RE: [WISPA] Routed vs bridged (again)...
For documentation we use lots of Excel sheets, a home-grown CRM, lots of Visio, and some napkins and post-its scattered around my desk ;-) Thanks, Russ Kreigh Network Engineer OnlyInternet.Net Broadband & Wireless Supernova Technologies Office: (800) 363-0989 Direct: (260) 827-2486 Fax:(260) 824-9624 [EMAIL PROTECTED] http://www.oibw.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom DeReggi Sent: Sunday, December 03, 2006 11:32 PM To: WISPA General List Subject: Re: [WISPA] Routed vs bridged (again)... I can tell you from experience, confgiuring with VLAN can be encumbering (we do it almost everywhere), and I don't recommend it for everyone. But having the ability to configure it when you need it is really usefull. For example, lets say I have two client off of one sector, and I want to run seperate DHCP servers per business subscriber, or per project. I route 1 VLAN to one project and another VLAN to the other. Or when I want flexible IP assignment, or need to minimiz giving full blocks, How do I kkep one customer from misconfiguring his equipment and taking out another subscriber? Give them each there own VLAN. How do I seperate traffic between them so I can give them their own customer queues, I give them VLANs. VLAN allows central routing deliverdd via VLAN. But many times its simpler to take the routing all teh way to the last hop to the subscriber instead. For exampel Routing allows redundant path decissions to be made, without thinking of the complex bridge conflicts. The lsit goes on and on. I have many reasons to route at many locations and many places to VLAN. I think the best solution is to have the flexibilty to be able to do either or both, when and where ever a need arises. But then management of it all gets a mess, when a million different things are gettting done. So the real question is not wether to route or bridge, it is "how do you track / document it all?" Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Russ Kreigh" <[EMAIL PROTECTED]> To: "'WISPA General List'" Sent: Sunday, December 03, 2006 2:03 PM Subject: RE: [WISPA] Routed vs bridged (again)... >I can't believe I am getting involved in this... > > First, routing is not bad, or the best solution. Bridging is not bad, or > the > best solution. > > Network DESIGN is the solution. > > A hybrid network DESIGNED by a competent network person will outperform a > pure bridged network or a pure routed network any day. PERIOD. > > I am not going to go into the technical aspects of why routing versus > bridging is good, and bad. It all depends on what you are trying to > accomplish, what your customers are trying to accomplish, your market, > your > competion, what equipment you are using, your budget, your staff's > experience, failover protection, outage isolation, QoS, Security, Mail, > SLA > requirements and about 100 other factors. > > Let me say this, I administer about 70 routing devices, ranging from Cisco > 7206 routers, Cisco Catalyst L3 switches, down to Mikrotik 532's. I also > manage some pretty HUGE bridged segments on our network. > > I've seen routed networks be brought to their knees, I've seen bridged > network do the same. > The difference in our case is that we DESIGNED the network. > > We also have several dozen VLAN's on our network -- there is a > misconception > that using VLANs means you are bridging - well, no. Its hybrid, and in the > end, it is ultimatly routing. > > And again, public IPs versus Private IPs to a customer is a whole > different > story, we have both on our network - it depends on what you are trying to > accomplish. > > There is no need to give a /30 to every customer, there are other more > efficent ways of doing this. > With a /30 your using up 4 addresses, 1-Network Address 1-Router Address > 1-Customer Address and 1-Broadcast address. > > There is an argument that bridging is easy, yeah, until something goes > wrong. > There is an argument that routing is easy -- until something goes wrong. > > Many of you are die-hard routing people, many of your are die-hard > bridgers. > That's fine -- but stay away from my network :-) > > So, in case you missed the point of this email NETWORK DESIGN is the best > solution. > > Thanks, > > Russ Kreigh > Network Engineer > OnlyInternet.Net Broadband & Wireless > Supernova Technologies > Office: (800) 363-0989 > Direct: (260) 827-2486 > Fax: (260) 824-9624 > [EMAIL PROTECTED] > http://www.oibw.net > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Marlon K. Schafe
Re: [WISPA] Routed vs bridged (again)...
I can tell you from experience, confgiuring with VLAN can be encumbering (we do it almost everywhere), and I don't recommend it for everyone. But having the ability to configure it when you need it is really usefull. For example, lets say I have two client off of one sector, and I want to run seperate DHCP servers per business subscriber, or per project. I route 1 VLAN to one project and another VLAN to the other. Or when I want flexible IP assignment, or need to minimiz giving full blocks, How do I kkep one customer from misconfiguring his equipment and taking out another subscriber? Give them each there own VLAN. How do I seperate traffic between them so I can give them their own customer queues, I give them VLANs. VLAN allows central routing deliverdd via VLAN. But many times its simpler to take the routing all teh way to the last hop to the subscriber instead. For exampel Routing allows redundant path decissions to be made, without thinking of the complex bridge conflicts. The lsit goes on and on. I have many reasons to route at many locations and many places to VLAN. I think the best solution is to have the flexibilty to be able to do either or both, when and where ever a need arises. But then management of it all gets a mess, when a million different things are gettting done. So the real question is not wether to route or bridge, it is "how do you track / document it all?" Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Russ Kreigh" <[EMAIL PROTECTED]> To: "'WISPA General List'" Sent: Sunday, December 03, 2006 2:03 PM Subject: RE: [WISPA] Routed vs bridged (again)... I can't believe I am getting involved in this... First, routing is not bad, or the best solution. Bridging is not bad, or the best solution. Network DESIGN is the solution. A hybrid network DESIGNED by a competent network person will outperform a pure bridged network or a pure routed network any day. PERIOD. I am not going to go into the technical aspects of why routing versus bridging is good, and bad. It all depends on what you are trying to accomplish, what your customers are trying to accomplish, your market, your competion, what equipment you are using, your budget, your staff's experience, failover protection, outage isolation, QoS, Security, Mail, SLA requirements and about 100 other factors. Let me say this, I administer about 70 routing devices, ranging from Cisco 7206 routers, Cisco Catalyst L3 switches, down to Mikrotik 532's. I also manage some pretty HUGE bridged segments on our network. I've seen routed networks be brought to their knees, I've seen bridged network do the same. The difference in our case is that we DESIGNED the network. We also have several dozen VLAN's on our network -- there is a misconception that using VLANs means you are bridging - well, no. Its hybrid, and in the end, it is ultimatly routing. And again, public IPs versus Private IPs to a customer is a whole different story, we have both on our network - it depends on what you are trying to accomplish. There is no need to give a /30 to every customer, there are other more efficent ways of doing this. With a /30 your using up 4 addresses, 1-Network Address 1-Router Address 1-Customer Address and 1-Broadcast address. There is an argument that bridging is easy, yeah, until something goes wrong. There is an argument that routing is easy -- until something goes wrong. Many of you are die-hard routing people, many of your are die-hard bridgers. That's fine -- but stay away from my network :-) So, in case you missed the point of this email NETWORK DESIGN is the best solution. Thanks, Russ Kreigh Network Engineer OnlyInternet.Net Broadband & Wireless Supernova Technologies Office: (800) 363-0989 Direct: (260) 827-2486 Fax:(260) 824-9624 [EMAIL PROTECTED] http://www.oibw.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marlon K. Schafer Sent: Sunday, December 03, 2006 12:41 PM To: WISPA General List Subject: Re: [WISPA] Routed vs bridged (again)... - Original Message - From: "Butch Evans" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Saturday, December 02, 2006 10:44 PM Subject: [WISPA] Routed vs bridged (again)... On Sat, 2 Dec 2006, Marlon K. Schafer wrote: It's a very high cost. Why does every residential user need to tie up 3 ip addys? How long can we keep handing them out like that before we run into trouble again? There is only so much nat that we're gonna get away with. I give up...why does a residential user need 3 ips? I never suggested that they did. And I guess I don't understand what nat has to do with any of it. OK, what's the minimum number of ip addys that a routed customer HAS to use? I thought it w
RE: [WISPA] Routed vs bridged (again)...
On Sun, 3 Dec 2006, Mac Dearman wrote: SUMMARY: USE THE SHOE THAT FITS - ONE SIZE DOES NOT FIT ALL - EVER! This is good advice. For those that think I am "religous" regarding this argument, are mis-reading my statements. I am only dispelling bad information. At any rate, there is certainly a place for bridging and a place for routing in any network. VLANs offer still more functionality and (where it's appropriate), I always recommend it. I've simply found that there are few places where the overhead associated with VLANs is necessary or particularly useful in most of the networks I've designed. Either way, I think I'm moving on:-) -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ Mikrotik Certified Consultant (http://www.mikrotik.com/consultants.html) -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: SPAM ? RE: [WISPA] Routed vs bridged (again)...
Amen & Amen Well said and I must confess - - way shorter than my previous post :-) Mac -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Russ Kreigh Sent: Sunday, December 03, 2006 1:03 PM To: 'WISPA General List' Subject: SPAM ? RE: [WISPA] Routed vs bridged (again)... Importance: Low I can't believe I am getting involved in this... First, routing is not bad, or the best solution. Bridging is not bad, or the best solution. Network DESIGN is the solution. A hybrid network DESIGNED by a competent network person will outperform a pure bridged network or a pure routed network any day. PERIOD. I am not going to go into the technical aspects of why routing versus bridging is good, and bad. It all depends on what you are trying to accomplish, what your customers are trying to accomplish, your market, your competion, what equipment you are using, your budget, your staff's experience, failover protection, outage isolation, QoS, Security, Mail, SLA requirements and about 100 other factors. Let me say this, I administer about 70 routing devices, ranging from Cisco 7206 routers, Cisco Catalyst L3 switches, down to Mikrotik 532's. I also manage some pretty HUGE bridged segments on our network. I've seen routed networks be brought to their knees, I've seen bridged network do the same. The difference in our case is that we DESIGNED the network. We also have several dozen VLAN's on our network -- there is a misconception that using VLANs means you are bridging - well, no. Its hybrid, and in the end, it is ultimatly routing. And again, public IPs versus Private IPs to a customer is a whole different story, we have both on our network - it depends on what you are trying to accomplish. There is no need to give a /30 to every customer, there are other more efficent ways of doing this. With a /30 your using up 4 addresses, 1-Network Address 1-Router Address 1-Customer Address and 1-Broadcast address. There is an argument that bridging is easy, yeah, until something goes wrong. There is an argument that routing is easy -- until something goes wrong. Many of you are die-hard routing people, many of your are die-hard bridgers. That's fine -- but stay away from my network :-) So, in case you missed the point of this email NETWORK DESIGN is the best solution. Thanks, Russ Kreigh Network Engineer OnlyInternet.Net Broadband & Wireless Supernova Technologies Office: (800) 363-0989 Direct: (260) 827-2486 Fax:(260) 824-9624 [EMAIL PROTECTED] http://www.oibw.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marlon K. Schafer Sent: Sunday, December 03, 2006 12:41 PM To: WISPA General List Subject: Re: [WISPA] Routed vs bridged (again)... - Original Message - From: "Butch Evans" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Saturday, December 02, 2006 10:44 PM Subject: [WISPA] Routed vs bridged (again)... > On Sat, 2 Dec 2006, Marlon K. Schafer wrote: > >>It's a very high cost. Why does every residential user need to tie up 3 >>ip addys? How long can we keep handing them out like that before we run >>into trouble again? There is only so much nat that we're gonna get away >>with. > > I give up...why does a residential user need 3 ips? I never suggested > that they did. And I guess I don't understand what nat has to do with any > of it. OK, what's the minimum number of ip addys that a routed customer HAS to use? I thought it was three. Is it really two or four instead? Either way, it's a waste of ip addresses. NAT matters because it's the only way many of us would ever get enough ip addys for every customer AND every device on the network. For customers that increasinly need two way communications NAT isn't a good option. Then there's the CALEA crap. How in the world is a person going to track EVERY packet in his network? And those doing NAT may well have to as ALL customers behind a nat'd address show up as the one public addy. That's not gonna help anyone find that Kiddie porn freak. So what will we have to do to comply? Don't know for sure yet, but I certinly think that it'll be much easier to deal with the issue if every customer has a public ip. > >>>No...not a requirement. It's just a more scalable solution. >> >>There are nearly 4000 (unfortunately not all mine :-) 100meg customers on >>that network. > > I don't want to argue this point, because I just don't have enough > information about the network. I seriously doubt, though, that all those > customers are all on a single /20 network (which would support 4096 > hosts). Even worse, if there are routers there, too, it may need a /19 > (which would accomodate over 8000 c
RE: [WISPA] Routed vs bridged (again)...
I can't believe I am getting involved in this... First, routing is not bad, or the best solution. Bridging is not bad, or the best solution. Network DESIGN is the solution. A hybrid network DESIGNED by a competent network person will outperform a pure bridged network or a pure routed network any day. PERIOD. I am not going to go into the technical aspects of why routing versus bridging is good, and bad. It all depends on what you are trying to accomplish, what your customers are trying to accomplish, your market, your competion, what equipment you are using, your budget, your staff's experience, failover protection, outage isolation, QoS, Security, Mail, SLA requirements and about 100 other factors. Let me say this, I administer about 70 routing devices, ranging from Cisco 7206 routers, Cisco Catalyst L3 switches, down to Mikrotik 532's. I also manage some pretty HUGE bridged segments on our network. I've seen routed networks be brought to their knees, I've seen bridged network do the same. The difference in our case is that we DESIGNED the network. We also have several dozen VLAN's on our network -- there is a misconception that using VLANs means you are bridging - well, no. Its hybrid, and in the end, it is ultimatly routing. And again, public IPs versus Private IPs to a customer is a whole different story, we have both on our network - it depends on what you are trying to accomplish. There is no need to give a /30 to every customer, there are other more efficent ways of doing this. With a /30 your using up 4 addresses, 1-Network Address 1-Router Address 1-Customer Address and 1-Broadcast address. There is an argument that bridging is easy, yeah, until something goes wrong. There is an argument that routing is easy -- until something goes wrong. Many of you are die-hard routing people, many of your are die-hard bridgers. That's fine -- but stay away from my network :-) So, in case you missed the point of this email NETWORK DESIGN is the best solution. Thanks, Russ Kreigh Network Engineer OnlyInternet.Net Broadband & Wireless Supernova Technologies Office: (800) 363-0989 Direct: (260) 827-2486 Fax:(260) 824-9624 [EMAIL PROTECTED] http://www.oibw.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marlon K. Schafer Sent: Sunday, December 03, 2006 12:41 PM To: WISPA General List Subject: Re: [WISPA] Routed vs bridged (again)... - Original Message - From: "Butch Evans" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Saturday, December 02, 2006 10:44 PM Subject: [WISPA] Routed vs bridged (again)... > On Sat, 2 Dec 2006, Marlon K. Schafer wrote: > >>It's a very high cost. Why does every residential user need to tie up 3 >>ip addys? How long can we keep handing them out like that before we run >>into trouble again? There is only so much nat that we're gonna get away >>with. > > I give up...why does a residential user need 3 ips? I never suggested > that they did. And I guess I don't understand what nat has to do with any > of it. OK, what's the minimum number of ip addys that a routed customer HAS to use? I thought it was three. Is it really two or four instead? Either way, it's a waste of ip addresses. NAT matters because it's the only way many of us would ever get enough ip addys for every customer AND every device on the network. For customers that increasinly need two way communications NAT isn't a good option. Then there's the CALEA crap. How in the world is a person going to track EVERY packet in his network? And those doing NAT may well have to as ALL customers behind a nat'd address show up as the one public addy. That's not gonna help anyone find that Kiddie porn freak. So what will we have to do to comply? Don't know for sure yet, but I certinly think that it'll be much easier to deal with the issue if every customer has a public ip. > >>>No...not a requirement. It's just a more scalable solution. >> >>There are nearly 4000 (unfortunately not all mine :-) 100meg customers on >>that network. > > I don't want to argue this point, because I just don't have enough > information about the network. I seriously doubt, though, that all those > customers are all on a single /20 network (which would support 4096 > hosts). Even worse, if there are routers there, too, it may need a /19 > (which would accomodate over 8000 customers). If they are not, take my > word for it...they are routed. They are routed to the world at the isp. But they are NOT routed within the network. They are vlan'd. Some isp's may have multiple vlans or some such thing, but I'd be surprised at that. > >>I'm just saying that it's far less import
RE: [WISPA] Routed vs bridged (again)...
clients) in the name of friendship by leading him where he didn't absolutely need to be because I am a routing idiot and have a bias to such actions. SUMMARY: USE THE SHOE THAT FITS - ONE SIZE DOES NOT FIT ALL - EVER! The saga of Mac Dearman -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David E. Smith Sent: Sunday, December 03, 2006 10:32 AM To: WISPA General List Subject: Re: [WISPA] Routed vs bridged (again)... Butch Evans wrote: >> There are nearly 4000 (unfortunately not all mine :-) 100meg customers >> on that network. > > I don't want to argue this point, because I just don't have enough > information about the network. I seriously doubt, though, that all > those customers are all on a single /20 network (which would support > 4096 hosts). Even worse, if there are routers there, too, it may need a > /19 (which would accomodate over 8000 customers). If they are not, take > my word for it...they are routed. You never know. Thanks to irony, my apartment is in a dead spot, where I can't get my own company's wireless service, so I've got a cable modem at home. Right now, my home router's IP address is assigned from a /20 - the router reports my network mask as 255.255.224.0, and my default gateway really is a couple thousand addresses away. Being a cable company with positively obscene amounts of money, I'd assume they're using some sort of fancy VLAN solution, or at least a really smart switch. But heck, I don't really know. One of these days, I'll be bored, and plug in the notebook, with Wireshark running, just to see what kind of other traffic I can see out there... David Smith MVN.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Routed vs bridged (again)...
- Original Message - From: "Butch Evans" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Saturday, December 02, 2006 10:44 PM Subject: [WISPA] Routed vs bridged (again)... On Sat, 2 Dec 2006, Marlon K. Schafer wrote: It's a very high cost. Why does every residential user need to tie up 3 ip addys? How long can we keep handing them out like that before we run into trouble again? There is only so much nat that we're gonna get away with. I give up...why does a residential user need 3 ips? I never suggested that they did. And I guess I don't understand what nat has to do with any of it. OK, what's the minimum number of ip addys that a routed customer HAS to use? I thought it was three. Is it really two or four instead? Either way, it's a waste of ip addresses. NAT matters because it's the only way many of us would ever get enough ip addys for every customer AND every device on the network. For customers that increasinly need two way communications NAT isn't a good option. Then there's the CALEA crap. How in the world is a person going to track EVERY packet in his network? And those doing NAT may well have to as ALL customers behind a nat'd address show up as the one public addy. That's not gonna help anyone find that Kiddie porn freak. So what will we have to do to comply? Don't know for sure yet, but I certinly think that it'll be much easier to deal with the issue if every customer has a public ip. No...not a requirement. It's just a more scalable solution. There are nearly 4000 (unfortunately not all mine :-) 100meg customers on that network. I don't want to argue this point, because I just don't have enough information about the network. I seriously doubt, though, that all those customers are all on a single /20 network (which would support 4096 hosts). Even worse, if there are routers there, too, it may need a /19 (which would accomodate over 8000 customers). If they are not, take my word for it...they are routed. They are routed to the world at the isp. But they are NOT routed within the network. They are vlan'd. Some isp's may have multiple vlans or some such thing, but I'd be surprised at that. I'm just saying that it's far less important than it used to be. With the proliferation of worms being what it is, and most of them spreading by broadcast to the local network? You must be kidding... Nope. We block client to client communications at the ap (and hopefully soon at the switch). The worms can only get sideways on my network by going through the router, which under your theory will block them. Also, we require all customers have a firewall and antivirus. In theory we actually have several levels of protection in place against just such problems. OK, I've had enough fun poking at the religious right on the routed vs. bridged debate. The reality of the situation (as with so many things in life) is that both are used and both do a better job if used in the right places. Right tool for the right job. And EVERYONE's job is a different one. The isp has to be able to make smart choices for his network. Talk about all or nothing in either direction isn't really helpful in my mind. How's that? marlon -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ Mikrotik Certified Consultant (http://www.mikrotik.com/consultants.html) -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Routed vs bridged (again)...
Butch Evans wrote: There are nearly 4000 (unfortunately not all mine :-) 100meg customers on that network. I don't want to argue this point, because I just don't have enough information about the network. I seriously doubt, though, that all those customers are all on a single /20 network (which would support 4096 hosts). Even worse, if there are routers there, too, it may need a /19 (which would accomodate over 8000 customers). If they are not, take my word for it...they are routed. You never know. Thanks to irony, my apartment is in a dead spot, where I can't get my own company's wireless service, so I've got a cable modem at home. Right now, my home router's IP address is assigned from a /20 - the router reports my network mask as 255.255.224.0, and my default gateway really is a couple thousand addresses away. Being a cable company with positively obscene amounts of money, I'd assume they're using some sort of fancy VLAN solution, or at least a really smart switch. But heck, I don't really know. One of these days, I'll be bored, and plug in the notebook, with Wireshark running, just to see what kind of other traffic I can see out there... David Smith MVN.net -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
