probably an easy routing question, so please help

Provided both of those networks are off the same edge router, and routing is enabled, the traffic will not have to go across the WAN/ Internet link, and will instead route to the directly connected network. This should work without issue.

OK, that makes sense, but if the uplink is coming out of the switch from a 10Mb link to the router and the computers are both hooked into gigabit ports then it is a big difference right? There's no way for that switch to be a bit smarter (without turning into a router) and not run out the 10Mb port to the router with all of its traffic, correct? Whereas before they would have transferred at gigabit rate, they now will be 100 times slower?

It looks like I've just described the idea behind a Layer 3 switch! I didn't know those existed until just now. I'm slowly figuring this whole thing out.

Use a gigabit L3 switch and you're done.

But for a special case of your scenario, the question is: if the two /28 blocks are adjacent (which is not the case in your example), why not set a /27 netmask, keeping in mind that the broadcast address of block 1 and the network address of block 2 will not be visible from outside? Shouldn't this work?

Slightly modifying your example:

IP block 1 : 123.123.123.0/28 IP block 2 : 123.123.123.16/28

Internally, you turn this to 123.123.123.0/27, which eliminated the need for a L3 switch but implies that 123.123.123.15 and 123.123.123.16 are not valid host addresses for incoming traffic.

Regards

fw

That is correct. Probabaly even more so, since you'll get a lot of dropped packets and retransmits. Unless the switch is L3 capable, the traffic will need to be sent to the router. One option is to possibly just configure your internal network to use the whole class C. This isn't a great option, since you will lose the ability to route traffic to the rest of the address space not in your blocks. But, chances are minimal that you would need to anyway. I would suggest researching what the rest of the block is used for and see if you don't find it important.

But, perhaps a better solution would be to go back to the ISP and see if they could give you a single contiguous block. Without that, probably the best option would be to implement an L3 switch inside the router. Even if your router had GB ports, chances are that they could not keep up with the traffic and you would overwhelm the CPU.

Hope that helps,

Jim

Depends on what you mean by "before". If they've always been attached to two, non-contiguous /28s then there will always[1] have had to be a router between the networks.

[1] Depending on the end stations involved and how much control you have over them you might be able to do things with the multiple subnets on the same VLAN or physical network, secondary addressing in Cisco parlance. On some Unix and Unix-like systems you can do the same thing, effectively configuring the endstations to see the other /28 on the same interface as their own /28. We don't do that but other people here are probably familar with the techniques.

Sam

Technically yes you are correct. Unless you have a L3 switch or a router with gig ports, you will potentially have limits for any bandwidth going inter VLAN. I've been trying to think through your option of running a /24 behind the scenes and simply not addressing nodes in the two networks you don't own. I'm not really sure if this would work or not, as it your router technically would have to advertise the /24, unless of course you could use distribution lists or something to split it up as necessary. I think your best bet is to sit down and really analyze your servers/nodes and come up with a design that keeps your high traffic boxes on one switch/subnet or the other. I doubt you have 126 boxes that are the same application, etc, and probably could be split into some kind of logical groups by high traffic. Thus ensuring that intra VLAN traffic is maximized, and inter-vlan traffic is minimized. If you do have a server (database or such) that is central to both networks, perhaps its better to just dual home it to each network. All depends on your requirements......

Well, the issue is that there is one computer that will need to access every other computer at a very high rate, our backup server. I've spent the last 45 minutes wading through the poorly organized Cisco website just trying to find the most inexpensive non end-of-sale/end- of-life Layer 3 switch with 2 gigabit (non-fiber) uplink ports and probably 24 10/100 ports. You're correct in presuming that all of the network devices don't need gigabit connections (iLOs and such) so I have no problem placing them on 10/100 ports on a new Layer 3 switch. What's the deal with end-of-sale/end-of-life products? Are they to be avoided? Can you guys offer me any suggestions as to hardware devices I should be looking at? I'm lost...the product catalog is so extensive.

I'm now taking a hard look at the Netgear FSM7326P. I examined comparable Cisco products and I just can't see the price justification. It's literally twice as costly for the comparable Cisco product (which as far as I can tell is the Catalyst 3560-24TS. There are some stats about the Netgear switch that concern me. The maximum number of routes is 16. What does that mean? Does that mean that only 16 subnets can be handled through this switch? This shouldn't be a problem, but it still seems like a low number. The maximum number of routed VLANs is more applicable to my situation, and that's topped off at 6. Again, this shouldn't be a problem, but it seems like an arbitrarily low number. I can't find the corresponding stats for the 3560-24TS, so I don't know if this is a normal cap or not.

Secondly, let's look at another resolution to the above problem that I don't think is necessarily a good idea, but I'm curious if it would work. If I assigned IPs to the backup server in each subnet where it will be remotely backing up machines, would BackupExec use the corresponding IP address for the subnet of the computer it was backing up? How is that decided or configured? Pro/Cons?

pk

Prior to buying a used cisco switch, I looked at buying a new Netgear switch. I called Netgear's 800 number and after hours of being switched from one place to another, once continent to another, even being told that since i didn't have a support contract I couldn't get pre-sales help (in both american and indian accents), I was still unable to get information on the differences between two models to help me choose which to buy.

Cisco may be more expensive, but you have access to on-line manuals, detailed specs. And I bought a used switch, and was able to register for access to more areas of the Cisco web site.

Buying a new Cisco switch may be more expensive, but you need to look at the quality of the support you are getting. (both on-line documentation as well as actual human support).

Yeah, there are times where the difference in price just doesn't warrant the extra features/support. But it is something to consider.

Years ago, when I had bought a netgear hub and a netgear router, I had had excellent and easy 24 hour support from Netgear. But this time around, I couldn't get the time of day for pre-sales information. Wouldn't touch Netgear anymore because of that.

What you are suggesting should work fine. You would just have to make sure that the IP address on the local segment is blocked or translated to another IP address before it hits the internet.