I have a legacy network originally designed to allocate subnets to individual servers through VLANs, controlled through bridged switches to our individual cabinets. Each server would be assigned a switch port and a subnet VLAN. Over the years we've been virtualizing nearly all our hardware and assigning the subnet to the VLAN of the VM Host. It's gotten to the point where we have one massive VLAN with about 40 subnets assigned to it, then a dozen or so remaining VLANs assigned to other ports and/or switches.
Our current Router (Cisco 3825) has the config like this:
interface GigabitEthernet0/0 description Link to Upstream Border10 ip address XX.XX.239.118 255.255.255.252 ip flow ingress ip flow egress duplex full speed 1000 media-type rj45 no mop enabled ! interface GigabitEthernet0/1 description Link to Upstream Border11 ip address XX.XX.239.122 255.255.255.252 ip flow ingress ip flow egress duplex full speed auto media-type rj45 ! interface GigabitEthernet2/0 ip address XX.XX.79.199 255.255.255.128 ! router bgp 7835 bgp log-neighbor-changes network XX.XX.64.0 mask 255.255.224.0 network XX.XX.79.0
Then my switch (for example) would be configured like:
spanning-tree mode pvst spanning-tree extend system-id #Send all traffic to router ip route 0.0.0.0 0.0.0.0 XX.XX.79.199 ip routing ip classless interface Vlan118 description Customer 2018 ip address XX.XX.69.193 255.255.255.240 ...
We're getting ready to move our equipment to a new ISP and I was wanting to take the opportunity to simplify our network infrastructure. What I believe I want to do is add all the subnets (we have a /19 divided into about 50 subnets) to our new router (a Cisco ISR4431/K9). Then remove all VLAN configs from the switches and just let them do normal switching without any VLAN tagging.
So the questions I have are:
1) Is this a good idea? (Subdividing a /19 into 50 subnets on the router without a VLAN)
2) What syntax would I use on the router? (Under the old scheme, I would config t / int VLAN 123 / ip address XX.XX.XX.1 255.255.255.0). Do I just add the IP address at the root level of the router config? Or do I need to add it to the router's "VLAN 1"?
3) In the router, I specify the whole /19 range in the BGP section with a "network XX.XX.64.0 mask 255.255.224.0" entry. Do I need to reference the entire range anywhere else?
>> 1) Is this a good idea? (Subdividing a /19 into 50 subnets on the router without a VLAN)
No, it is a bad idea because everytime a device sends out a broadcast like for an ARP request it is received by all hosts in all the current 50 subnets. I you have hundreds or thousands of hosts the level of broadcast traffic can become too much.
>> We're getting ready to move our equipment to a new ISP and I was wanting to take the opportunity to simplify our network infrastructure. What I believe I want to do is add all the subnets (we have a /19 divided into about 50 subnets) to our new router (a Cisco ISR4431/K9). Then remove all VLAN configs from the switches and just let them do normal switching without any VLAN tagging.
Again it is a bad idea if you have multilayer switching performing inter Vlan routing they work in hardware.
A Cisco ISR4431/K9 is actually still a software based router with some HW improvements and you would need additional licenses to use all its limiited capabilities ( look for performance and boost performance licenses).
A Cisco 3750 multilayer can handle much more traffic in order of several tens of GBps in comparison to the ISR 4431.
Please use the ISR 4431/K9 only to terminate the ISP WAN link and have one or two routed p2p links to multilayer switches so that inter Vlan routing is performed by multilayer switch (if you have) and ISR 4431 is used only for internet traffic.
2) You should use one primary address and 49 secondary addresses on the same L3 interface.
To be noted in IPv4 devices in different subnets in the same broadcast domain are not able to talk to each other they need to go to their default gateway and your router becomes a strict bottle neck for inter vlan traffic.
I strongly recommend to use the solution proposed above keep inter vlan routing on multi layer switches its their job and use the ISR with two routed links to the switches.
You can use a dynamic routing protocol like OSPF or EIGRP to advertise the 50 subnets to the router and have the router sends a default route to multi layer switch.
Once the 50 subnets are known on the router by static routes or dynamic routing protocol you need to advertise them in BGP using appropriate network commands using the actual netmask for each prefix, because BGP looks for an exact match in IP routing table (with no auto-summary the new default for BGP)
You can then configure under bgp an aggregate-address for the /19 block but component routes must be in the BGP table to work.
What you call network simplification would mean great network performance problems and big troubles for you.
I hope to have explained the reasons above. What you would like to do is wrong both in theory and in real world practice.
Hope to help
I have to agree with the other posters - increasing the number of hosts on a VLAN is not a good idea. The rule of thumb I always work to is no more than a /23 subnet (max 510 hosts) and typically stick to /24's if you have no IPv4 allocation restrictions. Also be careful with what applications are in there. You don't want some SLB or other odd load-balancing thing that results in lots of flooding of packets.
I remember some clown server engineers configuring a backup from a server to a VIP address on a MS SLB thing that never responded to ARPs. A Gigs worth of a streaming backup overnight replicated to every port in the VLAN... STP on the slower 100Mbps links flapped like a beached fish.
I try and keep subnets small for modularity and actual use. If you know there will only ever be a maximum of 10 hosts on a VLAN why allocate anything more than a /28? With RFC1918 10.0.0.0/8 allocated everywhere it removes the need to conserve addresses and humans understand /24 subnets better.
Drop IPv6 into the mix and it all turns on its head though... /64 subnets everywhere - like you'll ever be able to get 18,446,744,073,709,551,616 hosts on the same wire?