Ok, we currently have a flat network. The IP range is from xxx.xxx.24.x to xxx.xxx.31.x. Everything is working fine but we seem to think that when all the machines (about 400) are used the network traffic is too high even though the speeds of the network seems ok.
We currently have 2x 7mb load balanced lines into school and even when the majority of the machines are on but not in use we seem to see the internet connection lose about 4mb and looking at the graphs there is hardly any traffic been used on the net. After plenty of speed tests we have seen the ping is about 58ms (this gives about 14mb) when the machines are not in use but turned on. When a few of the machines are in use (im talking about 30), we have seen the ping rise to about 156ms and like i said, the machines aren't using the internet connection but when the lessons are in full swing the ping can rise to about 200ms again, only about 4mb is going out to the net but during a speed test we only get about 2mb.
Would VLANing the network sort this out or is the problem related somewhere else on the network?
Also, when is the best time to create VLANs. Obviously someone with about 30 machines isn't going to vlan a network
At the moment, we dont give out our default gateway on our dhcp server, so if anyone does plug something into the network, yes they get an IP address but they cannot get out to the internet so they either have to add the machine to the network or use proxy authentication which i am happy about but after a lot of playing with VLANs i have found that our current setup will not work in a VLAN environment as you have to provide the clients with the gateway address to talk to the rest of the network and hence if someone plugs something in to the network they can get past the proxy. Is there a way round this so either they have to authenticate against the proxy or add the machine to the domain?
Last edited by timbo343; 31st March 2011 at 11:08 PM.
If you break your LAN up into VLANs you will need to route between them so everything can see each other.
This would normally be handled by a Layer3 device (normally a switch) at your core.
This becomes the default gateway on all segments.
The route to your Internet gateway device need still only be known to those devices that need it.
Your problem stems from the fact that your Internet gateway exists on the same broadcast domain as all of your nodes.
A broadcast packet is sent to all ports in the collision domain, when one is sent all traffic has to stop and look at it so your servers and ISP routers LAN port all stop what they were doing to check out the broadcast...
With 400 nodes in the broadcast domain the potential for unwanted broadcast traffic is huge.
The amount of time your Internet Routers LAN port is inaccessible because it is checking out the broadcast packets contents will be proportional.
If 30% of all packets were Broadcasts your external connection would effectively be unavailable for 30% of the time not because you are using the bandwidth but because you just can't reach it to send it!
Your traffic graph will show nothing because nothing can talk until the broadcast has ended.
By adding vlans, broadcasts do not extend across subnets so a broadcast on your wifi network say 10.0.30.xx would not interfere with the router on the primary or data LAN allowing more packets to escape from other segments.
So the answer is yes, VLanning can and will if done correctly improve your Internet connection speeds.
Ideally have your Internet gateway, Proxy and DNS servers all connected to the same core switch...
We seemed to have sorted something out for now while websense is running...
We have altered the routers config so that anything that is not going through the ISA server is blocked so that only people who use the proxy server can get out to the net. This was really the only way round it.... for now.