Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-09-2008, 01:02 PM
|
#1
|
Member
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606
Rep:
|
VLAN vs Subnet - too many ambiguous answers online
I've been trying to get a feel for the difference between VLANs and Subnetting for a while now, but all of the discussions online are pretty similar and don't really get the the bottom of my questions...
First, does either provide any REAL security?
Second, how does each effect network performance? Does either minimize traffic for the router (or do they actually increase router traffic for inter vlan/subnet communication). Do they minimize the work done by the switch or increase it? I'm pretty sure they both remove significant broadcast traffic at individual computers.
Anything special about multiple subnets within a vlan?
Anything special about multiple vlans within a subnet?
I'm sure I'll come up with more questions, I'll append them as I think of them...
|
|
|
04-09-2008, 02:42 PM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
neither are about security, used inconjunction with layer 3 security devices, i.e. a firewall, then they are what defines the seperations, but they are not about security themselves.
in general you have a 1:1 mapping of subnets and vlans. they are used in compliment to each other in the vast majority of effectively designed networks. multiple subnets on a single vlan, or rather no vlan is very dumb, that's for sure. generally you'd probably have /24 subnets each with their own matching vlan, e.g. subnet 192.168.123.0/24 would quite likely be switched on vlan 123.
vlans allow isolated smaller subnets on a single (or mulitple) devices, so with a smaller subnet, you have fewer devices and therefore less broadcast traffic. by segregating traffic though, you do substantially increase unicast traffic volumes when going between networks, i.e. traffic goes from one pc to a router and then back to the destination pc, which would most likely be a more cpu intensive and further route than if they were on the same subnet and therefore not using a router in the middle.
|
|
|
04-09-2008, 03:14 PM
|
#3
|
Member
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606
Original Poster
Rep:
|
Is it ever useful to use VLANs to span a single subnet across multiple switches? Or is that unnecessary because you can just connect the switches together?
So if I have a large office with a small web server used by the outside world, a data server, mail server, anti virus box, etc, and also ~300 workstations that mostly use the internet, data, and mail servers, which could probably be divided into vlans/subnets of ~20-50, would it make sense to have 5 or 6 workstation vlans, and a server vlan? Or should the data server be on the same subnet/vlan as the workstations?
|
|
|
04-09-2008, 03:51 PM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
a vlan would certainly span across multiple switches, that's one of the main points - a logical seperation of a network and the arbitrary pieces of hardware that do the switching. the connections between these switches would be a trunk - check out 802.1q on wikipedia or something like that.
in your example i'd probably have 1 server subnet with a /24 mask and a couple of workstation subnets, split by floor, building, department or something like that. no need to have too many for the sake of it.
|
|
|
04-09-2008, 04:22 PM
|
#5
|
Member
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606
Original Poster
Rep:
|
Well, it's a county building which means there's extreme disorganization. I've helped out a little there and have been trying to come up with some simple solutions to their problems. The main problem is the way government purchasing works. But the equipment they have, even though the service agreements are running out, can still be salvaged. The internet connection itself is actually a T1, a dsl, and cable line (maybe other but I'm not sure). There are also T1 lines running to other satellite offices. I'm not sure but I think internet is provided through those T1's as well.
Luckily most people of similar positions are located in the same area of the building. Having "too many" network segments would help to find bandwidth hogs, etc. Basically each vlan/subnet would be scaled for its traffic to be handled by an old machine running Wireshark.
Also, what about DHCP servers. Do you need one per subnet/vlan or can one exist above all of the lans?
Last edited by Meson; 04-09-2008 at 04:51 PM.
|
|
|
04-09-2008, 05:35 PM
|
#6
|
Member
Registered: Jun 2005
Location: Odenton, MD
Distribution: Gentoo
Posts: 290
Rep:
|
A single DHCP server can work for however many subnets you have.
You just have to make sure you have the proper command in place to allow the DHCP broadcast to reach those subnets. On Cisco equipment, this is attained with the "IP Helper" command on your VLAN Interface (or SVI).
|
|
|
All times are GMT -5. The time now is 07:14 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|