When is a LAN a VLAN?
-
Just had a discussion with a techie at work. We're renewing our backup systems (100TB) … We would like a separate LAN for the backup traffic, to ensure that it does not impact other network traffic. This will use ports on Nexus 9000 switches, the switches also have other LANS for management and user traffic. The techie stated that if the LAN is attached to the same switch as other LANS then it's actually a VLAN, not a LAN. i.e. If it's a separate LAN then the connections have to separate switches. This begs the question in the subject ...
-
Just had a discussion with a techie at work. We're renewing our backup systems (100TB) … We would like a separate LAN for the backup traffic, to ensure that it does not impact other network traffic. This will use ports on Nexus 9000 switches, the switches also have other LANS for management and user traffic. The techie stated that if the LAN is attached to the same switch as other LANS then it's actually a VLAN, not a LAN. i.e. If it's a separate LAN then the connections have to separate switches. This begs the question in the subject ...
I remember when I started learning about networking VLANs confused me. I think I understand them better now…
"LAN" is pretty generic term which usually means "ethernet broadcast domain", which can either be virtual or physical. VLANs are pretty specific (https://en.m.wikipedia.org/wiki/IEEE_802.1Q) and explicit since extra headers are actually added to ethernet frames (VLAN tagging).
A VLAN is a LAN, but an abitrary LAN is not automatically a VLAN. Some switches do automatic VLAN trunking (and other stuff?) though, so that may be what the tech meant by "if the LAN is attached to the same switch as other LANS then it's actually a VLAN, not a LAN."
-
"if the LAN is attached to the same switch as other LANS then it's actually a VLAN, not a LAN."
So is that assertion always correct?
-
"if the LAN is attached to the same switch as other LANS then it's actually a VLAN, not a LAN."
So is that assertion always correct?
As in "a VLAN piggybacks onto a LAN physical pipe" ?
-
On your Nexus 9000 every "LAN" is going to be a VLAN.
What it sounds like you are getting confused by in your case is whether or not there are multiple VLANs on the same switch port (or trunk port). When you do that all VLANs there are in competition for the same 1G or 10G physical capabilities of that port.
Your Nexus will be internally capable of switching many VLANs at very close to wire speed. Look at the overall switching bandwidth of the switch itself.
-
thank you all, not so much confusion as I just didn't know. I've grasped the concept now.
-
It's like
All Bourbons are Whiskeys, but not all Whiskeys are Bourbons ;)
You can have physical network, you can have vlans that are not tagged. But once its tagged then its for sure a vlan. Once you run more than 1 network on a switch to be honest they can all be called vlans. As long as your isolating them. Running multiple layer 3 over the same layer 2 does not make them vlans..
-
You can have physical network, you can have vlans that are not tagged.
Could you please elaborate on this? I realize that internally most smart/managed switches tag all traffic. But if/when it is on the wire as untagged how can it be a vlan? The ingress/egress device will see it as a "native" LAN. Regardless of how it is configured to handle it internally.
Think we may be talking technical semantics here. But strictly technically speaking, can a VLAN not be tagged?
-
You can have physical network, you can have vlans that are not tagged.
Could you please elaborate on this? I realize that internally most smart/managed switches tag all traffic. But if/when it is on the wire as untagged how can it be a vlan? The ingress/egress device will see it as a "native" LAN. Regardless of how it is configured to handle it internally.
Think we may be talking technical semantics here. But strictly technically speaking, can a VLAN not be tagged?
If you have multiple separate subnets on the same logical network segment (or a broadcast domain in other words) you could call those different subnets as VLANs but most people don't do so.
-
@kpa:
If you have multiple separate subnets on the same logical network segment (or a broadcast domain in other words) you could call those different subnets as VLANs but most people don't do so.
Most people don't call those VLANs because they are not VLANs.
-
But if/when it is on the wire as untagged how can it be a vlan?
To the switch its a vlan is not.. For example on my em2 interface which 192.168.2.0/24 the native vlan or untagged as it leaves the port of the switch is 20 to the switch. This keeps it sep from the other vlans on the switch.. Now I do have "vlans" also on this interface which are tagged.. So I do have devices on this native "vlan" of 20 to the switch on other ports that are not tagged as this. Just into pvid of 20.. Now on the uplinks all vlans are tagged.. This allows the other switch to know which traffic is what.
But if you use multiple uplinks from your switch for each vlan to different interfaces in pfsense - you would create vlan IDs in the switch.. lets call them 100, 200 and 300. To pfsense these might just be em1, em2 and em3 of its interfaces with different networks on them 192.168.1, .2 and .3 lets call them.
You might just call these "lan" segments or network segments.. But they are clearly marked in the switch as "vlan" because they are to the switch! You have broken up your switch into multiple virtual layer2 segments.
Keep in mind even the default vlan is 1.. Still a vlan to the switch ;) So while I agree just debating semantics here.. You will hear vlan used to just represent a different network segment, but if your troubleshooting a problem you really need to know is it being tagged and that is where the problem is or is native? etc..
If you have multiple separate subnets on the same logical network segment (or a broadcast domain in other words)
No you could not – The correct technical term for such a thing is BORKED ;)
-
The important thing that I've grasped here is that I needed to understand what a switch is capable of. If I run three different LANs - one for normal user traffic, one for management and one for backup traffic, I don't want the backup traffic to impact the performance of the other LANS. From the conversation above, and what my techie at work said, if the three LANs share a switch, then the backup traffic WILL impact the other two LANs because it's on the same switch, regardless of the fact that they are in disjoint networks i.e 192.168.2 v 192.168.2 v 192.168.3 or whatever. The fact that they're using the same switch makes them VLANs. If they were connected to different switches then they'd be LANS. That's my understanding, anyway.
-
I guess that depends on what the definition of "impact" is.
On any decent switch you should be able to run multi-gigabit traffic on one VLAN without "impacting" the other VLANs on the switch in any measurable capacity.
Again, this depends on how the VLANs are "trunked/tagged" on the physical ports.
-
"what my techie at work said, if the three LANs share a switch, then the backup traffic WILL impact the other two LANs because it's on the same switch"
You might want to find a new techie ;)
Pretty much every switch on the market has a backplane fast enough to move packets even if all of their ports were saturated.. Or really really close to it!!
So for example the switching cap of my sg300-10 is 20gpbs.. It only has 10 ports.. So yeah it should be able to handle all 10 of those interfaces pegged to hilt.. What switches do you have, look up what the specs are.. Your total switching capacity should exceed what your total number of ports is, etc. Now not saying that traffic in 1 vlan might not cause you problems.. If you have something sucking up the cpu of the switch then it could hurt all clients on the switch.. Something sending malformed packets or errors, etc. etc.
What sounds like he is saying is machine 1 is talking to machine 2 using ports 1 and 2 of the switch.. Their traffic will impact or slow down machines 3 and 4 talking to each other on ports 3 and 4.. Which just isn't true at all..
Where you have to be careful is how much traffic you have running on a trunk uplink, or how much intervlan traffic you have. Since vlan A talking to vlan B via a trunk port to router/firewall.. So while the router/firewall might be easy handle say 1 gbps.. Your physical interface with vlans on it now becomes shared bandwidth.. So if computer in vlan A wants to send traffic to computer in vlan B and those are the same physical interface your traffic is taking a hairpin and you will be limited by the physical speed of the interface shared between all the vlans on that trunk.
If this is your case this is when you want multiple uplinks from your switches and spread your vlans across multiple physical interfaces or if possible use an uplink for each vlan so that you don't hairpin traffic.
-
Sounds like that particular techie shouldn't be allowed anywhere near your Cisco Nexus 9000.
-
Just looked up nexus 9508.,.. The system switching capacity is 30Tbps – that is a T not a B.. Tera!!
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/solution-brief-c22-730049.html
Maximum Fabric Bandwidth per Slot 3.84 Tbps
Maximum Fabric Bandwidth per System 30 Tbps -
You might want to find a new techie ;)
Pretty much every switch on the market has a backplane fast enough to move packets even if all of their ports were saturated.. Or really really close to it!!
Ha! That's what I was looking for! :) my B.S. detector went on full alert when he started digging his hole …. but I wouldn't just argue for the sake of it if I had nothing to back it up with. My suspicion is that the switch would be a little cleverer than he was suggesting. Luckily we've got (so I'm told, because they're "too busy" at the moment) a couple of proper network engineers .... he's one of those people who just like to prove he knows more than you, not matter how little more he knows.
-
Thanks for the clarification John. Yeah if using the PVID to direct native (untagged) traffic to a VLAN it could be though of as either a native LAN or VLAN depending on the context. Such as troubleshooting, etc.
