a Layer 3 switch and start testing this
    > setup
    > ~ >> when I came across some Cisco documentation and discovered this
    > little
    > ~ >> gem
    > ~ >> from the "Routers and Layer 3 Switching" section of the document.
    > ~ >> http://www.cisco.com/warp/public/473/lan-switch-cisco.shtml#prereq
    > ~ >>
    > ~ >> It states, in no uncertain terms, "Note: Routers are necessary for
    > ~ >> communication between two VLANs."
    > ~ >
    > ~ > more accurately - a routing is needed. A layer 3 switch is really a
    > ~ > hardware
    > ~ > based router - so you are covered.
    > ~ >>
    > ~ >> Is that true? This throw a serious kink in my plans. I need to use
    > ~ >> VLANs
    > ~ >> in order to be able to simulate transparent mode with multiple
    > subnets
    > ~ > with
    > ~ >> my Sonicwall 3060.
    > ~ >
    > ~ > VLANs might complicate what you end up doing - it sounds like the
    > default
    > ~ > gateway on each device needs to "point" to the firewall for the
    > outside
    > ~ > world, but local comms goes via the L3 switch.
    > ~ >
    > ~ > However - it tends to be easier in a routed network to offload route
    > ~ > management and path selection to a routing device, and let that sort
    > out
    > ~ > what goes where.
    > ~ >
    > ~ > then you only need to configure the L3 switch to alter the routing if
    > you
    > ~ > change things, not every device.
    > ~ >
    > ~ > but it sounds like your firewall might not like that arrangement, so i
    > ~ > suggest you sort how the firewall and a "router" need to interact
    > before
    > ~ > finalising the design.
    > ~ >
    > ~ > For the record, I have 4 IP blocks (three /28s and one
    > ~ >> /27). I do not want to deal with NATing this many addresses. Is a
    > Layer
    > ~ > 3
    > ~ >> switch STILL going to pass my VLAN traffic up to the router?
    > ~ >
    > ~ > No - or not if you design it properly.
    > ~ >
    > ~ > This is
    > ~ >> killing me.
    > ~ >>
    > ~ >> Thanks for all the help so far.
    > ~ >>
    > ~ >> pk
    > ~ >>
    > ~ >> "stephen" <> wrote in message
    > ~ >> news:RpX2i.58$...
    > ~ >> > "Trendkill" <> wrote in message
    > ~ >> > news:...
    > ~ >> >> On May 16, 9:57 am, pk <> wrote:
    > ~ >> >> > On May 15, 2:55 pm, Trendkill <> wrote:
    > ~ >> >> >
    > ~ >> >> >
    > ~ >> >> >
    > ~ >> >> > > On May 15, 3:33 pm, pk <> wrote:
    > ~ >> >> >
    > ~ >> >> > > > I'm not routing master, so this might be obvious, but I've
    > been
    > ~ >> >> > > > curious about the answer to this question. Say an
    > individual
    > ~ >> >> > > > was
    > ~ >> >> > > > issued two IP blocks from their ISP.
    > ~ >> >> >
    > ~ >> >> > > > IP Block 1 : 123.123.123.0 /28
    > ~ >> >> > > > IP Block 2 : 123.123.123.128 /28
    > ~ >> >> >
    > ~ >> >> > > > If the individual doesn't really care to separate the two
    > ~ > networks
    > ~ >> > for
    > ~ >> >> > > > any reason and was just unfortunately issued two /28 blocks
    > ~ > instead
    > ~ >> > of
    > ~ >> >> > > > one /27 block, isn't the link between the two networks going
    > to
    > ~ >> > suffer
    > ~ >> >> > > > unnecessarily? For instance, if Server A located in Block 1
    > is
    > ~ >> >> > > > plugged into the same gigabit switch as Server B in Block 2
    > and
    > ~ >> >> > > > they
    > ~ >> >> > > > want to initiate a file transfer, they are required to run
    > out
    > ~ >> >> > > > to
    > ~ >> > the
    > ~ >> >> > > > default gateway (ISPs router) through a T1 (perhaps)
    > connection
    > ~ > and
    > ~ >> >> > > > back in when it would have been much faster for them to go
    > ~ > directly
    > ~ >> > to
    > ~ >> >> > > > the other's gigabit ethernet port on the switch? If this is
    > the
    > ~ >> > case,
    > ~ >> >> > > > would this be remedied, albeit poorly, by just subnetting
    > both
    > ~ >> >> > > > of
    > ~ >> >> > > > these ranges together into one giant class C address range?
    > (I
    > ~ >> >> > > > understand fully that they wouldn't be able to access the
    > ~ > rightful
    > ~ >> >> > > > owners of the rest of the IP addresses in that range as they
    > ~ > would
    > ~ >> >> > > > search on their local LAN for them and time out, but this is
    > a
    > ~ >> >> > > > hypothetical situation and only serves to educate myself on
    > the
    > ~ >> >> > > > concept.) That said, how SHOULD this be handled in order to
    > ~ >> >> > > > keep
    > ~ >> > the
    > ~ >> >> > > > connection between the subnets optimal?
    > ~ >> >> >
    > ~ >> >> > > > I'm quite sure that I'm missing some key concepts here, so
    > ~ >> >> > > > please
    > ~ >> >> > > > be
    > ~ >> >> > > > kind and explain them to me.
    > ~ >> >> >
    > ~ >> >> > > > Thanks.
    > ~ >> >> >
    > ~ >> >> > > > pk
    > ~ >> >> >
    > ~ >> >> > > Provided both of those networks are off the same edge router,
    > and
    > ~ >> >> > > routing is enabled, the traffic will not have to go across the
    > ~ >> >> > > WAN/
    > ~ >> >> > > Internet link, and will instead route to the directly
    > connected
    > ~ >> >> > > network. This should work without issue.
    > ~ >> >> >
    > ~ >> >> > OK, that makes sense, but if the uplink is coming out of the
    > switch
    > ~ >> >> > from a 10Mb link to the router and the computers are both hooked
    > ~ >> >> > into
    > ~ >> >> > gigabit ports then it is a big difference right? There's no way
    > for
    > ~ >> >> > that switch to be a bit smarter (without turning into a router)
    > and
    > ~ >> >> > not run out the 10Mb port to the router with all of its traffic,
    > ~ >> >> > correct? Whereas before they would have transferred at gigabit
    > ~ >> >> > rate,
    > ~ >> >> > they now will be 100 times slower?
    > ~ >> >>
    > ~ >> >> Technically yes you are correct. Unless you have a L3 switch or a
    > ~ >> >> router with gig ports, you will potentially have limits for any
    > ~ >> >> bandwidth going inter VLAN. I've been trying to think through
    > your
    > ~ >> >> option of running a /24 behind the scenes and simply not
    > addressing
    > ~ >> >> nodes in the two networks you don't own.
    > ~ >> >
    > ~ >> > you can use proxy ARP to do this. i leant this trick on Bay /
    > Nortel
    > ~ >> > kit
    > ~ >> > which was really good at it, but it works on Cisco as well.
    > ~ >> >
    > ~ >> > both /28s are configured on the same Enet port, with proxy ARP
    > enabled.
    > ~ >> >
    > ~ >> > end stations are set up to use the overall /24.
    > ~ >> >
    > ~ >> > The router then lets local ARP take care of traffic between the 2
    > /28s,
    > ~ >> > but
    > ~ >> > will respond to ARP reqs for addresses on other parts of the /24.
    > ~ >> >
    > ~ >> > Once the ARP table is pointing at the correct device, then IP
    > packets
    > ~ > get
    > ~ >> > sent to the right place - result is the router has a bit more
    > ~ >> > broadcasts
    > ~ >> > to
    > ~ >> > handle, but the local traffic doesnt need to "touch" the router.
    > ~ >> >
    > ~ >> > I'm not really sure if this
    > ~ >> >> would work or not, as it your router technically would have to
    > ~ >> >> advertise the /24, unless of course you could use distribution
    > lists
    > ~ >> >> or something to split it up as necessary. I think your best bet
    > is to
    > ~ >> >> sit down and really analyze your servers/nodes and come up with a
    > ~ >> >> design that keeps your high traffic boxes on one switch/subnet or
    > the
    > ~ >> >> other. I doubt you have 126 boxes that are the same application,
    > etc,
    > ~ >> >> and probably could be split into some kind of logical groups by
    > high
    > ~ >> >> traffic. Thus ensuring that intra VLAN traffic is maximized, and
    > ~ >> >> inter-vlan traffic is minimized. If you do have a server
    > (database or
    > ~ >> >> such) that is central to both networks, perhaps its better to just
    > ~ >> >> dual home it to each network. All depends on your
    > requirements......
    > ~ >> >
    > ~ >> > Personally i prefer a L3 switch - a single Catalyst 3560 or 3750
    > will
    > ~ > give
    > ~ >> > you enough ports for both /28s.
    > ~ >> >
    > ~ >> > if you have enough servers to need 2 x /28, then paying for the
    > switch
    > ~ > is
    > ~ >> > going to be trivial. And if you dont need lots of servers, then
    > redo
    > ~ >> > the
    > ~ >> > design to use NAT and reduce the number of needed addresses.
    > ~ >> >
    > ~ >> > clever system designs can be great, but follow on work often hits
    > side
    > ~ >> > effects, or the next engineer to do changes doesnt understand and
    > ~ >> > breaks
    > ~ >> > the
    > ~ >> > design....
    > ~ >> >>
    > ~ >> > --
    > ~ >> > Regards
    > ~ >> >
    > ~ >> > - replace xyz with ntl
    > ~ >> >
    > ~ > - replace xyz with ntl
    > ~ >
    > ~ >
    > ~
    >
     
    pk, May 24, 2007
    #18
  19. pk

    Guest

    In article <f353fh$c05$>, "pk" <> writes:
    > Hmm, it took no less than a week for me to come to this conclusion, but I'm
    > glad I figured it now rather than later.


    What conclusion?

    > If you remember, I'd decided that I was going to combine my 4 distinct,
    > non-contiguous subnets into one VLAN and avoid having to run out to the
    > router for intra-VLAN traffic, thus maintaining my gigabit connections. As
    > far as I can tell (and I've spent hours trying to verify this with actual
    > documentation, so PLEASE help me out if you know of some), VLANs only handle
    > broadcast traffic and the unicast traffic (read: stuff i really care about)
    > would still be banished to the router only to return at a much slower rate
    > than if the switch had handled it to begin with. Is that all true?


    Well, yes and no.

    VLANs handle both unicast and broadcast traffic just fine.

    If you have your workstations in different IP subnets then those
    workstations won't talk to each across either unicast or broadcast.
    They need an IP router in between.

    But...

    If the IP subnets are only mildly discontiguous so that you can
    get away with widening the subnet mask so that they become parts of
    single larger network then your workstations can talk to each other
    directly.

    And if you make sure that proxy ARP is enabled on your default gateway
    then this won't even impact traffic to the external IP addresses that
    happen to fall within this widened local network range.

    None of this has anything do with VLANs and tags. It has everything
    to do with how IP works over Ethernet.

    > Here are things that I think are facts, please correct me now if I'm wrong.
    > Fact 1: VLAN capable Layer 2 switches ignore VLAN tags on unicast traffic.


    Absolutely false.

    If you have devices on your network that are actually
    generating frames with dot1q tags on them and if you plug those
    devices into dot1q trunk ports on your switch, the switch will pay
    attention to those tags. It doesn't matter whether the frame is
    broadcast or unicast. The tag still matters.

    If you put all your switch ports in a single VLAN and aren't using
    trunk ports then you don't have tags in the first place.

    Perhaps you should be working on figuring out what a VLAN is.

    > Fact 2: A Layer 3 switch can route intraVLAN/interVLAN unicast traffic AS
    > WELL AS non-VLANed disjoint subnetted traffic avoiding the slow uplink to
    > the router.


    Yes, a layer 3 switch can route packets from one IP subnet to a
    different IP subnet.

    Yes, a layer 3 switch can do this for packets coming in one VLAN and
    going out another VLAN.

    Yes, a layer 3 switch can do this for packets coming in one VLAN
    and going out the same VLAN.

    I have no idea what "non-VLANed" traffic is in the context of a layer
    3 switch.
     
    , May 25, 2007
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim

    Probably stupid DVD question

    Jim, May 23, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    436
    -= Hawk =-
    May 24, 2004
  2. =?ISO-8859-1?Q?R=F4g=EAr?=
    Replies:
    6
    Views:
    774
  3. iiiiiieeeeee
    Replies:
    1
    Views:
    441
    What's in a Name?
    Mar 12, 2007
  4. BlueMonkeyFish

    Easy Cisco routing question

    BlueMonkeyFish, Apr 8, 2007, in forum: Cisco
    Replies:
    3
    Views:
    427
    headsetadapter.com
    Apr 8, 2007
  5. GJ
    Replies:
    1
    Views:
    657
    Meat Plow
    May 23, 2007
Loading...

Share This Page