Re: Routing to multiple subnets - Page 2

MisterOatScl · ‎12-10-2009

Hi,

We have a network setup so that we have a feed coming in from the Internet to our router and the LAN behind our router consists of some webservers configured with a subnet of public IP addresses, our provider is routing packets to this network to our router and then our router routes them to the correct server on the LAN, this works fine.

The issue is that we now need some more IP addresses (for SSL hosted sites on the webservers) and the new block we will get most likely won't continue on from the block we already have. What I'm trying to do is work out how to setup our router so that the LAN has 2 (or more) networks configured so that the servers can listen on both blocks of addresses.

The router we have is a Cisco 861 and in the web inteface you can simply set a WAN IP and mask and a LAN (or rather VLan) IP and mask, this worried me that it wouldn't be possible but after connecting using SSH and checking out some of the CISCO commands I'm starting to think this may be possible with this router?

What I am currently thinking is I simply need to create a new VLAN for each block of IPs we need, is this correct? If so then I've been looking at this but it appears at that a VLAN is attached to a particular interface (or interfaces), there are 4 physical LAN ports on this router and it seems a bit wrong that I would have to connect a seperate cable to each port with a VLAN on it all going into the same router so they can get to the webserver.

So I guess my question is can I a) have multiple IP addresses/subnets on a single VLAN or b) can I set up multiple VLANs and attach them to a single phyical interface?

Thanks for taking the time to read this and I hope my questions is clear enough and makes sense.

Tom

MisterOatScl · ‎12-16-2009

Thanks for your help so far, i've now been talking to the network expert at Insight and he's lead me to the conclusion (as I expected) that this router simply isn't made for this purpose so were now talking about the possiblity of using a Cisco 1941 router plugged into a managed switch (Cisco 2960 or HP 2610).

Now the guy I've been speaking to has said that we'd create a VLAN for each network then configure the switch with each of these VLANs, however from my understanding each VLAN (say for example we have the blocks 210.210.210.160/27 and 222.222.222.160/27) would be assigned to it's own block of ports on the switch (e.g. 210.210.210.x on ports 1-8 and 222.222.222.x on ports 9-16) is this correct? If so this brings me back to the same problem, if I have a server running VMware with a virtual machine with a virtual network adapter configured with and address on the the 210.210.210.x network and a second virtual machine configured on the 222.222.222.x network then I'm going to need 2 interfaces on the vmware server connected to the 2 different ports on the switch?

What would be better would be if I could configure the router/switch so traffic to 210.210.210.x or 222.222.222.x goes to port 1-16 (or whatever) on the router then I can use a single cable to the vmware server hosting clients on either network, does anyone know if this would be possible before I order this equipment?

Many many thanks!

Jon Marshall · ‎12-16-2009

Tom

The datasheet on the 860 routers clearly states that it support 2 vlans and 802.1q support. Have you tried

1) creating 2 L3 vlan interfaces

2) configuring the port connecting to the switch as a trunk link. Note that the switch end would also have to be a trunk and the switch would need to be 802.1q capable

The above aside, your new solution, if the VMWare server uses one NIC then you simply configure the port on the switch as a trunk link and then the link can carry traffic for both vlans. A 2960 switch is certainly capabale of trunking so there should be no problems there and you can create subinterfaces on the 1941 for each vlan.

Without wishing to confuse the issue, note that subinterfaces on a router is really a sub-optimal solution. This is what L3 switches were designed for. So you may want to talk to your network guy at Insight and compare the pros and cons of

1) 1941 with 2960 switch using subinterfaces

2) existing 860 router with L3 switch such as 3560 switch. A L3 switch does not need to use subinterfaces at all.

To be honest it's a long time since i have priced up Cisco kit and there may be other considerations that have led the Insight guy to recommend the 1941 but it may be worth having a discussion about it.

But yes, a 1941 + 2960 switch would do what you want.

Jon

MisterOatScl · ‎12-17-2009

Jon,

Thank you very very much for your reply, I think you've almost completely solved this for me now but I have 1 last question.

You say the L2 & subinterface solution is sub-optimal, am I right in thinking it's only sub-optimal when it comes to communication between 2 networks on the the trunk (because a packet will have to go from the server to the switch to the router back to the switch back to the server) or are there other noticable performance hits? The reason I ask is because this will never (well at most very rarely) happen and in which case this is probably the solution for us, however if there are other hits then I think we will fork out the extra for L3.

Thanks again for your reply, I think we have this almost sorted!

Tom

Jon Marshall · ‎12-17-2009

MisterOatScl wrote:

Jon,

Thank you very very much for your reply, I think you've almost completely solved this for me now but I have 1 last question.

You say the L2 & subinterface solution is sub-optimal, am I right in thinking it's only sub-optimal when it comes to communication between 2 networks on the the trunk (because a packet will have to go from the server to the switch to the router back to the switch back to the server) or are there other noticable performance hits? The reason I ask is because this will never (well at most very rarely) happen and in which case this is probably the solution for us, however if there are other hits then I think we will fork out the extra for L3.

Thanks again for your reply, I think we have this almost sorted!

Tom

The subinterface solution known as "routing-on-a-stick" was a precursor to L3 switches. It was a way to route between vlans when switches only worked at L2. So really if you need to route between multiple vlans the answer is a L3 switch.

It is suboptimal because -

a) the subinterfaces restrict the amount of bandwidth each vlan gets on the physical interface

b) the actual throughput of packets is much lower on a comparable router vs L3 switch because a L3 switch forwards packets at L3 in hardware

If neither of the above are a concern then yes, by all means use the routing-on-a-stick solution.

Jon

MisterOatScl · ‎12-17-2009

Thank you very much, I've got a good understanding of how this all works now and know exactly what kit to get. Thanks for all your help!