Network Virtualization: Beyond VLANs – Part 2: Subinterfaces

• Part 1: VLANs
• Part 2: Subinterfaces
• Part 3: Switch Virtual Interfaces (SVIs)
• Part 4: Tunnels
• Part 5: Virtual Routing and Forwarding (VRF)
• Part 6: Overlay Networks
• Part 7: MPLS L3 VPNs

As mentioned in part one, hosts in different VLANs cannot talk directly with each other since they are in different broadcast domains/subnets. For hosts on different VLANs to communicate with each other a layer 3 routing device is needed, usually a L3 Switch with an Switch Virtual Interface (SVI), a Router or a Firewall.

The simplest way to route packets between two VLANs is by simply connecting a router with two physical interfaces to the switch. Each interface is connected to an access port on one of the VLANs.

With this method of Inter-VLAN routing you would need a router with a physical interface, cable, and switch port for each of the VLANs you need to connect. In some deployments this could be dozens, YUCK!

Luckily we can use a trunk to allow the router to connect to multiple VLANs using a single port, similar to how two switches can be connected using a trunk.

Subinterfaces

Since a router is a L3 device it is not configured with VLANs the same way as a switch. Although this can get fuzzy when you are talking about big advance routers or a router with a switch module, but let’s just focus on a regular branch router.

Instead the router’s interface connected to the trunk will need to be configured with a subinterface, one for each VLAN that it is connecting.

So in the following example the router’s interface connected to the switch would be configured with two subinterfaces, one for VLAN Red and one for VLAN Blue. Packets from VLAN Red would be sent up the trunk as tagged frames to the router. The router would see that the frame belongs to VLAN Red via the 802.1q header and would receive the packet on VLAN Red’s subinterface. The router would then route the packet and send it out VLAN Blue’s subinterface, tag the frame and send it back down the cable to the switch.

In this deployment, referred to as a router on a stick (but can be firewall, load balancer, etc on a stick), the packets to or from the router use the same cable regardless of what VLAN the packets are going to or coming from.

The main consideration for this type of design is capacity planning on the single cable. Since each packet transverses the cable twice, it effectively cuts the available bandwidth in half. This can be a serious consideration in larger deployments.

To get around this issue you can use multiple physical interfaces each with a few subinterfaces, such as one interface having subinterfaces for VLANs Red and Blue and a second interfaces having subinterfaces for VLANs Green and Orange.

You could also just look at creating a Link Aggregation Group (LAG) of interfaces to add additional bandwidth to the “stick”, so instead of have VLANs Red & Blue on one interface and Green and Orange on another you can have all four VLANs on a single LAG of two or more interfaces.

Configuring a subinterface on a Cisco router is pretty easy. Say for example that VLAN Red was VLAN number 10 and VLAN Blue was VLAN number 20 then the config would look something like this.

GigabitEthernet1/0/0.10 Description Subinterface for VLAN Red ip address 10.10.10.1 255.255.255.0 encapsulation dot1q 10GigabitEthernet1/0/0.20 Description Subinterface for VLAN Blue ip address 10.10.20.1 255.255.255.0 encapsulation dot1q 20

Next we will cover Switch Virtual Interfaces which is sort of like virtualizing the router and bringing the Inter-VLAN routing functionality into the switch.