Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with Design Decision 2

Status
Not open for further replies.
plastiiq

plastiiq

IS-IT--Management
Dec 11, 2004
17
CA
Hi all!

I have a private network (/21) for example 10.0.0.0/21.

This allows for 2046 possible usable addresses. There is a single router that nats this private traffic for the outside world.

There aren't 2k hosts in this network, but I am forced to keep such a large subnet (manager likes all the room for growth?).

Since all of the hosts are in the same subnet none of their traffic hits the router except of course in the case where traffic is directed at a host outside of the network (like a web or ftp site) at which point the router does his thing.

My question is this, are there any drawbacks to leaving the configuration as is? Specifically does this force my router to keep very large routing tables or anything? I mean technically the router has to be able to NAT 2046 addresses for internet traffic in the case that a host popped up on one of those previously unused addresses??

I'm looking for ways to minimize impact on router CPU since running a smaller subnet is not an option for me at the moment.

Anyone have any thoughts?
 
Sort by date Sort by votes
About 250 hosts right now. There is a lot of fluctuation.

Development environments, lots of test equipment arriving daily. Also lots of virtual environments. I would be shocked if we ever saw 1000 nodes even in the next 5 years.
 
Upvote 0 Downvote
Cisco best practice states that you should have no more than 500 hosts in a single broadcast domain. If you are putting in development and test segments then ideally they should be split off anyway. If I was you I would look at adding in a L3 switch or two into your design and utilize VLANs.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
We own some really nice L2's I am forbidden to re-implement :p

To be honest I am not crazy about implementing routing at the switch level.

Any particular reason why?
 
Upvote 0 Downvote
I would keep it less than 254 on a subnet. You can subnet your range further and do class C's. Your not limiting your growth by subneting. If you get 1000 nodes on one subnet your going to have a lot of broadcast traffic that all the nodes will have to process eating some cpu time and degrading performance of the pc's.
 
Upvote 0 Downvote
There ya go....unclerico gave the cisco recommended answer of 500. I still like less but thats just imo.
 
Upvote 0 Downvote
To be honest I am not crazy about implementing routing at the switch level
Click to expand...
Welcome to the wave of the future (and present) my friend. Switches have built-in ASIC's to handle the routing (just like a typical router does), they have CEF turned on by default (although some of the "lower end" switches can only fast switch IP based taffic), and offer a heck of a lot more flexibilty in terms of your design. For example, if you have multiple VLANs and you want to enable inter-VLAN routing in the past you would have to setup a router-on-a-stick and the uplink from the swtich to the router would be a bottle neck.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Thanks for the suggestion, and I agree, I just have a manager that I am having problems getting through to.

He sees associates further subnetting of this range with forcing the subnets to be routed between each other, which in his opinion is going to slow things down :(

The other issue he has with this is that when one the router goes down, hosts would not be able to continue to at least communicate with each other. Where as under the design I inherited, the router dies, only internet traffic is effected.

Pretty frustrating situation.
 
Upvote 0 Downvote
I still like less but thats just imo.
Click to expand...
I'm with ya nooblet, I do not have any segments with more than a /24 in any of my locations.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I have a few cisco L3's as well, but I got a crash course in CDP during my first week on the job which scared the daylights out of me hehe.

I suppose I could try to setup a test environment to test the new design using the L3's and see what kind of performance I get.

Thanks for the suggestion.
 
Upvote 0 Downvote
He sees associates further subnetting of this range with forcing the subnets to be routed between each other, which in his opinion is going to slow things down :(
Click to expand...
Have him look up the benefits of utilizing CEF and he'll be quite surprized just how efficient routing is in Cisco products. As a matter of fact, having large layer 2 domains is less efficient than having multiple layer 3 domains.
The other issue he has with this is that when one the router goes down, hosts would not be able to continue to at least communicate with each other. Where as under the design I inherited, the router dies, only internet traffic is effected
Click to expand...
It's a legitimate beef, but that is why you build redundancy into your design. Not only that, but in some environments (like mine) having a reliable 100% on connection to the Internet is akin to having dialtone so that router failure would be disasterous.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I have a few cisco L3's as well, but I got a crash course in CDP during my first week on the job which scared the daylights out of me hehe.
Click to expand...
CDP runs on typical L2 switches as well. If you are concerned about it you can turn it off (that is unless you run Cisco VoIP).

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Curious, what are these 250, 500, 1000 nodes going to be doing? Do they need to be communicating with each other? A server on the network? Or just internet based traffic? If all of the above how much of each? Just wondering how much traffic would really need to be routed from vlan to vlan if you subnet. If you have a server on the network they need to communicate with, do you not have a backup server that could be on the other subnet/vlan and then have them replicate or even have the 1 server with a nic in each vlan/subnet? I'm just throwing stuff out there.
 
Upvote 0 Downvote
50 nodes are workstations, the developers test their code on their own workstations. In addition they require additional devices which consume IP addresses, and at times additional physical and virtual environment to do their testing. This number fluctuates wildly even on a weekly basis. some of their testing is stress testing that generates a lot of traffic. I've been told at times their traffic has shut router interfaces off altogether although I have not observed it.

50 hosts are strictly virtual environments used to support clients, typically they are part of interesting traffic rules to complete ipsec tunnels into customer environments.

The remaining 100 IP's are used for remote access (pptp dial in address reservations)

The remaining consumed addresses are various servers including the ones in a Colo.

We also have an MPLS into a colo site (100Mb) speed. I found that when servers replicated to the colo site the router's interfaces would shut off, so we moved them into the same mammoth collision domain until I have a chance to implement something better.

I haven't dual homed any of the servers yet. I can't currently use Vlans of any kind for the above so it's not currently possible. But I do plan to reimplement.
 
Upvote 0 Downvote
Just trying to get something together in a lab now. I just want to make sure I've subnetted correctly.

Major Network: 10.0.0.0/21(255.255.248.0)

VlanID Subnet Mask Router Priv.Int.IP
2 10.0.0.0 255.255.255.0 10.0.0.1/21
3 10.0.1.0 255.255.255.0
4 10.0.2.0 255.255.255.0
5 10.0.3.0 255.255.255.0
6 10.0.4.0 255.255.255.0
7 10.0.5.0 255.255.255.0
8 10.0.6.0 255.255.255.0
9 10.0.7.0 255.255.255.0


Would this work if I use the cisco switches to handle intervlan routing?

Do I configure one interface on the switch to be on the same subnet as the router?

So turn on ip routing, turn off the switchports to enable layer 3, Add the vlans to the database, configure an ip in each individual subnet for each vlan, no default route would be required since each vlan interface has an ip within the major subnet?

Sorry I know I am deviating from the original post a bit, just trying to implement the suggestion in a test environment, and I want to make sure I don't screw anything up.

Thanks in advance for any feedback.
 
Upvote 0 Downvote
I just want to make sure I've subnetted correctly.
Click to expand...
your subnets look good.
Would this work if I use the cisco switches to handle intervlan routing?
Click to expand...
absolutely, assuming of course everything is properly setup which brings us to:
So turn on ip routing, turn off the switchports to enable layer 3, Add the vlans to the database, configure an ip in each individual subnet for each vlan, no default route would be required since each vlan interface has an ip within the major subnet?
Click to expand...
ip routing - yes
no switchport - no, only issue the no switchport command on phyiscal interface that you want to be used as L3 ports
vlan config - yes
create an SVI for each VLAN and assign it an IP - yes
a default route will still be needed and pointed at your router as the next hop. this is mostly for accessing the Internet. also, corresponding reverse routes will need to be added to the router for return traffic (you may want to enable RIP or some other routing protocol to ease administration)

In terms of how you would connect the router you really have two options here; 1) connect the router interface to a port on the switch that is a member of the corresponding VLAN (i.e. if your router inside interface is 10.0.1.1 and your VLAN10 SVI has an IP of 10.0.1.254 then assign the switchport connecting the router to VLAN10) or 2) make the switchport on the switch that is connected to the router a L3 port. I hope this makes sense.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Thanks for the response.

I think I understand.

If I go with option 1, I would need a physical port on the router for each vlan so as to be able to assign an ip to the interface inside of that /24?

If I go with option 2, the L3 port get's an IP in the /21 and this is the port I connect to the router's inside /21 interface port?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
203
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
148
BIS
BIS
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
81
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
124
Geraldine Souza
Geraldine Souza
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
101
bfordz
bfordz

Part and Inventory Search

Sponsor

Back
Top