Time to gut the network - thoughts?
-
I'm not sure why people use VLANS thinking it's QOS heck most of the time VoIP doesn't need QoS on the LAN until you get big anyhow..
We use VLANs for security and logical separation but if you have no ACLs then there's no security.
We use VLANs for the phones most for sanity.. We don't want to see 23,000 phone in our dang DHCP server nor pay for windows device cals for non-domain users with phones. DHCP is handled by routers for phones. Secondly, Phones are setup by a TFTP server which is handed out by DHCP. Doing this on the main network will mess with PXE boot for clients.
-
@Jason said in Time to gut the network - thoughts?:
We use VLANs for security and logical separation but if you have no ACLs then there's no security.
We use VLANs for the phones most for sanity.. We don't want to see 23,000 phone in our dang DHCP server nor pay for windows device cals for non-domain users with phones. DHCP is handled by routers for phones. Secondly, Phones are setup by a TFTP server which is handed out by DHCP. Doing this on the main network will mess with PXE boot for clients.
Yeah, if you are using it for management domains or whatever, totally different. Still need some amount of scale to make that makes sense, but not a crazy scale by any stretch. Even at 30 phones you might justify it, if it's because of management. But even then, you'd probably add ACLs, just for the extra security since it is so easy.
-
@Jason said in Time to gut the network - thoughts?:
I'm not sure why people use VLANS thinking it's QOS heck most of the time VoIP doesn't need QoS on the LAN until you get big anyhow..
This is definitely one that I can't figure out. Where the idea that QoS is needed on the LAN, needed for a normal SMB or is achieved with VLANs I can't figure out. I've never found a logical source of where this would come from.
-
@Jason said in Time to gut the network - thoughts?:
I'm not sure why people use VLANS thinking it's QOS heck most of the time VoIP doesn't need QoS on the LAN until you get big anyhow..
We use VLANs for security and logical separation but if you have no ACLs then there's no security.
We use VLANs for the phones most for sanity.. We don't want to see 23,000 phone in our dang DHCP server nor pay for windows device cals for non-domain users with phones. DHCP is handled by routers for phones. Secondly, Phones are setup by a TFTP server which is handed out by DHCP. Doing this on the main network will mess with PXE boot for clients.
Ha ya I don't know how you gain performance in going from a LAN to a ....LAN.
-
@scottalanmiller said in Time to gut the network - thoughts?:
@Dashrender said in Time to gut the network - thoughts?:
4 Edgeswitch ES-48-500w
....
Suggestions of changes? other questions, things I should consider?So these are all PoE? Is that necessary?
For all but the switch in the server cabinet, yes because I don't want to deal with power bricks at the phone side.
-
@scottalanmiller said in Time to gut the network - thoughts?:
Have you considered a stacked switch environment instead? I love UBNT EdgeSwitches, but I don't think that they stack as well as some alternatives, even Netgear Prosafe. Moving to a single switch stack is the standard answer for a multi-switch environment.
Three of the switches are in one building, two are in the other. Do the stacked switches work over ethernet connections? And what's the cost difference for those over the EdgeSwitch. Not to mention that I already have one HP and one Edgeswitch ( I didn't mention the other EdgeSwitch earilier because I was just planning on getting more of them, so really, I'm only buying 3, not 4). If I don't use them, I have $1500+ just sitting around - yeah sunk cost and all, but my currently approved budget (pending my confirmation from posting here) does not account for having to buy five switches. Adding two additional switches would probably increase the cost 25%+. Does it give me a bit more work, sure, do I think it will cost me more in time managing it than the cost of additional gear? no.
-
@Dashrender said in Time to gut the network - thoughts?:
Three of the switches are in one building, two are in the other. Do the stacked switches work over ethernet connections?
No, not really. It wouldn't be a functional stack if it did. You'd have a terrible backplane problem.
-
@scottalanmiller said in Time to gut the network - thoughts?:
If possible, I'd flatten the network
and stack the switchesas the first step. Simplicity is its own reward. Less to manage, better performance.Yes I'd like to do that.
current VLAN setup
VLAN 1 192.168.1.x/24 servers/PCs/printers VLAN 2 192.168.150.x/24 Phones (the phones are programmed to be on this VLAN VLAN 105 192.168.105.x/24 wireless VLAN 17 10.10.10.x/28 imaging Remote site 192.168.5.x/24 remote location (no VLAN tags)From this information, I believe that I can expand the VLAN1 (default VLAN) to 192.168.0.x/22 without affecting any of the other VLANs and move the laptops and phones into the expanded network at my own pace, but I would have to have the VLANs active while doing so.
Comments, concerns?
-
@Dashrender said in Time to gut the network - thoughts?:
VLAN 17 10.10.10.x/28 imagingThere is currently a plan being made to make VLAN 17 be completely independent, i.e. share no hardware with the rest of the network. This will require a ER with fiber GBIC/SFP in building 1 connected to a private MAN connection (copper based) to another client, and internally connected to the private fiber to building 2. In building two I'll have the smallest EdgeSwitch with an SFP port to plug in fiber. The devices for this network would be be plugged into this switch.
Should I use VLAN instead to deliver this of splitting it to it's own hardware? ensuring that NO traffic passes between this imaging network and my production network is critical. If the EdgeSwitch supports ACLs (which I read it does) then I should be able to do it completely with VLANs without risking my network.Thoughts?
-
@scottalanmiller said in Time to gut the network - thoughts?:
@Dashrender said in Time to gut the network - thoughts?:
Three of the switches are in one building, two are in the other. Do the stacked switches work over ethernet connections?
No, not really. It wouldn't be a functional stack if it did. You'd have a terrible backplane problem.
LOL, yeah if backplaning is a requirement of the stack, than yeah.. that would be bad! Though I'm pretty sure I read that HP switches in the past could be centrally managed through a master switch, but the backplanes would be all internal to each switch.
in any case, having them split mostly makes the need/desire for stacking not really desired/cared about.
-
@Dashrender said in Time to gut the network - thoughts?:
@scottalanmiller said in Time to gut the network - thoughts?:
If possible, I'd flatten the network
and stack the switchesas the first step. Simplicity is its own reward. Less to manage, better performance.Yes I'd like to do that.
current VLAN setup
VLAN 1 192.168.1.x/24 servers/PCs/printers VLAN 2 192.168.150.x/24 Phones (the phones are programmed to be on this VLAN VLAN 105 192.168.105.x/24 wireless VLAN 17 10.10.10.x/28 imaging Remote site 192.168.5.x/24 remote location (no VLAN tags)From this information, I believe that I can expand the VLAN1 (default VLAN) to 192.168.0.x/22 without affecting any of the other VLANs and move the laptops and phones into the expanded network at my own pace, but I would have to have the VLANs active while doing so.
Comments, concerns?
This is how I would handle a migration to a flat network.
-
Speaking about a flat switched network - OK so my phone vendor is adamant I need QoS to ensure I don't have phone quality issues. What respectable publications can I point to that say this isn't a typical concern anymore?
Looking at you mostly @scottalanmiller
-
@Dashrender said in Time to gut the network - thoughts?:
Speaking about a flat switched network - OK so my phone vendor is adamant I need QoS to ensure I don't have phone quality issues. What respectable publications can I point to that say this isn't a typical concern anymore?
Looking at you mostly @scottalanmiller
I would say every source would insist you have QoS enabled.
Not the other way around...
-
@DustinB3403 said in Time to gut the network - thoughts?:
@Dashrender said in Time to gut the network - thoughts?:
Speaking about a flat switched network - OK so my phone vendor is adamant I need QoS to ensure I don't have phone quality issues. What respectable publications can I point to that say this isn't a typical concern anymore?
Looking at you mostly @scottalanmiller
I would say every source would insist you have QoS enabled.
Not the other way around...
OK that's fine to - guides/recommendations for that setup? Focusing specifically on the switches.
-
@Dashrender said in Time to gut the network - thoughts?:
Speaking about a flat switched network - OK so my phone vendor is adamant I need QoS to ensure I don't have phone quality issues. What respectable publications can I point to that say this isn't a typical concern anymore?
Looking at you mostly @scottalanmiller
You vendor is 100% correct in that statement as you just typed it. You are required to use QoS on all switches and routers in your control to ensure quality.
The point you glossed here is that you need said QoS on the traffic not an entire VLAN. Every reputable SIP device uses DSCP tagging. So what you would do is set QoS on DSCP 46 (RTP the voice) and 26 (SIP the signaling) traffic.
Those examples are what my Yealink phones use by default to communicate to the FreePBX server and is the traffic going out my WAN.
You generally will never see QoS applied on your switch unless a port is saturated.
You will see the QoS applied all the time on your routers assuming you are decently normal. It gets hit in spikes most of the time, not consistently.
-
I guess I didn't quote it well enough, let me try to recreate the conversation.
ME: I want to make my whole network flat and put the phones on the same network as everything else.
Vendor: we don't advise this, you should put the phones on a VLAN so you can have QoS for calls, otherwise we have no assurances of voice quality. -
@Dashrender said in Time to gut the network - thoughts?:
I guess I didn't quote it well enough, let me try to recreate the conversation.
ME: I want to make my whole network flat and put the phones on the same network as everything else.
Vendor: we don't advise this, you should put the phones on a VLAN so you can have QoS for calls, otherwise we have no assurances of voice quality.That's nothing at all like you said in the last statement. QoS is good, VLANs don't do what they are claiming and, as you showed, the vendor implemented incorrectly and left you without any actual QoS.
-
@Dashrender said in Time to gut the network - thoughts?:
Speaking about a flat switched network - OK so my phone vendor is adamant I need QoS to ensure I don't have phone quality issues. What respectable publications can I point to that say this isn't a typical concern anymore?
Looking at you mostly @scottalanmiller
So the questions are...
-
Why do you need to ensure it? THis is a scare tactic. Start here. Say "ensure it"? Why do I need to ensure something that we've never needed to ensure before? What's the ACTUAL risk that you are trying to protect me against... because it's never come up and we have no reason to believe it could be a problem so why are we worried about "ensuring" anything?
-
If we need QoS, why haven't we had it all this time but had screwed up VLANs instead without QoS working? ANd if it is so important, how has it worked so long perfectly without it?
-
-
@JaredBusch said in Time to gut the network - thoughts?:
Every reputable SIP device uses DSCP tagging. So what you would do is set QoS on DSCP 46 (RTP the voice) and 26 (SIP the signaling) traffic.
Most shady ones too.
-
@scottalanmiller said in Time to gut the network - thoughts?:
@Dashrender said in Time to gut the network - thoughts?:
Speaking about a flat switched network - OK so my phone vendor is adamant I need QoS to ensure I don't have phone quality issues. What respectable publications can I point to that say this isn't a typical concern anymore?
Looking at you mostly @scottalanmiller
So the questions are...
-
Why do you need to ensure it? THis is a scare tactic. Start here. Say "ensure it"? Why do I need to ensure something that we've never needed to ensure before? What's the ACTUAL risk that you are trying to protect me against... because it's never come up and we have no reason to believe it could be a problem so why are we worried about "ensuring" anything?
-
If we need QoS, why haven't we had it all this time but had screwed up VLANs instead without QoS working? ANd if it is so important, how has it worked so long perfectly without it?
Well, as you said, this statement is/was wrong.
So I'm starting over by asking my vendor to reply to the following:I’m looking to redesign my network to get rid of the VLANs and make everything flat. In our previous discussions you cautioned against not putting the phones in their own VLAN – do I recall that correctly? Assuming I recall this correctly, what’s the reasoning behind that?
I'll let you know their response.
-
