Justifying Routing at the Edge

VTP, Portfast, Spanning Tree and all the other switch related stuff.
Guest

Re:Justifying Routing at the Edge

Post by Guest » Sun Nov 26, 2006 11:54 am

Hello Jamie,you are right I haven explained what is behind that sentence: low end cisco switches have limitations in the number of STP instances that they can run and also limits on the max limit of Vlans that can be present at the same time in the vlan database.These two limits can bwe different.For example some device like a C2950 could have a limit of 64 STP instances and 128 vlans in VTP DB. This fact causes a scalability limit it is not possible to have more then 128 vlans in VTP database. STP limits can be handled with appropriate manual control of list of vlans on each trunk link both sides using allowed vlan commandswitchport trunk allowed vlan x,y,z so moving from 20 vlans to 400 vlans may be not possible in a campus if some devices don support so many vlans will:- move to VTP transparent mode automatically to protect themselves- disable STP instance for vlans in excess of first limit. the second can be handled with manually configured trunks, the first has impact only if you use VTP. Moving routing to distribution is wise (if a distribution layer exists in your campus or if you introduce it), moving it to access can be a solution too nowdays. Hope to helpGiuseppe

Guest

Re:Justifying Routing at the Edge

Post by Guest » Sun Nov 26, 2006 1:01 pm

Thanks for your help guys. I take it from reading various threads that one thing I should change as soon as possible is the 19 secondary IP address we have in a particular VLAN. I take it the easiest way is to create a VLAN and use a subnet mask like 192.168.0.0 /21 which would give us 2048 IP address. Would this have stopped the problem of the CPU overload? Jamie.

Guest

Re:Justifying Routing at the Edge

Post by Guest » Sun Nov 26, 2006 2:36 pm

jhancockuwic wrote: Thanks for your help guys. I take it from reading various threads that one thing I should change as soon as possible is the 19 secondary IP address we have in a particular VLAN. I take it the easiest way is to create a VLAN and use a subnet mask like 192.168.0.0 /21 which would give us 2048 IP address. Would this have stopped the problem of the CPU overload? Jamie. Jamie Probably not because the issue is with that many clients on the same vlan all broadcasting at roughly the same time. However you should still look to get rid of the secondary IP addresses if you can. As Giuseppe noted having a vlan that size can cause many problems, you really need to try and get down to a vlan per class C or thereabouts if possible. Jon

Guest

Re:Justifying Routing at the Edge

Post by Guest » Sun Nov 26, 2006 3:38 pm

  Hi Jon, The trouble is having over 3000 pcs + peripheral devices it would mean having 12 VLANS all for the same purpose, or am I missing something? Plus, administering that would be a nightmare. The only thing I can see that would have helped with this problem would have been having the VLANS distributed to the edge. So if the problem was coming from a particular VLAN it would have only affected that building. Also, having the DHCP servers in the server farm would have helped, I think? Does this make sense? Would the links still have got saturated?

Guest

Re:Justifying Routing at the Edge

Post by Guest » Sun Nov 26, 2006 5:02 pm

Jamie The trouble is having over 3000 pcs + peripheral devices it would mean having 12 VLANS all for the same purpose, or am I missing something? Plus, administering that would be a nightmare. Put bluntly, yes you are missing something   Best practices says you should use a /24 per vlan or perhaps a /23 if needed. I use /25s often. It doesn matter if they are all for the same purpose, having that many devices in one vlan means a huge amount of broadcast traffic within that vlan. Every time a broadcast happens in that vlan every single device has to process that broadcast. If i started at a new company and found a vlan with 3000 devices in it i would view that as a quick win to split it up, wouldn matter whether i was the new boy or not. And you may well find that performance improves for the end users. From my experience you will find that using /24s etc. for vlans is common practice and what you have is the exception. As for adminstering it and it being a nightmare, i can see how. 12 vlans is nothing in terms of administration as most of the devices will be using DHCP to obtain their IP addresses. You may need to readdress some devices with static IPs but once done that is it. Jon

Post Reply