Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2162
Views
20
Helpful
7
Replies

Converting Access port, Trunk port, and Broadcast traffic, Advise needed.

m19
Level 1
Level 1

‎11-23-2020 05:24 AM

Hello,

 

I have a one VLAN with multiple IPv4 and IPv6 addresses, which is causing a lot of broadcast traffic on the NIC of our servers, and I am looking to split these to multiple VLAN.

 

Currently, our port is configured as an access port. I want to know if

 

1. We split this large VLAN into multiple VLAN

2. Convert our access port to trunk

3. Tag all the new VLANs to the trunk port

 

Will help reduce the traffic in the VLAN and the load on the server's NIC?

 

Your advice would be helpful!

 

Thanks

 

P.S we are using a linux Bridge at the moment.

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎11-23-2020 05:30 AM

Make More VLAN Definatly help to differentiate and seperate the Brocast traffic, if you have large environment.

 

When you have multiple switches connected using Trunk passing the VLANS, you apply the broadcast strom config and see if that help you - in case too much strom coming in.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎11-23-2020 07:13 AM

When there is a single vlan for the organization network then every device in the vlan sees every broadcast frame. The original post asks that if they create multiple vlans, and if they change the switch port from an access port to a trunk port will it reduce the amount of broadcast traffic. I think that there is one answer if you look at the switch port and a different answer if you look at the server.

 

If you look at the switch port you will see the same amount of broadcast traffic. Every device that was generating broadcasts will continue to generate similar broadcasts and they will continue to be sent through the switch port. But if you look at the server it is likely that the server will see reduced amount of broadcast traffic. This is based on an assumption that the server would have connection to a single vlan and would not require access to multiple vlans.

 

The suggestion to create multiple vlans will require that some other things be done:

- they will need to create separate IP subnets, one for each vlan.

- they will need to provide something to do the layer 3 forwarding between vlans. The original post is not clear whether this type of device currently exists in their network.

HTH

Rick

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-24-2020 01:24 AM - edited ‎11-24-2020 01:26 AM

Hello @m19 ,

in theory you can achieve a reduction in broadcast traffic level on each of the new VLANs that you create.

However, the initial network audit can be difficult to perform if there are devices that are not very active in the network .

You can start by tracking the ARP table for each IP subnet to find out the MAC addresses associated to a single IP subnet.

Then for each subnet and each MAC address you need to locate it in your network = find the switch and the port where the MAC address  is connected to.

In reality in most cases you will not convert an access port in Vlan 20 to a trunk port carrying VLANs 201-208  ( the numbers are just to make an examples)

you will need to move all access ports where hosts are in a specific IP subnet to a new Vlan like VLAN 201.

As noted by Richard a multilayer switch or better a pair of them are needed to make the inter VLAN routing between the new VLANs.

 

Each single IP subnet has to be migrated at once: removing the ip address secondary command under SVI Vlan 20 and putting it under the new SVI Vlan 20x. All access ports with hosts in this subnet have to be moved from access ports in VLAN 20 to access ports in Vlan 20x.

 

At the end of the process all hosts should be migrated to new VLANs. The new VLANs need to be defined in VLAN database and permitted on inter switch trunks.

Some servers hosting VMs may need to have their ports moved to trunk mode with some of the VLAN 20x permitted over it but normal endpoints will just change the access VLAN as explained above.

 

Hope to help

Giuseppe

 

m19
Level 1
Level 1

‎11-29-2020 03:48 PM

Hi,

 

Thanks for these helpful answers, it makes sense.

 

My biggest concern is, is what I'm trying to do, the same thing?

 

In a scenario I have 

 

- 30 Linux servers with VMs

- 3000 IPs in one VLAN as an access port, to all 30 servers.

 

What I'm trying to do is,

 

- Split the 3000 IPs to smaller tagged VLANS

- Tag all the VLANS to 30 servers

 

I'm utilizing Linux Bridge to tag the VLAN to the interface.

 

I want to know if what I'm trying to is the same thing around? And will it help me reduce broadcast traffic?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to m19

‎11-29-2020 07:02 PM

We now know a little bit more than we did before:

- 30 servers

- 3000 IP addresses on other devices

using Linux Bridge to tag the VLAN

There are many things we do not yet know, some of which are more important than other.

- (probably most important) do you have something that can process the multiple vlans and to perform inter vlan routing? I am not clear what the capabilities of your Linux Bridge are and whether it can perform this function.

- are the 3000 IP addresses all in the same IP subnet? Or are there already multiple subnets active in the single vlan?

- are the servers in the same IP subnet with the other 3000 devices?

- if the 30 servers have VMs then how many IP addresses might be used for them?

- does this network have access to outside resources (especially the Internet)? If so what currently provides that access?

 

Especially if your main concern is the impact of broadcasts on the servers, then probably the most simple solution would be to create a second vlan, move the servers to the new vlan, leaving all other devices in the original vlan. This would isolate the servers from the broadcast traffic. 

HTH

Rick

m19
Level 1
Level 1
In response to Richard Burts

‎11-29-2020 10:52 PM

Hi Richard,

 

> - (probably most important) do you have something that can process the multiple vlans and to perform inter vlan routing? I am not clear what the capabilities of your Linux Bridge are and whether it can perform this function.

 

Yes, we use linux bridged to tag VLAN traffic internally (brctl show)

 

> - are the 3000 IP addresses all in the same IP subnet? Or are there already multiple subnets active in the single vlan?

No they are different /24s (we're looking to place one /24 in it's own VLAN and tag all of the VLANs to our WAN port)

 

> - are the servers in the same IP subnet with the other 3000 devices?

No, servers have different management IPs, only one WAN port will use 3000 IPs (divided across 30 Nodes / Hypervisors)

 

> - if the 30 servers have VMs then how many IP addresses might be used for them?

Max would be 250, as scaled up 

 

> - does this network have access to outside resources (especially the Internet)? If so what currently provides that access?

Yes, these are public IPv4 addresses, so HV 1 has 250 hosts (could be from different VLANs, since i am assigning all VLANs to the trunk port)

 

> Especially if your main concern is the impact of broadcasts on the servers, then probably the most simple solution would be to create a second vlan, move the servers to the new vlan, leaving all other devices in the original vlan. This would isolate the servers from the broadcast traffic. 

 

Yes this is a straight forward idea, but what I am trying to do is different.

 

I'm looking to tag all the VLANs to the 30 servers, and tag traffic via linux bridge i was talking about. So if an IP from VLAN x is assigned to Server B, it will spin up the VLAN x bridge on the HV so IP will have a route.

 

My concern is, what I am trying to do, is it going to be as bad as having 3000 IPs in one VLAN?

 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to m19

‎12-01-2020 10:43 PM

Thanks for the update. If there are multiple /24 address blocks then it would seem logical to implement multiple vlans where 1 (or perhaps more) address blocks could be assigned. This would certainly reduce the size of the broadcast domain and therefore reduce the number of broadcasts any particular device would need to process. 

 

This would be a significant undertaking. Configuring the vlans and perhaps some trunks is straightforward. But figuring out individual switch ports and what subnet the host connected on that switch port belongs to and assigning that switch port to that vlan will be tedious. And as you do this process the challenge will be that when you have moved some switch ports to the new vlan but some other switch ports for that address block are still in the original vlan then those hosts would not communicate with each other. And I suspect that the routing to addresses in that address block would go to the new vlan and that would have negative impact on hosts still in the original vlan.

 

I found this part of your response especially interesting " if an IP from VLAN x is assigned to Server B, it will spin up the VLAN x bridge on the HV so IP will have a route". This is not something where I have any expertise and therefore have no advice to offer. But I suspect that this might become challenging.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents