Re: VLAN benefits and risks?

rocknolds · ‎04-24-2010

What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.

What are the risks and concerns that need to be considered in this situation?

Reza Sharifi · ‎04-24-2010

Hi,

There is really no benefit in extending layer-2 across a WAN link. The risk and drawbacks are 1-Since the connection is layer-2, you can not take advantage of tools like ping and trace route. 2-troubleshooting is more difficult sine the vlan spans across multiple locations.3-If you have redundant connection to prevent loop you need to deploy STP.

Although some times you have to deploy it, in general staying away from it is a good idea.

HTH

Reza

Federico Coto Fajardo · ‎04-24-2010

Technically you can extend the VLAN across a WAN link but why would you want to do this?
You would have a broadcast domain extending the WAN link as well.

VLANs work fine in a LAN environment.
Unless you have a need to, like an ISP, if you're a customer I don't see the need to span the
VLAN across the WAN link.

It will be much better to have separate IP subnets, on the other side of the WAN link on different
L3 segments to ease manageability and troubleshooting.

Hope to help.

Federico.

rocknolds · ‎04-25-2010

Thank you guys!

It looks like it's easy to spot the risks and disadvantages of spanning VLAN over WAN link.

But it is still unclear to me what the advantage is/are if there is/are like what Federico has pointed out.

Can somebody please explicitly tell me the advantage VLAN brings spanning over a WAN link?

Many many thanks.

George Stefanick · ‎04-25-2010

Rock,

I have a real world example for ya...

A few months ago i worked with a client that had an application that only worked in layer 2. The app for some reason would not allow a gateway. SO, with that being said, we had to extend the layer 2 (vlan) from one office over the WAN to the other office.This was a requirement for the app to work, it couldnt route.

As for me, I side on the part of NOT spanning vlans over WANs.

Here is another real world example. A year or so ago, a customer called and said their office had a slow connection. So after some digging i found the GW resided on the remote office (side) for the layer 2 vlan. All the off subnet traffic was being routed over the WAN link to be routed and coming back across the WAN to the central location. Of course an oversight by whomever did the design.

In addition, since the layer 2 extended to the remote office. It also explained why when the IT desk top guy imaged devices over the production LAN it KILLED the remote office.Guess what vlan he used

My practice is to segment all remote locations via layer 3.

i hope this adds some light to your question

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

rocknolds · ‎04-25-2010

Thank you George.

Those were really something... again thank you.

Jon Marshall · ‎04-24-2010

rocknolds wrote:

What are the benefits that may be gained by configuring a VLAN that spans across two locations connected via a WAN link.

What are the risks and concerns that need to be considered in this situation?

Just to add to Reza's post. L2 is also harder to secure. If a virus infects one pc then within that vlan it can easily spread. If a broadcast storm happens in the vlan it goes across your WAN links. L3 is generally a better solution for WAN connectivity.

Jon