BYRONJACKSON
asked on
HELP NEED SUPPORT REGARDING STANDARDS
Hello All
I am currently utilising VLANs in our network - for obvious reasons. Unfortunately my senior manager wishes to ditch the VLANs in favour of a single flat network - Despite from the obvious broadcast problems they appear to be moving towards this. I need support with my case and am failing - is there a defined standard RFC that will define the recommended host per subnet? I cannot find one.. Can anyone assist. This question is urgently required so that I do not lose my network so any gurus would like to comment .... with supporting documentation links if possible. Am I correct or am I going mad!!
Byron
I am currently utilising VLANs in our network - for obvious reasons. Unfortunately my senior manager wishes to ditch the VLANs in favour of a single flat network - Despite from the obvious broadcast problems they appear to be moving towards this. I need support with my case and am failing - is there a defined standard RFC that will define the recommended host per subnet? I cannot find one.. Can anyone assist. This question is urgently required so that I do not lose my network so any gurus would like to comment .... with supporting documentation links if possible. Am I correct or am I going mad!!
Byron
Really, my first question is, "Do you have any HIPAA, SOX, GLB, or any other regulations to which you must comply?"
How many nodes do you have?
Curious: Why "ditch" the VLAN's? Is your layer 3 too difficult to manage? It seems to me that a different problem exists that your seniro manager cannot resolve or that your team might not be able to resolve. What's going on?
How many nodes do you have?
Curious: Why "ditch" the VLAN's? Is your layer 3 too difficult to manage? It seems to me that a different problem exists that your seniro manager cannot resolve or that your team might not be able to resolve. What's going on?
There are "rules of thumb" for a flat network (single broadcast domain). If TCP/IP only, then 500 nodes
Any other "chatty" protocols like Netbeui (25 nodes), IPX/SPX, Appletalk, etc will reduce that number
Agree w/gpriceee. There must be something else going on that TPTB (The Powers That Be) are blaming on the VLAN infrastructure.
Do you have any documentation, network plan, design document or anything else that outlines the reasons that they are setup with VLAN's today? There had to be a reason at some point. Poor implementation can certainly cause major issues that are difficult to troubleshoot..
Any other "chatty" protocols like Netbeui (25 nodes), IPX/SPX, Appletalk, etc will reduce that number
Agree w/gpriceee. There must be something else going on that TPTB (The Powers That Be) are blaming on the VLAN infrastructure.
Do you have any documentation, network plan, design document or anything else that outlines the reasons that they are setup with VLAN's today? There had to be a reason at some point. Poor implementation can certainly cause major issues that are difficult to troubleshoot..
There is no official rule of maximum hosts per subnet. I've had networks with about 30'000 Hosts connected in one plain network (of course switched).. however most of those hosts were unix-hosts that dont broadcast around to much...
On the other hand I had a network with about 500 Hosts, most of them windows, and even though everything was still working fine, my managed switch reported every now and then some port that still had packets in queue, so the network must have been pretty loaded...
How many hosts are you talking about ?
On the other hand I had a network with about 500 Hosts, most of them windows, and even though everything was still working fine, my managed switch reported every now and then some port that still had packets in queue, so the network must have been pretty loaded...
How many hosts are you talking about ?
The current thoughts are to segregate network segments at Layer 3, vs L2 vlans, but that still does not create the broadcast barrior zones that VLAN's do.
I am a very strong proponent of well-designed VLAN infrastructure, but only if there is a well-defined purpose and is well documented.
I am a very strong proponent of well-designed VLAN infrastructure, but only if there is a well-defined purpose and is well documented.
I agree with lrmoore in the well-defined purpose and documentation. If everyone would document their networks properly life would be a lot easier! I can't think when I last went to a new (to me) network and found an up-to-date plan...
ASKER
Hello All
OK Thanks for your response - the reasons as far as I can tell this is to ensure that our network falls within the /20 - currently we have a stepping stone router that deals with this so this is not the issue and we see no problems.
We are predominently Windows 2003 and Windows XP although we still require NETBEUI in some areas - around 300 clients on this site plus VMS, UNIX etc. VLANS were inherited from a Company division - however I kept them in order to segregate our manufacturing (MACHINERY & VMS systems), UNIX and Admin areas. Our switches are pretty old (NORTEL) but they cope with the current VLAN traffic very well. In total we have 5 VLANS - I read somewhere that the recommended number of hosts/clients was 500 as from neteducations response just need to tie that clear from the comments that flatnetworks work .. not sure if I would be keen to use them here.
Basically I feel that the move towards a single network will be problematic and I am not being given good reasons to change. We suffer like most other businesses from the occasional virus and the VLANs make this more palatable - Our network is clearly documented stable and all of those glorious things - not by me though! any documentation in the VLAN favour??? Thanks for the comments guys..
Byron :-)
OK Thanks for your response - the reasons as far as I can tell this is to ensure that our network falls within the /20 - currently we have a stepping stone router that deals with this so this is not the issue and we see no problems.
We are predominently Windows 2003 and Windows XP although we still require NETBEUI in some areas - around 300 clients on this site plus VMS, UNIX etc. VLANS were inherited from a Company division - however I kept them in order to segregate our manufacturing (MACHINERY & VMS systems), UNIX and Admin areas. Our switches are pretty old (NORTEL) but they cope with the current VLAN traffic very well. In total we have 5 VLANS - I read somewhere that the recommended number of hosts/clients was 500 as from neteducations response just need to tie that clear from the comments that flatnetworks work .. not sure if I would be keen to use them here.
Basically I feel that the move towards a single network will be problematic and I am not being given good reasons to change. We suffer like most other businesses from the occasional virus and the VLANs make this more palatable - Our network is clearly documented stable and all of those glorious things - not by me though! any documentation in the VLAN favour??? Thanks for the comments guys..
Byron :-)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Couple of more arguments FOR VLAN's
- Wireless. If you ever plan to setup wireless, you want all your wireless clients is a secured VLAN
- Voice. If you ever plan to migrate to VoIP, then VLAN's are almost a requirement
- Wireless. If you ever plan to setup wireless, you want all your wireless clients is a secured VLAN
- Voice. If you ever plan to migrate to VoIP, then VLAN's are almost a requirement
ASKER
lrmoore - Thanks for the above have downloaded - very interested in the VOIP ... I suppose that I could reason the same for our H323 traffic?
>I could reason the same for our H323 traffic?
Absolutely!
Absolutely!
as for 300 clients thats should not be a problem to handle in one flat network, if you are only talking tcp/ip.... but with NETBEUI I would not do it anymore eigther.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> Even if two nodes share a common IP subnet, they will not be able to directly communicate if they are in separate VLANs.
My first thought was that this could only result from an ugly legacy mess. But then I realized it could also happen if a user was attempting to breach security by renaming his machine to a privileged address -- without VLANs, he would waltz right on in.
My first thought was that this could only result from an ugly legacy mess. But then I realized it could also happen if a user was attempting to breach security by renaming his machine to a privileged address -- without VLANs, he would waltz right on in.
Chances are that if all your vlans are over the same infrastructure anyway, you won't have a bandwidth issue. I personally favour single networks except where there is a need to isolate devices (i.e. for security purposes) on a single infrastructure.