Options
community pvlan
Hi Guys, i always wondering why would an enterprise run community private vlans.
host in the same community private vlans can talk to other host in the same community vlan and to the promiscious port, so why wouldnt you just create a new regular vlan, and not enable it for routing. Wouldn't it do the same thing.
The only reason i would see running a community pvlan is if it was a patch, and the addressing has already been configured, and people in the same subnet needs to be seperated as a temp fix
host in the same community private vlans can talk to other host in the same community vlan and to the promiscious port, so why wouldnt you just create a new regular vlan, and not enable it for routing. Wouldn't it do the same thing.
The only reason i would see running a community pvlan is if it was a patch, and the addressing has already been configured, and people in the same subnet needs to be seperated as a temp fix
NHSCA National All-American Wrestler 135lb
Comments
-
Options
mgeorge
Member Posts: 774 ■■■□□□□□□□
Well I can give you a simple example deployment;
Think of a server farm where you have hundreds servers and you do not want these servers to communicate directly with each other (for whatever security policy reasons) but you do want them to have access to the same default gateway.
Lets say there is a customer who purchases 2 dedicated servers and wants to cluster them or load balance web traffic across two or more servers then we can put 2 or more servers in a private community vlan which will give them access to each other as well as the default gateway and prevent them directly accessing other webservers in other isolated and/or community vlans.
But the big advantage of private vlans come from preventing wasted precious IPv4 addresses allocated to them by the powers that be.
If the company dedicates a /30 IP block to every dedicated server/gateway then they would have 64 subnets from a /24 subnet; or 64 dedicated servers but if you stand back and look at the big picture, multiply 64 by 2 (which will give you how many subnet & broadcast IP's are used for all the subnets) this shows that we are using up 128 IP addresses for subnet and broadcast IP's which is a major waste.
Also keep in mind the default gateways per subnet. They would be using 64 IP addresses just for this alone. By looking at the math (64+128 = 192); Ultimately by using dedicated /30 for webservers they would be using 192 IP addresses on devices OTHER than webservers.
Compared to a /24 (-3 IP's; Subnet, Broadcast and Default Gateway IP addresses) you would have 251 usable IP addresses for servers or other network devices, by gaining all those IP addresses back they could sell them for $$$ to customers for capital return investment.There is no place like 127.0.0.1 -
Options
lildeezul
Member Posts: 404
Aww ok, so the community pvlan saves address space, becuase you can use the same subnet across the primary vlan and that comunity vlan, but still have that community pvlan seperate from the rest of the network.
instead of making a new vlan, which means new subnetwork, we can implementate a community pvlan within the same subnet to achieve privacy and saved ip address.
correct ?NHSCA National All-American Wrestler 135lb