VLAN throughput Poll

[nowwhatnapster]

Riddle me this, which of the setups below would yield the highest throughput between vlan 10 and vlan 20? I've seen all 3 of these setups in the real world.

Setup 1 (vlans on router&sw, single link)

• Firewall
  • interface 1 trunk VLAN 10,20 tagged
• Switch
  • interface 1 trunk VLAN 10,20 tagged
  • interface 10-19 access VLAN 10
  • interface 20-29 access VLAN 20

Setup 2 (vlans on router&sw, dedicated interfaces for each vlan)

• Firewall
  • interface 1 trunk VLAN 10 tagged
  • interface 2 trunk VLAN 20 tagged
• Switch
  • interface 1 trunk VLAN 10 tagged
  • interface 2 trunk VLAN 20 tagged
  • interface 10-19 access VLAN 10
  • interface 20-29 access VLAN 20

assume all interfaces copper gigabit
assume switch is NOT layer 3 capable
assume router is enterprise grade

Here's a 4th hypothetical setup just to make it interesting...

Setup 4 (vlans on router&sw, teamed interfaces)

• Firewall
  • interface 1,2 teamed trunk VLAN 10,20 tagged
• Switch
  • interface 1,2 teamed trunk VLAN 10,20 tagged
  • interface 10-19 access VLAN 10
  • interface 20-29 access VLAN 20

Edit* sorry for double post, felt poll was apropriate and didn't see option to add to origional post

Edit* modified questions for clarity, removed option 3

 

[Nate7311]

Not really enough information to vote. You specify that we are to assume that router and switch are enterprise grade. Does the switch have layer 3 (routing capability), if so there's your answer. Options 1, 2, and 4 are variations on the classic Router-on-a-stick scenario. #3 doesn't specify where the routing is being done, but I think we are to assume that routing is done within the switch, correct?

 

[nowwhatnapster]

Not really enough information to vote. You specify that we are to assume that router and switch are enterprise grade. Does the switch have layer 3 (routing capability), if so there's your answer. Options 1, 2, and 4 are variations on the classic Router-on-a-stick scenario. #3 doesn't specify where the routing is being done, but I think we are to assume that routing is done within the switch, correct?

Your right, from what I understand if layer 3 switch is available that would provide the best performance and handle the routing. I updated the original question removing option 3.

I guess what I was trying to figure out is there any performance differences between these "router on a stick" variations. BTW had never heard that term before.

 

[Nate7311]

It's safe to say that on a single gigabit port, the maximum throughput that you will get is 1Gigabit, regardless on what vLAN tags the packets have.

In Scenario 1, you have 2 vLANs on the same port on the switch and the same interface at the router. There is potential for saturation here. QoS would be recommended here to balance out loads in a large environment. However, especially in a test environment, which is where the vast majority of ROAS configurations live, I don't really see much of a performance hit in this scenario being that you will be most likely limited by routing performance first.

In Scenario 2, you have 2 dedicated ports each tagged to a specific vLAN on the switch, and connecting to separate interface on the router. Each vLAN has the potential for full bandwidth on that pipe (obviously limited by the routing performance of the router).

Scenario 4 gets a bit murky. You are teaming the router interfaces together, so assuming LACP, you will have a theoretical 2Gb of bandwidth shared over both tagged vLANs. Given the comments on routing performance in a ROAS environment above, I think that would be your limiting factor across the board.

 

[sybreeder]

Generally the bigger "pipe" is between switch and UTM/firewall the better - especially when you team that link. It should be most noticable when you route traffic from 1 VLAN to another.
When i tested Fortigate 110C it had only 1 link and traffic between VLANs was just terrible...