cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
442
Views
0
Helpful
1
Replies

Network Segmentation

  • Our network architect came up with this reply when i suggested to split the /20 shared vlan into smller subnets /23 each 
  • Segmentation: Current client Vlan is /20 (up to 4000 clients). Anyhow, DHCP range is much smaller and with today's switches, client NICs and CPU's having Up to 1000 clients per subnet won't cause any performance issues.
    • It used to be best practice, when we had 10mb Networks/hubs…etc, to not have bigger subnets than /24
    • In the mid-2000’s as TCP/IP took hold it became common to increase the Campus Subnets to /22 as the number of devices in the network increased and we were limited to 1024 VLAN IDs.
    • Broadcasts had reduced significantly because the dominant protocol of Microsoft’s NetBIOS over TCP/IP had stopped using broadcasts for name resolution by default and switched to using Windows Internet Naming Service (WINS) . The logic was that 1000 or so hosts would a reasonable number for pure TCP/IP networks.
    • Further are the site's following current global LAN standard, which is implemented in all ALA sites without any reported issues.
    • If not required for security reason, we shouldn't spilt the subnet and keep management simple.

I have  read few networks books and desgin guides from cisco, and they always reommed subnets.

what do you experts think? 

1 Reply 1

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

There much truth in what your network architect notes, but I would quibble with some of it.

Many modern NICs for some time have be able to filter out non-interesting unicast and multicast, but not broadcast.

Broadcasts hitting a NIC generally force the client to actually analyze the content, to see if its something the host needs.  Advanced NIC features, like off-loading, I don't believe help much with this.  Faster host CPUs help, but processing a bunch of needless traffic (often generating system interrupts) certainly isn't going to improve host performance.  BTW, on network equipment that have ASIC support, they often don't dramatically increase the device's CPU capacity, so a stream of broadcasts seen by such a network device can be very detrimental to its performance.  (The latter is why its highly recommended to have a device's management IP on a dedicated management network.  Ordinary gateway IPs, though, are still exposed.)

When networks collapse, it's often the case of "the straw that broke the camel's back".  I.e. everything is working fine until you go over the edge.

As you potentially double the number of hosts each time you shift the address block size, you move closer to some edge.  /24s have a long history of not going over the edge.  (They also, though, were Class C address blocks.)

In my current environment, I pushed for using /20s for WLANs, but they don't do broadcasts, and for the last couple of years we've been using them w/o issue.

We have some /23 LANs, those too have been fine.

Personally, I would be concerned about using /20s for LANs.

Interestingly, you network architect notes /20 DHCP range is much smaller, so how much smaller?  I.e. If you have a /20 that limits the hosts to a smaller address block, effectively you're still using smaller address blocks.

BTW what's an "ALA" site.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco