@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

What if that range hypothetically got filled up? Would that be too much traffic?

Networks (subnets in the 1990s terminology) aren't affected by traffic. That's not a thing. If you had "too much traffic" you'd be impacted with VLANs before you were impacted without them because VLANs add extra overhead and bottlenecks. You never segment switched networks due to traffic load, that was a bus-based networking problem when all traffic traveled on a single bus for the entire network. If the bus filled up, the network would slow down.

The thing you are worried about here is saturating your switch backplane, if you do that, VLANs will hurt, not help. And you need bigger, faster switches. It's not related to your address schema.

Ok, I hear you Scott. You make sense and I'm on-board with this thinking. I think I would be up for increasing our IP range at my company to facilitate more addresses.

On another related subject: my company is in the process of finding another phone system (I actually talked with you on the phone about this, remember?). My CIO wants to go with a Cisco VoIP system and we are going through a IT business management/consultant company for this, as they are re-sellers and are going to do the install for/with us. They've mentioned setting up a VLAN for the phone system and setting up a voice router for it. Also, my CIO is adamant about keeping the voice traffic segregated for "security reasons" as it will satisfy an item on one of our various IT audits (we are a financial institution that has a lot of audits).

How can I convince my boss and Cisco that we can keep the the phones and the computers/servers on the same network and VLAN? I may end up just having to follow orders and let my company "waste" a lot of money on this stuff, but I would be willing to make the case for a smarter setup.

@jaredbusch said in VLAN confusion:

Expanding your subnet is simple.

You change your router first.
Then you change your DHCP scope to hand out the /22
But you also add a block in the DHCP assignment to not give out addresses in the new section.
Then you change your few static devices (if you do not have only a few static systems, you have other issues).
Once your static devices are changed, you remove the block in your DHCP assignment.
Process complete.

Well I have about 35 or so servers and appliances that have static addresses. It will be a bit of a pain to manually go through an update all the network settings, but I'd do it. Good thing is that I just changed all of our workstations back to DHCP as the previous sysadmin had put EVERYTHING on static as a band-aid fix for DHCP issues he couldn't solve.

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Well, actually, here's one thing I just thought of. We currently have a /23 network where I work, and our current phone system exists on the same network as our computers and servers. We have a lot of addresses taken up by phones right now, so it would be nice to have the phones on their own separate subnet, ......

No, it would not. You identified the mistake, but made a bad leap in how to fix it. Let's read that again...

1. We have a /23 network.
2. The /23 is too small for our needs.
3. We should....

Logically the answer is "make a network of the right size for our needs." But instead, you jumped to subnetting.

Yes, I have considered widening our network, but then I would have to make so many changes to devices and I wanted to avoid that. Plus, wouldn't making a /22 subnet be over-kill? This is where I don't have real-world knowledge and experience yet. Is it ok to have a company LAN with a huge address range? What if that range hypothetically got filled up? Would that be too much traffic? 1020 computers, servers, printers, and other devices all on the same subnet not a possible congestion issue?

@coliver said in VLAN confusion:

@dashrender said in VLAN confusion:

As for your Lab network, you have choices, you can create a completely separate VLAN that only has access to itself and the internet via the sonicwall, or you can enable ACLs that allow the two networks to talk to each other and the Sonicwall will route information between the two.

He could setup an ACL that only allows the Lab VLAN to contact the internet, and his workstation. What kind of lab is this going to be though? You could easily do this virtually on a desktop with Hyper-v or KVM.

I have a couple extra servers that I want to set up a Hyper-V lab environment with. That server's in the server room and so I wanted to just have it sitting on it's own VLAN with access to the internet and my workstation only. I could use my local workstation, but what's the fun in that when I have big fat juicy servers I can use?

@dashrender said in VLAN confusion:

@scottalanmiller said in VLAN confusion:

@dave247 said in VLAN confusion:

Like in a case where I have a VoIP set up, with phones on one VLAN and computers on another. The computers and VoIP systems should normally never need to communicate with each other (I assume) unless there is like some VoIP related application installed on a user's workstation. In that case, I assume that at some point, data is crossing over between the two networks, through the two VLAN's.

That would make VLANing crazy in that instance. If you want the networks to be able to talk, what's the purpose of the VLAN? Phones, specifically, are a really bad place to normally have VLANs.

The idea of VLANing phones comes from a misunderstanding of tech at worst and old days of hubs at best. As long as a switch port isn't at 100% utilization, the QoS rules don't apply - the switch will just keeping everything moving. If you have 100% utilization, you probably have other issues you need to resolve before you worry about QoS for phone calls, but phones would definitely feel this pinch faster than other things.

Well, actually, here's one thing I just thought of. We currently have a /23 network where I work, and our current phone system exists on the same network as our computers and servers. We have a lot of addresses taken up by phones right now, so it would be nice to have the phones on their own separate subnet, and my current understanding is that I would want a separate VLAN to use with that separate subnet. Also, in freeing up IP addresses on our company LAN, I've given myself more IP space for my fail over DHCP server should I ever need it.

@jaredbusch said in VLAN confusion:

Your router will should be the only point that connects traffic from one VLAN to another.

At a very basic level:

You will want to have rules in your router's firewall that allows new/established/related connections from the company LAN to the Lab LAN. But from the Lab LAN to the company LAN it should only allow established.

This will allow you to connect in and have the Lab thing respond but the Lab thing cannot initiate a connection to the company LAN.

OOOOH yeah.. ok that seems obvious now. I can just allow myself access to that network through my Sonicwall via the firewall rules..

@dashrender said in VLAN confusion:

VLANs in most cases aren't needed unless you have a security reason to do so, and must share hardware over these networks, i.e. one set of APs but two wifi networks - corporate and guest.
Switches perform their job which can easily allow thousands of devices to be on a single flat IP network without the need to break them down into smaller and smaller segments. So if you don't have a security related reason to keep them separate, then your life will be much simpler if you just have a /23 or /22 network instead of the typical /24 (limited to 256 devices).

Onto your current setup:
From the sounds of it, your Sonicwall is doing the routing between your VLANs at this point, assuming cross VLAN traffic is happening.

You mentioned that you made a VLAN for wifi - then you talk about a guest and corporate wifi - Does this mean your corporate wifi is on the default VLAN and the guest is exclusively on the new VLAN? What provides DHCP to the guest network? What provides DNS to the guest network?

As for your Lab network, you have choices, you can create a completely separate VLAN that only has access to itself and the internet via the sonicwall, or you can enable ACLs that allow the two networks to talk to each other and the Sonicwall will route information between the two.

Ah, I'm an idiot. My brain sucks at recalling information.

So I set up two VLAN's: one for corporate wifi and one for guest wifi. Then Sonciwall handles the routing and DHCP for each network, plus the firewall functionality. DNS to corp is our DC and I just used google's DNS for the guest wifi. Guest wifi doesn't touch our internal systems at all.

Hi guys. I'm hoping someone can help me more fully understand VLAN use and implementation in it's entirety.

Let me start off by saying that I am currently a (green) sysadmin with about two years experience, not so much on the networking aspect yet. I do however understand most networking basics like the OSI model, routing and switching, subnetting and so forth, though I'm a bit rusty.

I have actually already configured one VLAN for my company's wifi. I set up all our switches with a number of access ports for each wifi AP to be connected and then added trunk ports for that VLAN so that all our AP's can reach back to our Sonicwall appliance where they are managed. Then I used the Sonicwall firewall settings to create separate corporate and guest wifi. This all makes sense to me, but it's Sonicwall, so it's not really the "traditional" way VLANs would be set up and managed, etc.

I guess my confusion with VLANs is when it comes while trying to visualize how two different networks on two different VLANs need to communicate. I mean, I get that a VLAN is logically the same as having two separate switches and if there are devices on two different networks trying to communicate, then routing is necessary. And yes, I've heard of "router on a stick".

Like in a case where I have a VoIP set up, with phones on one VLAN and computers on another. The computers and VoIP systems should normally never need to communicate with each other (I assume) unless there is like some VoIP related application installed on a user's workstation. In that case, I assume that at some point, data is crossing over between the two networks, through the two VLAN's.

Also, my main reason for asking this: I am trying to set up a LAB network that will reside on it's own VLAN, completely separate from my company's production systems. But if it's 100% segregated, then I'm not going to be able to access it from my work pc, so I'll have to set up a separate computer that is connected to the lab VLAN. That is, unless I implement some kind of ACL..

Anyway, if someone could give me a bit of clarity or direction on this, I would appreciate it.

Just checked in and I'm dying laughing!

@kooler said in Can I get some direction on setting up Hyper-V server with a storage cluster?:

@dave247 said in Can I get some direction on setting up Hyper-V server with a storage cluster?:

I have a few servers that are now available for whatever I want, since I've virtualized them to our vSphere 6.5 environment. We currently have a single SAN unit for our vm datastore which connects to two switches and then to three virtual hosts (SAM's Inverted Pyramid of Doom thing).

Anyway, I am trying to experiment with a different design as well as set up a new test environment. I want to install Hyper-V 2016 Server on my most powerful spare server, then I want to use my other two servers as mirrored or a distributed storage cluster.

I am not 100% on what is best practice on how exactly to set this up, so I'm hoping for some input. I mean, I'm a sysadmin at my job, so I understand how to install and configure stuff.. but I've not set up a completely new environment from scratch before.

Any advice is much appreciated!

SAM has a point (thanks for reference!)

Dave ping me anton AT starwind DOT com and I'll get you in touch with engineers who could help. You're welcomed to proceed with either commercial or a free version (no time bombs, no capacity or feature limits there).

https://www.starwindsoftware.com/starwind-virtual-san

https://www.starwindsoftware.com/starwind-virtual-san-free

Good luck

Sure, I may do that if I need help. I really only plan to use this as a lab + backup testing environment at work, so I would use the free version.. not sure what the difference is though.

@scottalanmiller said in Can I get some direction on setting up Hyper-V server with a storage cluster?:

I'm late, but yes, @StarWind_Software is the way to go here. It's free and native to Hyper-V and does exactly what you are looking to do.

Hi Scott. Yes, thanks. I am going to work on setting up vSAN. Looks like it will be a fun learning experience for me.

@romo said in Can I get some direction on setting up Hyper-V server with a storage cluster?:

Just as @Tim_G suggested, your best bet would be a Starwind HyperConverged vSan setup.

https://www.starwindsoftware.com/technical_papers/StarWind-Virtual-SAN-Hyper-Converged-3-nodes-scenario-with-Hyper-V-Cluster.pdf

Yeah I like that.. it looks really slick.. I'm gonna try that

@emad-r said in Can I get some direction on setting up Hyper-V server with a storage cluster?:

@dave247

wait till you hear the recommendation to create distributed storage on a VM level, that will get you confused.

Please elaborate?

@tim_g

@tim_g said in Can I get some direction on setting up Hyper-V server with a storage cluster?:

The best free way to do it with Windows is Starwind vSAN. If you want to keep your computer and storage separate, you can run it on your two other servers for storage... but I wouldn't keep them separate. You could have all 3 servers as compute+storage, and limit the VMs to run only on the powerful server. And if that server goes down, you still have the option to run them on one of the other two.

ok, thanks for that too. I was thinking of doing it this way because my other two servers (that would be used for storage) are not very powerful systems. They are Poweredge R420's with one socket and like 8 GB of RAM.

@black3dynamite said in Can I get some direction on setting up Hyper-V server with a storage cluster?:

Here are few guides that can help you get started.
https://www.altaro.com/hyper-v/failover-cluster-manager/
https://www.tech-coffee.net/2-node-hyperconverged-cluster-with-windows-server-2016/
https://technet.microsoft.com/en-us/library/jj863389(v=ws.11).aspx

Awesome, thanks!

I have a few servers that are now available for whatever I want, since I've virtualized them to our vSphere 6.5 environment. We currently have a single SAN unit for our vm datastore which connects to two switches and then to three virtual hosts (SAM's Inverted Pyramid of Doom thing).

Anyway, I am trying to experiment with a different design as well as set up a new test environment. I want to install Hyper-V 2016 Server on my most powerful spare server, then I want to use my other two servers as mirrored or a distributed storage cluster.

I am not 100% on what is best practice on how exactly to set this up, so I'm hoping for some input. I mean, I'm a sysadmin at my job, so I understand how to install and configure stuff.. but I've not set up a completely new environment from scratch before.

Any advice is much appreciated!

@dashrender said in Questions about licensing issues after converting physical SQL server to virtual:

No he's talking about SQL in a VM - what makes you (the OP) worry about this? Why worry about SQL, but not whatever is running on your other three VM hosts?

I'm actually talking about the converted system. Converting physical to virtual presents potential issues. I think I'll restore to a test environment first..

@dashrender said in Questions about licensing issues after converting physical SQL server to virtual:

In today's world, you don't skip virtualization, unless you have a specific reason to skip it. So, if you are replacing the drives anyway - when you reinstall, start by installing a hypervisor - Hyper-V or KVM are both 100% free. You're running ESXi already, so if you have an open license for a third host (assuming you have an essentials package, you could use that license on this host). Then install your single VM on this rebuilt server.

Yeah, we have the essentials package and we already have three hosts. Like I said, I would love to just make this a virtual machine, but I want to make sure it will work without any issues.

@dashrender said in Questions about licensing issues after converting physical SQL server to virtual:

If you replaced all the drives, why not virtualize it at the same time? RAID 10 along with converting to a VM seems like a good plan. Converting allows you more recovery options with no penalties.

If you can swing for a good RAID card with some cache, you'll probably notice some real gains in IOPs.

Now I'm confused... I was initially talking about converting it to a vm and running it in our virtual environment (vSphere 6.5) with a 20TB SAN/storage controller, completely separate unit from the R320. The other option is to essentially swap the RAID 5 for RAID 10 and continue using it as a physical server. It's one or the other. I don't understand what you mean about switching the RAID 10 + converting to virtual, sorry.

Thanks for the help.