• February 23, 2020, 10:12:30 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: LAN's, Vlans, Subnettting: To Trunk or not to Trunk..... that is the question...  (Read 4303 times)

0 Members and 1 Guest are viewing this topic.

Offline Paul L

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 754
    • paulaleroux
    • Paul's Networking blog
i recently had a friendly debate with an industry colleague. thought I would start the discussion here.

Most networks I see that have 1000+ users and nodes have their network setup by vlan. Meaning, there is a Server Vlan, printer vlan, HR Vlan, Finance Vlan, guest vlan, Wi-fi Vlan, user vlan....etc etc..

So if you have a star network design, you would simply extend these vlans throughout your network into the different switch stacks spread out within your network using trunk ports.  The obvious advantage to this design is you can move the vlans around over trunks if people move throughtout the office.  As well, for security reason, you can conform to zoning policies.

However, I know the people who sell the Green switches don't like this design model.  They like to setup subnets on their cores, route with a 3rd teir design directly to the floors.  An example of this would be if you have a 20 story office building with around 200-300 users and nodes per floor. you would just setup a /22 or /23 per floor. regardless of what or who is on that floor.  I guess the design of this model is pure simplicity.  but I am not a fan.

personally,I like to trunk vlans as required. Not be limited to a single vlan per geographic area of an office LAN.   but I am curious what everyone else is doing.

ACSS- Avaya Enterprise Routing Switch  #8

Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 961
Hi Paul,

Our setup is collapsed backbone to the core where the subnets are configured with their respective Vlan.  We then extend that Vlan to the Edge and Server stacks.


Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3841
    • michaelfmcnamara
    • Michael McNamara
You'll probably find that there are a lot of different thoughts on this subject. I still know vendors that are trying to push Layer 3 at the closet/edge. I've seen it both says, I've seen very sizable networks with every device in a single VLAN with a /19 network mask. The background broadcast traffic across that large a network was around 11.0Kbps, which in my opinion is significant. I've also seen in with every closet/floor setup to route in a three tier network design with core, distribution and edge.

I actually employ both configurations although I do ALL routing in the core switches. I don't use any distribution I have a core (fiber hotels) and edge/closet switches. Which have a few VLANs which are application specific and campus wide (PACS, CPN, VARIAN, etc) and we also have VLANs which are specific to each closet/edge switch. We keep the devices that are not on the special application VLANs in the closet/edge VLANs. We do this to keep the broadcast domains to a manageable size. We utilize /23 networks on our closet/edge VLANs since we have some stacks up upwards of 384 ports. We generally utilize /24 for the application specific VLANs.

This can really be a challenge on wireless networks were the broadcast traffic can really chew up precious bandwidth. A number of wireless solutions today allow you to load-balance wireless clients over multiple VLANs to help cut down on the broadcast domain size.

We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Dominik

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1564
    • Networkautobahn
I am not a believer of the L3 Cisco network design.
In my opinion that is the design of yesterday wich comes from an age where Cisco had no redundant L2
mechanism for there core, so they used L3 to build up that redundancy.

If you have the L3 functionality in the core centralized you have a central strting point for configuration and
troubleshooting. If you distribute that to all your sites you have a much complex config at all these sides, I would prefer the KISS (keep it stupid simple) principal on the edge Layer.
The downside of that is that you need for your L3 Core a resiliant design. So you have to use something in the Core like a Avaya Switchcluster, Cisco VSS or vPC.
In fact the VSS feature was in the starting time not very stable a lot of Cisco consultants doesnīt like it and still prefer the L3 design.

Itīs always the networks fault!

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 311
    • matzeks
    • Controlware GmbH - Germany
I agree the KISS principal of @Dominik - keep the edge simple with L2-only and have the L3 only in core.
In addition with SPBM and IS-IS in the core you are able to separate all L2 informations from edge to core.
Hey - btw, I saw the SPBM running at the ATF in Orlando - thats quit fast and simple stuff ;)
ACE-Fx #00050

Offline Kaya ATABEY

  • Jr. Member
  • **
  • Posts: 28
I am also more happy with simple "backbone-route-all fiber to all edges sharing enabled via secondary link" approach. But sometimes on very large populated networks, you may have to route because of the mac address tables limitations. You wouldn't like to experience overflow of mac addresses in your backbone or weak edges.

Sometimes clients ask for specific security solutions for specific building/department. Than you may consider routing on that edge in order to apply specific policies. Applying all policies on single firewall on core or backbone can exhaust traffic.

Routing a lot is not a good solution too. If you sub-net and route a lot than you may have a routing table overflow problem. But these are all for very large deployment. For normal deployments you never experience these problems, all approaches will work fine.