Solved: One VLAN with managed and

sendalot7 · ‎11-09-2015

Finally persuaded and "forced" my work to move away from consumer grade Netgear router(the one you usually use at home) and use Cisco ISR.

I was recently hired to revamp network, etc.

We have VMware/OpenStack environment with new people coming in constantly.

Do I deserve to be scolded as the enemy who made them spend money and go through needless transition?

Not to mention DHCP resevation issues, CPU, packet processing power, what other problems did I take away that I should be punished for?

Just trying to understand whether I did something stupid.

Joseph W. Doherty · ‎11-11-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Ok, I understand you would like to segregate existing VLAN into multiple VLANs, but again, if you have switches, managed or unmanaged, /24s usually don't need segregation.

Also, if you intend to route between VLANs using the 891, you're creating a major bottleneck. What you would want is a L3 switch.

View solution in original post

Vinit Jain · ‎11-09-2015

I dont think you did anything wrong moving to Cisco ISR platform. But would like to know what was the reason for making this transition (Just want to get your thoughts).

Quick points before making a transition to any vendor device -

1. Understand the amount of traffic and kind of traffic that needs to be transmitted across network

2. Throughput of the router (Always refer to the data sheet of the platforms to which you are migrating)

3. Is CEF enabled on the router?

4. What all features are you planning to run on the device and prior testing should be done before deploying the device in production?

I am not really sure what all problems did you face with the migration coz the above factors really add in to a stable environment.

Cisco ISR series is a good platform but at the end, it drill down to the features, performance, throughput supported on the platform.

Please let me know if you are facing any problems presently.

Hope the above points help.

Regards

Vinit

Thanks
--Vinit

sendalot7 · ‎11-09-2015

(1) Very random due to VMs in virtualizaed environment pulling resources from internet and everything is under one vlan(/24).

(2) This is the WAN int output

rtr# show interface gig 0
GigabitEthernet0 is up, line protocol is up
Hardware is PQII_PRO_UEC, address is e02f.6d96.8de8 (bia e02f.6d96.8de8)
Internet address is 1.2.3.4/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1379000 bits/sec, 222 packets/sec
5 minute output rate 270000 bits/sec, 195 packets/sec
8611203 packets input, 52414044 bytes, 0 no buffer
Received 42730 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
5523593 packets output, 1224294114 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

(3) CEF: I think so

rtr#show ip cef
Prefix Next Hop Interface
0.0.0.0/0 1.2.3.4 GigabitEthernet0
10.1.10.213/32 attached Vlan100
10.1.10.214/32 attached Vlan100
10.1.10.215/32 attached Vlan100
10.1.10.216/32 attached Vlan100
10.1.10.217/32 attached Vlan100
10.1.10.220/32 attached Vlan100

(4) We don't have budget for anything fancy but having everything under one vlan is causing collisions/slowness. So wanted to seperate out servers/VMs and office staffs.

Leo Laohoo · ‎11-10-2015

Gig0? What is this ISR? 800-series router? How big is the WAN bandwidth?

sendalot7 · ‎11-11-2015

891FW.

100MB/s.

I can already notice an improvement in WAN throughput.

Joseph W. Doherty · ‎11-11-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

BTW, Cisco recommends the 890 series for up to 15 Mbps of WAN bandwidth.

Your current VLAN is running on a hub? Reason I ask, you mentioned "collisions" causing slowness. If this is true, moving to a switch topology would probably be both better and less expensive then trying to microsegment via an ISR. Generally, in a switched L2 topology, a /24 isn't too large.

sendalot7 · ‎11-11-2015

One VLAN with managed and unmanaged switch.

I'm trying to segregate into VLANs.

Yes, I know the limitation of 891 but the client thinks I'm trying to just waste money so I had to settle for 891.

They don't understand the VLAN business hence all clients and VMs are colliding.

I mean this happens in the industry. Where the client asks you to fix problems yet refuse to take your recommendations.

Joseph W. Doherty · ‎11-11-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Ok, I understand you would like to segregate existing VLAN into multiple VLANs, but again, if you have switches, managed or unmanaged, /24s usually don't need segregation.

Also, if you intend to route between VLANs using the 891, you're creating a major bottleneck. What you would want is a L3 switch.

sendalot7 · ‎11-11-2015

Yep already have a L3 switch trying to activate a license for.

You are right that /24 isn't that big but it irks me(fellow designers as well) that vCenter and its VMs, office staffs, their computers, phones are under one /24.

Not to mention no management interfaces.

As company and clusters get larger I just like to think long-term.

Thanks for your advice, it worries me less.

Leo Laohoo · ‎11-11-2015

890 ain't designed for 100 Mbps link.

890 has very limited amount of VLANs to support, 14 VLANs only.

ISR vs Netgear consumer