Can VLANs span a routed segment?

[Tommouse]

Hey AT!

We have run into a situation and are looking to see if what we are after is even possible, and if so a point in the right direction.

We currently have a bunch of VLANs on two separate routers/switches that are separated by a routed segment. We are looking to span this segment so that logically we can have the same VLAN(s) on both routers/switches, while keeping the segment in between them routed. We could do that by trunking the segment, but we can?t do that for other reasons. I was looking at VRF Lite (as we don?t have the hardware to do full VRF) but I?m still unsure if this would even give the desired result.

VLANs --- Sw/Router ------ Routed segment ------ Sw/Router ---- VLANs
192.168.99.0/24 _________ 10.240.10.0/30 __________ 10.168.99.0/24

This is what we?re after, being able to have the same network on both sides of the routed link.

Any help/point in the right direct/buzzword to google for would be awesome

Thanks in advance

 

[spidey07]

There is no need to ever have to do this. Really, you shouldn't be spanning vlans all over the place, especially across multiple routers/switches.

The way to do this (and I hate even telling you how to do it because it is such a bad idea) is to tunnel the vlans through any layer3 boundary.

-edit-
also, depending on the switch/router in question the tunneling could be performed by the processor so check the traffic and details of the hardware involved.

 

[spyordie007]

I agree that you *shouldnt* be doing it, but there are some legitimate cases to span them, for example when clustering with MSCS pre-server 2008 which requires the hosts to be on the same segment.

There are also quite a few applications still out there that require hosts be on the same network (and I hate just about every one of them). For example, I've got a couple hospitals that I had to do this with because a specialized medical record application they have uses a prioprietory non-routable protocol

 

[Tommouse]

I realize it's not the best practice by any means, but this is just so we can just have one network for managing our switches, and another network for managing our servers through DRAC cards. Would be much nicer as we move things from our office to our Colo to have a single network and not two. Our WAN links are pretty large so wasted bandwidth isn't too much of a concern.

We have Cisco a 3750G at each end of the routed segment, which as far as I can tell is fairly robust, and capable.

Thanks for the posts btw guys :beer:

 

[nightowl]

It can be done and it is a request for almost every data center discussion that I have been in. The problem is that when you allow spanning tree to cross wide-area links bad things can happen especially when you build a loop for high unavailable. That being said, you will need a router to be able to span a VLAN across a routed link as it cannot be done with any Cisco L3 switches.

As for your case with one management network, just keep them separate and secure the networks.

 

[Tommouse]

Originally posted by: nightowl
It can be done and it is a request for almost every data center discussion that I have been in. The problem is that when you allow spanning tree to cross wide-area links bad things can happen especially when you build a loop for high unavailable. That being said, you will need a router to be able to span a VLAN across a routed link as it cannot be done with any Cisco L3 switches.

As for your case with one management network, just keep them separate and secure the networks.

Well that settles that then. I was wondering why this was being such a pain in the ass, and that would make sense that it's not possible (with our equipment).

Thanks again guys, the guy we normally contact never responded, and I'm still learning. Now I have an answer