Should I split my data network into 2 separate VLANs?

Question

I am currently using 10.54.0.0 /19 for all my desktop clients and printers. We have approx 550 clients/printers.

Besides bandwidth, which is barely being utilized, are there any other reason to split up my data network or go to a smaller subnet than the /19 that I am currently using?

...why /19? /16 or /24 would have been quite easier to manage, at absolutely no additional cost. — Massimo, Sep 12 '11 at 17:39
@Alex Berry - a `/24` can't access 550 devices, that is true; but having a few `/24` networks could (one for printers, one for accounting, one for HR, etc) — warren, Sep 13 '11 at 14:54
@warren, this is true, however I thought that would be implied in his question with using different vlans. — Alex Berry, Sep 13 '11 at 15:15

score 11 · Accepted Answer · edited Oct 07 '21 at 06:47

11

Having desktop clients on a /19 gives you an incredibly large broadcast domain. That means DHCP requests, arp queries, mDNS, netbios, IPP printer discovery, etc. packets from a single host is getting replicated 550x. Generally, a /24 is the largest subnet that you'd want to put actual hosts in. Since you're in RFC1918 space, you can use a different /24 (or whatever) for every logical division you can come up.

The real question you should be asking is if you should be using smaller subnets. The answer to which is, "probably". If you choose to implement that with VLANs or not is really orthogonal.

edited Oct 07 '21 at 06:47

Community

1

answered Sep 12 '11 at 17:42

Joshua Hoblitt

675
4
11

5

Why is a /24 the largest subnet that you would want to put actual hosts in? Is there a metric that can be objectively evaluated to substantiate that conclusion, ex if (Broadcast Packets/All other packets)>.25 then you should subnet? – Chris Magnuson Sep 13 '11 at 02:42
1

You can certainly come up with metrics, like what percentage of your bandwidth are you willing to to allow to be used by the mean broadcast load? The larger the subnet, the more hosts can be affected by a single misbehaving hosts Imagine a fortune 500 company brought to it's knees because all of it's hosts are in a /8 and one of them does a broadcast flood... Also, you have to consider that not all networks are a bunch of PCs connected to a cheap gigE switch. It's fairly common for businesses to have multiple offices connected by MOE or WAN links. 1mbit/s may not be much on a lan but... – Joshua Hoblitt Sep 13 '11 at 04:36
To me, /24's make more sense for wireless. You can do get a _lot_ bigger on switched networks without much trouble. Definitely makes sense for separate ends of a MOE/WAN links to be on different subnets, though. – Joel Coel Sep 13 '11 at 15:29
I agree that 550 hosts isn't completely unreasonable in a single subnet but a /19 worth (8K IPs) in most scenarios would be. He specifically noted that he had desktops in his single subnet. – Joshua Hoblitt Sep 14 '11 at 03:20

Mircea Vutcovici · Answer 2 · 2011-09-13T13:17:57.657

Because your network is underutilized and you have only a few hosts, the only reason to split the /19 into smaller prefixes would be security. This means that you will use VLANs and a router to allow/filter the communication between VLANs.

Evaluate how much time will take to change the IPs and the applications that are using those IPs and see if it does worth to switch to other prefixes. With less resources you can find and eliminate unneeded broadcast generators, if they are affecting your network traffic.

If you add more hosts you can reach some limitations like the max number of MACs in the MAC address table of the switches, or the number of ARP entries in the ARP table on the router. If you reach this limit you will notice either high delays or strange behaviors (hosts that can not talk to each other, excessive broadcasts).

If you split your network in smaller prefixes, but you do not use VLANs, you will not reduce the broadcast traffic and you will not make your network more secure. Even if you split your network in VLANs, but you transport the VLANs on all switches (e.g. you are not using VLAN pruning) the broadcast traffic will affect all switches.

Some equipments, like Cisco switches, can limit the broadcast too (by rate or by type).

Network planning: Before doing any change create use cases with problems that you might encounter on your network and plan based on those assumptions.

+1 for info on what happens when MAC table or ARP table fills up — dunxd, Sep 13 '11 at 14:08

score 3 · Answer 3 · answered Sep 13 '11 at 13:59

3

550 hosts is not totally out of the question for a single subnet. You basically need to evaluate your own requirements. If broadcast packets are impacting (or are forecasted to impact) performance of your network in a way that impedes the function of your business, then you need to separate your hosts out into different subnets on different VLANs. If it's not impacting the business, then there is no need to do it.

It sounds like bandwidth isn't a concern, so there may be no business justifiable reason to invest in your infrastructure this way. Other reasons would typically revolve around security separations but only you would be able to tell us if your business has security needs that aren't being met with the current infrastructure.

answered Sep 13 '11 at 13:59

Jason Berg

19,084
6
40
55

Any recommendation on what # of hosts would be out of the question and possibly some metric that can be evaluated that would indicate when you should subnet specifically to isolate broadcast domains? – Chris Magnuson Sep 16 '11 at 21:53
@obligatory - That's a tough question to answer. Each environment is a little different. I can say that 550 hosts is not much to worry about in most environments. If there's excess broadcasts because of some LOB app though, that can totally change the situation. Basically, it all depends. – Jason Berg Sep 16 '11 at 22:59

Should I split my data network into 2 separate VLANs?

3 Answers3