3

Disclaimer: Network rookie, might have wrong assumptions.

Got a basic subnet question that im interested in hearing your thoughts about.

  • Subnet: 192.168.251.0/24

  • Address Range for servers: 192.168.251.1 - 192.168.251.30

  • Address range for clients: 192.168.251.40 - 192.168.251.255

My general assumption is that 200+ clients in the same subnet would cause a lot of broadcasts and that some sort of segmentation should be implemented, like VLANs or splitting the clients into smaller subnets.

My questions are:

  1. Assuming the switches are L3 - what would be the most "efficient" way of doing this?
  2. Is it advisable to have servers and clients in the same subnet ?
  3. Should clients and servers be in separate VLANs ? And if so, is L3 switches capable of routing between these?
Skyhawk
  • 14,200
  • 4
  • 53
  • 95
NmE
  • 170
  • 1
  • 6
  • 1
    Your example subnets are invalid. The server lan would be a /27. The client lan is impossible: It is effectively 2 subnets: 192.168.251.32/27 and 192.168.251.128/26 – Tonny Dec 20 '11 at 12:44
  • @Tonny - those aren't two different subnets, it's a single subnet with part of the range reserved for servers, and part reserved for clients. – mfinni Dec 20 '11 at 18:25

2 Answers2

8
  1. I wouldn't restrict yourself to just that .1-.30 range for servers, it might seem like a lot now but those IPs can run out very quickly indeed, there's also no need whatsoever for them to be in the same class-c as their clients. So give your servers lots of room, say 192.168.1.0/24 and don't start your clients until say 192.168.8.0/24, there's no downside to doing that. That said you should really carve up your subnets either by L3 switch/switch-segment or by building/floor etc. It makes no sense to just have them all in one VLAN - it may seem easier but it'll make management harder further down the line, and don't scrimp on IPs per segment either, there's no hard rule on giving each a /24 - your router won't care.
  2. It's not advised to put your servers in the same subnet as your clients unless you have a really valid reason such as massive client-to-server traffic or have seriously overloaded routers. By putting them in the same subnet you lose some degree of control that you may wish to have later.
  3. This is kind of the same question as above, yes, keep them separate, it's the 'Layer 3' bit of the switch that does the work here, essentially it means the switch can route between subnets, often very quickly indeed and with hardly any latency - but doing this give you a lot of control and support options that you may benefit from further down the line.
Decado
  • 1,949
  • 11
  • 17
Chopper3
  • 101,299
  • 9
  • 108
  • 239
  • 1
    "not advised to put your servers in the same subnet" strongly depends. Most traffic in a corporate LAN is client to server nowadays, and a router not very well setup rather becomes a bottleneck AND a SPOF. and 200+ clients on a subnet wasn't a real issue 10 years ago and it won't be now, you can still read all the broadcasts with a (non-promisc) tcpdump without it becoming a blur - tiny compared to the bandwidth. And ARP work for the clients should also be no issue nowadays. – rackandboneman May 21 '12 at 19:34
2

Generally speaking, your assumption isn't right. A full /24 of, say, modern Windows machines in a 2k+ domain would not generate a lot of broadcast traffic. If your machines are doing something different though, you'd need to provide us more details.

My thoughts on your questions:

  1. No idea what you're asking by "efficient".
  2. Sure, unless you have a reason not to, like PCI or other such security requirements. Most of your "normal" office-type traffic is going to be between clients and servers, so why put a bottleneck between them? I'm assuming a small office with the servers in the same wiring plant and network core as the clients, which sounds like a valid assumption.
  3. Separate VLANs implies separate subnets, you know. Also, same subnet implies same VLAN.

By definition, a L3 switch is (or contains) a router, so yes.

My further thoughts, however, is that you're not leaving yourself much room for growth of clients, and that's a lot of servers for 200 users (unless you're also including print servers like HP JetDirect cards?) But maybe those are valid design constraints; I don't know your business.

mfinni
  • 36,144
  • 4
  • 53
  • 86
  • "Separate VLANs implies separate subnets, you know. Also, same subnet implies same VLAN." One COULD use them with one and intentionally create split horizons with VLAN-enabled clients (not common practice) and bridging differently tagged interfaces there I guess. But usually one SHOULD not do that. – rackandboneman May 21 '12 at 19:35