2

DETAILS

I've been researching web hosting solutions in Japan. Based on this question one of the services available seems to be a VLAN. I've read about the advantages of such a system for a large organization, but there doesn't seem to be much information regarding smaller setups. I take that to mean that for one server it is likely to be unnecessary? My concern is that I don't know how many other servers are on the WAN, so regardless of how many servers I use a VLAN might still be a good idea.

SERVER INFO

One dedicated server would be used. It would not be virtualized.

My Research so far

Based on comments here, a VLAN would be useful for mitigating these problems.

  • A user on another server could, either mistakenly or maliciously,
    assign one of your IP addresses to their server, resulting in a
    "duplicate IP" situation that would cause connectivity issues.

  • A user on another server could poison the arp cache and potentially redirect traffic to snoop on communication intended to/from your server. (later in the discussion this point was said to be unrealistic.)

QUESTION

Is it worthwhile getting a vlan for one dedicated server? Will it be easier/the same/ harder to manage?

Community
  • 1
TryHarder
  • 286
  • 1
  • 4
  • 14
  • Incidentally, while I provided an answer to the question as asked, I'm not entirely sure the service being offered is a VLAN. I don't know about hosting in Japan, but over here, if a host/datacenter/colocation facility didn't include a private VLAN for every customer, I wouldn't do business with them, so I'm having trouble imagining a hosting company that doesn't do this by default. – HopelessN00b Nov 10 '12 at 03:12
  • This is the service they offer here. http://server.sakura.ad.jp/dedicated/gn.html – TryHarder Nov 10 '12 at 03:20
  • OK, that's definitely pricing for VLANs, yes. If you're only putting one server on it, get the `/28`. Whether it's worth the extra cost or not is a decision you'd have to make, though, as I said, I wouldn't consider hosting a server somewhere if I didn't get a private VLAN for it. – HopelessN00b Nov 10 '12 at 03:45

2 Answers2

7

From a web hosting provider perspective there are usually a few classes of service offered:

  1. Shared Hosting
    You and a bunch of other people on the same server, with no real isolation.
    You're all on the same network (usually a separate vLAN from the provider's other customers).

  2. Virtual Private Server
    Similar to (1) above, except there's isolation between you and the other customers on the machine. From your standpoint it looks like you've got your own server, though usually with strict resource limits.
    As with (1) you're usually dumped into a "hosting" vLAN with all the other Virtual Private Server users.

  3. Dedicated (or virtual) server in a community network
    Back before CIDR this is how small-time customers got hosting: Your ISP would give you an IP range (say 10.0.0.50 -- 10.0.0.56) in a larger network (10.0.0.0/24) where all their other small-time customers were, and you'd all share one router (10.0.0.1).
    It's very unlikely anyone will offer this to you these days -- it's largely outmoded for the reasons your research turned up.

  4. Dedicated (or virtual) server in a vLAN
    With the advent of CIDR every customer is basically given their own subnet these days (and your own virtual router). This mitigates the problems you point out in your question, and is easier for the ISP/hosting company to manage.

From your standpoint as a user there's not much management difference -- you're going to be configuring your server's network settings based on the instructions your ISP gives you.
It will be pretty obvious which of the 4 possibilities I've outlined above you've been thrown into, but the work you do as the end user is essentially the same for each of them.

The security and (ISP-level) administrative benefits generally mean that if you're colocating a physical box with someone you're going to get a vLAN of your own (option 4), even if the ISP/Datacenter isn't explicitly saying so.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
6

No, this is fine, and even fairly common when you have a colocation or remote site with a single server. For that matter, we have a single VLAN for our backups, which is presently populated by a single server.

If you were thinking about segmenting off a VLAN on your internal network for one server, it would probably be overkill (but might not be, depending on the service that server provides, and the rationale for create its own VLAN), but in this situation, I would definitely make sure you get your server on its own VLAN at your hosting site. It will basically serve to keep your server's traffic isolated and separate from the rest of the traffic on the network. This seems like an odd service to provide to me; around here it's almost a given that each customer in a datacenter, hosting or colocation facility will get [at least a private VLAN.

Since you seem new to the concept of VLANs, you should probably think of it like your server having its own private room on the network-layer level, instead of having to share a room with all the other customer's servers. (And maybe do a little reading on what a VLAN is).

And, assuming you're not changing anything on the VLAN, it wouldn't add any management overhead either, so no need to worry about that. Having different VLANs actually serves to make network management easier in a complex and larger network setup.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209