Solved

question about vlans and unicast traffic

Posted on 2013-10-23
8
386 Views
Last Modified: 2013-11-12
Hey guys i have a question. Vlans are for segmentation of broadcast domains, i fully understand that.

I think historically it was created because most accessed resources were local in sites, so tons of broadcast traffic and arping was going on, but now most traffic is unicast out to the internet.

My question is, does vlan segmentation realy help you if all of that traffic is going right the wan pipe and not many local resources are being accessed?
0
Comment
Question by:mrbayIt
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Yes,

You still have broadcast traffic such as ARP, SMB, and DHCP that still occurs in the vlans.
0
 

Author Comment

by:mrbayIt
Comment Utility
i agree i just want to fully understand the scope of what were talking about. dhcp only occurs upon obtaining a lease, lets say for example i have 7 day leases so there is no dhcp going on with 1,000 employees all on the same /16 network. how often does the arping and smb occur?
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
This is one of those questions where there are a ton of variables that can affect the answer.  

If all the traffic is going out the WAN, then once a device ARPs its default-gateway, it shouldn't need to ARP it again until the entry ages out of the ARP cache.  Now the question is: how long will the entry stay in the ARP cache?  That will depend on a number of factors.  But somewhere between 30 seconds and 10 minutes since the last time the cache entry was used is pretty typical.

Then there's the background noise. I've seen some Windows installs generate a broadcast every 30 seconds.  Totally unnecessary, but that's how the O/S was configured.  

If you have 1,000 of those on your network, then you're looking at 33 broadcasts per second crossing every link and being seen by every device on your network.

And don't forget that broadcasts are recognized and processed by every device.

Now rather than try to figure out how often a device has to refresh its ARP cache entry and generate spurious broadcasts, I prefer to simply look at broadcast traffic as a percentage of total traffic. As long as your broadcast traffic doesn't exceed 20% of your total traffic (during normal usage hours), then you're fine.

Except for the security thing...  It can be a bit of a challenge (if it's possible at all) to control traffic between devices on the same broadcast domain. But put them on different networks where they have to go through a router and it's much easier to control who can get to whom.
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
I think historically it was created because most accessed resources were local in sites, so tons of broadcast traffic and arping was going on, but now most traffic is unicast out to the internet.

Not sure where you've got that from, but it's simply not true. Broadcast traffic is an intrinsic part of the current networking protocols and is still very much a part of current traffic.

My question is, does vlan segmentation realy help you if all of that traffic is going right the wan pipe and not many local resources are being accessed?
Yes. if you have various sections of your networks that could be separated, VLANS can make a huge difference to efficiency and internal bandwidth.
This is especially true with lag sensitive systems like Voice.

VLANS are not always suitable and aren't needed in many situations, but when traffic flow is identified as a concern it is definitely a suitable option.

I've been called in to troubleshoot many networks in the past to find that poor design and too much broadcast traffic is saturating links and causing bottlenecks.
Splitting into well designed VLANS has been proven to vastly improve many slow networks, which is particularly worrying when other IT consultants had already attempted to solve the issue by throwing new network hardware at the problem without identifying the actual cause.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
Comment Utility
Not sure where you've got that from, but it's simply not true. Broadcast traffic is an intrinsic part of the current networking protocols and is still very much a part of current traffic.
Before switches, the number of hosts on a network was limited by collisions. So it was unlikely to have more than a hundred or so hosts on a network.  Back then, broadcasts weren't the problem, collisions were.

When switches started replacing hubs, collisions stopped being a limiting factor. So more and more hosts were added to the network. Before long, a problem that hadn't been seen before arose: excessive broadcast.

One of the reasons for VLANs (some vendors referred to the concept as partitioning ports) at that time was to create multiple broadcast domains to control the broadcasts. Not the only reason, mind you, but one of them.
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
A grade of a "C"?  The lowest possible grade?

Can you tell me what part of my answer was lacking?
0
 

Author Comment

by:mrbayIt
Comment Utility
i was just on autopilot, i dont mind giving a better grade how can i?
0
 
LVL 27

Expert Comment

by:Steve
Comment Utility
@Mrbayit
Would have liked to think some of the other responses were worth at least a few 'assistance' points .  Particularly as my response was even quoted in the answer you accepted....

:-(
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now