Results 1 to 7 of 7
  1. #1
    Join Date
    Oct 2001
    Posts
    1,315

    VLANS for internal servers - is it worth it?

    Hi Guys,

    We offer colocation & dedicated servers as well as shared & reseller hosting services.

    Our colocation customers and dedicated server customers are definitely on their own VLANs for obvious reasons.

    Up until now, we have been using separate VLANS and ip allocations for each of the servers in our shared & reseller server fleet. I'm starting to question this policy for many reasons:
    1) We directly manage all of the servers and it is very rare that any servers are compromised to the point where they can steal an IP address.
    2) We are wasting IP addresses - network, broadcast and gateway addresses are required for each vlan. Additionally, if a server needs 1 more IP address, we need to add a whole new block.

    If all of the servers are under our direct management, does it make sense for us to use any vlans at all? It seems that it only serves to complicate things, waste ips and add management overhead.

    Thanks in advance for your feedback.
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

  2. #2
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,571
    In general I don't feel it's neccesary to separate most internal systems. However we do keep shared hosting on one large vlan separate from our internal systems such as DNS, Mail, ect., for security reasons.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  3. #3
    Join Date
    Jan 2002
    Location
    Scotland, UK
    Posts
    2,687
    We place all managed servers on their own separate VLAN but we simply have a VLAN per cabinet for the shared boxes. There isnít really any need for separate VLANs on the shared boxes since they are heavily locked down and only we have root on each box.

    Anything that can be done to save a finite resource like IP space that doesn't compromise or degrade service is a good thing if you ask me

    - Chris
    Chris Adams - CEO - Rochen Ltd. - chris (at) rochen (dot) com

    Now offering both US & UK premium business hosting, reseller hosting and managed virtualized services.
    rochen.com | rochen.co.uk | blog.rochen.com | forums.rochen.com | Twitter: @rochenhost

  4. #4
    Join Date
    Jan 2003
    Location
    Chicago, IL
    Posts
    6,889
    If you're managing all the systems, no need to separate them out.

    Also, keeping them in the same VLAN makes it easier to move the IPs around, moving them to the server that now needs more IP, a customer needs to be moved from one server to another and wants to keep his dedicated IP, etc.
    Karl Zimmerman - Steadfast: Managed Dedicated Servers and Premium Colocation
    karl @ steadfast.net - Sales/Support: 312-602-2689
    Cloud Hosting, Managed Dedicated Servers, Chicago Colocation, and New Jersey Colocation
    Now Open in New Jersey! - Contact us for New Jersey colocation or dedicated servers

  5. #5
    Join Date
    Oct 2001
    Posts
    1,315
    Perfect guys, thanks. This is exactly what I was looking for
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

  6. #6
    Join Date
    Nov 2003
    Location
    Lynnwood, WA
    Posts
    438
    Don't go too far the other way, though. In general, I see most people that share VLAN's across multiple shared boxes tend to cut it off somewhere between 50 and 250 per VLAN. Having 1000's of servers on one VLAN is going to leave you with one hell of a broadcast domain.

  7. #7
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,163
    Quote Originally Posted by NexSeven View Post
    Don't go too far the other way, though. In general, I see most people that share VLAN's across multiple shared boxes tend to cut it off somewhere between 50 and 250 per VLAN. Having 1000's of servers on one VLAN is going to leave you with one hell of a broadcast domain.
    I would second this, I've got a client (away from Web Hosting) who thought VLAN's were purely for security. They had 2000 desktops and 2000 IP phones in a single voice & data VLAN.

    Obviously the amount of broadcast traffic was insane...

    Dan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •