Trunking -- pros and cons

[Synoptic]

This is to discuss the pro's and con's of trunking in today's networks. I have trunked networks in the past and the advantages at the time seemed to outweigh the disadvantages, but I was told I was totally wrong, so here it is, let's figure out if we should trunk or not.
BTW, Spidey, I appreciate you taking the time to answer my question, sorry if I may have come off like an @$$ at first.

 

[spidey07]

No problem. I will now bring down the wrath of the 800 pound spidey gorilla.

1st question would be why would you need to trunk? There have been very few instances where I had to because of security and in highly redundant data center cores. But out to the distribution and access layers it is a big no-no.

So what happens when you enable a trunk? A single link is in multiple vlans and the switch tags the frames source vlan whether it is ISL or 802.1q. No big deal right?
Cons:
1) spanning-tree. Imagine a network of 30 switches all trunked together forming nice little triangles everywhere for redundancy. spanning-tree design will get very tricky just for one vlan. Now throw in 50 vlans. One link starts to flap or you have some kind of unidirectional communication going on. Instead of just a single vlan being affected now ALL 50 vlans are broadcasting out the wazoo and each and every switch is running 50 instances of spanning tree. Network is baked (I've seen it a dozen times on a dozen very large networks). done. never converge and would be a complete nightmare to troubleshoot.
2) Broadcasts. they're flooded down trunk links, depending on the protocol this could get very high and scales linearly with the number of vlans. meaning one little machine starts a brodcast storm on one VLAN and now instead of just his switch of vlan being affected all links in the network are flooded as well. again hard to troubleshoot.
3) leads to a bunch of flat networks.
4) can lead to mismatched native vlans in 802.1q trunks

Trunking came about because of the need to keep traffic local instead of routing it. router speed used to be pretty slow and the term "route when you can bridge when you must" came about. With the advent of true wire-speed routing there was no longer the need to worry about passing through a router and the associated performance hit.

So instead of trunking everywhere, flooding broadcasts everwhere, having god awful complicated spanning-trees everywhere network design shifted to a more hierarchial method using layer3 routing. now the distribution and even core layers of a network are connected by single vlan, routed links with a /30 mask. routing protocols handle the redundancy, spanning-tree can almost be eliminated and broadcasts are controlled.

So to summarize, route everywhere. Trunk only if you absolutely must (and if you do you might want to re-think the design) and prune them if you do. Use the intelligence in routing protocols to handle traffic and failover. Routers also generally contain a network problem just to a specific VLAN, making it far more easy to troubleshoot.

So after all my babbling I can think of no pros for trunking. only cons. The biggest part is you can trunk everywhere and all will work fine. It is when you have a problem that you'll wish you didn't.

 

[reicherb]

For us less knowledegable people, what is trunking?
I had nothing to do with the setup of my network (done before I came) and don't touch any of the routers or switches, but I do know that that I've got a few VLans and did have some spanning tree issues once. I'm wondering if it was trunking related.

 

[Garion]

OK, I'll take the flip side..

Trunking is a very cool technology that allows you to distribute a single VLAN across multiple switches. It is an extremely effective tool in a large buildingthat requires multiple switches.

Here's one way we used it..

One of our buildings had about 600 cubes, plus a big data center. Each cube had four network jacks. There were two wiring closets - One upstairs and one downstairs, each had three layer2 6509's fully loaded with FastEthernet cards. All switches had multiple gigabit links back to a layer 3 switch in the data center.

Before anyone moved into the building, we pre-wired ALL of the cube jacks into a 6509 switch port. We kept excruciating detail on exactly which port a jack was connected to. We defined about six subnets for the building outside the data center - Two for PC Desktop DHCP, two for Unix workstations, one for PC static IP's and one for misc stuff like printers, etc. Each subnet was, of course, it's own VLAN and those VLANS were trunked across all switches in the building.

When a tech needed to go out and install a new box, all they needed to do was give us the cube number and we could, from our desk, assign that jack to any VLAN/subnet in the building without leaving our seats. We eventually had someone write a java program that allowed them to do it themselves from a browser, as well as set/adjust the speed/duplex of the port. It saved us a LOT of work and gave us the nicest-looking wiring closets you've ever seen.

We did something similar in the data center - One L2 6509 in every third row, all trunked back to the L3 core. Made it easy to distribute VLANS and assign devices IP's on the correct subnet. IT avoided a lot of extra cabling within the data center and was invaluable for things like backup networks, which are distributed all over the place but aren't routed across the backbone.

That being said.. My use of trunking was within a single building using switches in a hub-and-spoke setup - That's about as far as I would ever take it for scaleability reasons, as Spidey mentioned. It definitely does have uses, however.

I think that trunking is an excellent technology IF you have a very closely-managed network. Trunking is not all that hard to break - AT my current job, someone went renegade on us and plugged in a 3500 switch in our data center. It was set to ISL master and took down the data center for a few hours. Twice. Then we shot the guy. (Just kidding, but we all wanted to)

- G

 

[Synoptic]

Wow y'all, I appreciate all the answers

 

[reicherb]

We defined about six subnets for the building outside the data center - Two for PC Desktop DHCP, two for Unix workstations, one for PC static IP's and one for misc stuff like printers, etc. Each subnet was, of course, it's own VLAN and those VLANS were trunked across all switches in the building.

This is basically my setup. I certianly don't have the knowledge that many of you do, but how else could use have a VLan cover a large geographical area or even an entire building?

 

[ScottMac]

Basically, trunking is designating a link to carry two or more discreet VLANS. Kinda like striped toothpaste, you squeeze the tube and several different colored stripes come out the same hole.

The two common methods are 802.1q, which changes a field within the packet, and ISL (Cisco created and licensed) which adds an additional header to the frame, but leaves the basic information in the original frame intact. The frames are altered when they enter a VLAN-enabled switch, and restored when they leave the last VLAN-aware switch in the circuit.

Without trunking, if you wanted to present two or more VLANS to two or more switches, you'd need a link from each VLAN on each switch to the same VLAN on all the other switches participating in the VLAN.

With trunking, you'd use one (HIGH-SPEED/LARGE BANDWIDTH) link to carry the multiple VLAN traffic. The link can be an aggregate link (like Fast EtherChannel).

To prevent VLAN traffic from going to switches where the VLAN exists, but where there are no connections in that VLAN, Cisco uses VTP domains. VTP monitors which switches participate in the VLAN and which switches have hosts participating in that VLAN. If there are no active hosts in a VLAN, VTP "prunes" that connection (prevents traffic from being forwarded from that VLAN to that switch).

Trunking is a tool. There are places where it's appropriate, and places where it isn't, all very design specific. Like any other tool, if you don't use it right, you're gonna suffer.

Like Spidey mentioned, one of the bigger concerns is Spanning Tree. You can set the network up with a single instance of spanning tree, or one spanning tree instance per VLAN (the most common, I believe).

Also since VLANs are broadcast domains, and since the trunked linked is essentially shared bandwidth, any excess traffic on one VLAN is subtracting from the available bandwidth of the other VLAN(s). It would "not be smart" to use several high-traffic VLANs through the same trunk... so Spanning Tree management and planning is absolutely a must for proper traffic management.

There's lots of considerations. I'm sure most of the bigg'uns will come out in this (excellent) thread.

FWIW

Scott