VLAN questions

[vincentw56]

My company has a network of about 600 nodes. We have about 10 VLANS right now. They want to flaten the network and remove all the VLANs. Is this possible? I know the network can run without VLANs, but is there any draw backs to doing this. The network is all IP based. Any help would be appreciated. Thanks in advance.

Vincent

 

[hjm3857]

Drawbacks:

There is a big list, I will give you a few of the main concerns.

1 Broadcast Domain size. The quantity of broadcast traffic generated by 600 nodes in a single broadcast domain would be enough to impact the performance or every device on the network. you would have a good chance of seeing packet loss on any 10 meg 1/2 duplex switch ports due to buffering problems. The issue with the broadcast traffic is not bandwidth utilization. The problem is that all interfaces on the network must process a broadcast high enough up the IP stack to ensure that the packet is not intended for that node. This packet evaluation leaves the Network Interface and is processed by the Operating system. You would be increasing the processing load roughly by a factor of 10. I have seen flat networks with 400 - 500 nodes and documented a 300 - 400% improvement in overall network and system performance by implementing layer 3 (VLAN) segmentation. (Testing was based on Latency, sustained and burstable throughput measurements, and key application response times.

the next problem comes from stability in you Microsoft (I assume you have MS based nodes) Browse structure. You will have 10 times as many nodes to participate in each browse election for a subnet, as well as 10 time the chance of having an unwanted or uneeded Browser election. If you are thinking of having multiple subnets share a common broadcast domain (keep the addressing the way it is and get rid of the VLANS) you will instantly have severe Browse Structure problems. The MS Browse structure is based on a heirchy of NT Domain, Subnet, and System Level/function. The subnet portion is the key here. The devices want to elect a browse master for each domain/workgroup for each subnet. This is done with a broadcast. If the broadcast reaches nodes in another subnet (this would happen if you kept addressing and got rid of VLANS) you would start elections that could not be properly won. Access to your resources would be intermittant, Performance would be bad, and troubleshooting would be a nightmare.

I am running out of wind, so I will get off of my soap box, and just say "Don't Let Em Do It!"


let me know if you need more amo, or it this is not clear,

Jay Mosser
jaym@optymgroup.com

 

[vincentw56]

Thanks for the info. Unfortunatly, they are still set against having the VLANs. What will happen is that in a year they will want to put them back. We had a Cisco consultant come in an evaulate the network and said that we should leave the VLANs. They are just going to do it anyway. I guess they don't have a clue. Thanks.

 

[ikendo]

600 nodes, how many subnet you using?

 

[vincentw56]

Right now we have 10 subnets (one for each VLAN). Once the network is flattened, we would use 3 to 4 subnets.

 

[tschafer]

Going away from VLAN's would be the worsed thing they could do.
May I ask, what kind of switches are you guys using?
I didn't see anything in your post about routers, RSM or MFSC. Maybe the problem is they don't understand how to make the LAN's talk to each other.

 

[vtuzzeo]

I want to get my 2cts. in. I certainly concur with HJM with special attention to the NT environment. However, the most important part of segmentation is multiple subnets. It is not necessary to have vlans to have segmentation. There just needs to be a vehicle to route to the local subnets at backplane speeds.

 

[BuckWeet]

I disagree with them, It doesn't matter that there are multiple subnets, the fact still remains there is one big broadcast domain. A broadcast is a broadcast. Arp'ing will happen, NetBIOS broadcasts, etc... Just because its been subnetted doesn't mean everything won't see it anymore.. Its one big broadcast domain. A broadcast from subnet A will still be seen by a machine from subnet F....



BuckWeet

 

[vincentw56]

I had a meeting yesterday with the folks who are wanting to flaten the network. Here are the questions that where asked:

1. Are broadcast still that big of a deal in a switched networked running Windows 2000 server and workstations with only TCP/IP enabled?

2. What is the size limitation on single VLAN (how many nodes can it have)?

Here is also some more information on our network.

All Windows 2000 servers and workstations.
TCP/IP is the only protocol.
All servers are located centrally and most run Gigabit backbone.
All Switches are connected together through gigabit fiber.
All switches are Cisco 3501 connected to a 6509 switch.
There are no departmental servers.

Please let me know if you have any more advise or recommendations that I can provide for them. Thanks.

 

[rcs2749]

How does a broadcast go from subnet A to subnet F? I always thought the router would stop the broadcast by default,

"I disagree with them, It doesn't matter that there are multiple subnets, the fact still remains there is one big broadcast domain. A broadcast is a broadcast. Arp'ing will happen, NetBIOS broadcasts, etc... Just because its been subnetted doesn't mean everything won't see it anymore.. Its one big broadcast domain. A broadcast from subnet A will still be seen by a machine from subnet F"

 

[BuckWeet]

rcs, there are no routers in his scenario. What was said is to take a all go to one big VLAN, and then subnet the systems.. Even though they're subnetted but not split layer 2 wise, they're going to see broadcasts from other subnets.. In the end the broadcast is still going to the FF:FF:FF:FF:FF:FF address, so therefore it will get broadcasted out everywhere.. Now if the networks were physically seperated (or vlan'ed) and linked together via routers or a L3 switch then your statement would be true...


BuckWeet

 

[tschafer]

The book says 500 users per broadcast domain.
I asssume your 6509 has a MFSC.You didn't say that the 6509 was fabric enabled so I'll assume its not. We just went from two VLAN's to one per switch, about 15 VLAN's. We have about 1500 users. We have noticed a marked reduction in broadcast traffic. If you want to a performance boost, think about going fabric at your core 6509. 256 gibit at the backplane. It comes at a price but fabric is fast.

 

[BuckWeet]

Fabric isn't needed for 600 nodes... Even then, to go fabric, you have to buy the SUP2 engines, then the fabric blade, and then the fabric enabled GBIC blades.. They wouldn't see any notice of increased speed by doning this.. I would recommend going to a MSFC and PFC though and keep your current VLAN implementation.

A sup1 supplies 32Gb of backplane speed.. If thats not enough to suit your needs for 600 users, then you need to be looking at why 600 users are filling your backplane..


All in all, I would be like this "I'll take it back to 1 VLAN, but don't come running and bitching to me when the LAN becomes slow and users start having problems, because its a stupid decision to go to a single VLAN" In this world you have to CYA anymore..


BuckWeet