Hi,

A senario:

I have 2 applications using broadcast and multicast traffic to deliver data.
Given a company of 8 departments (each dept 50 users), 6 departments (300
users) require those data. I intend to create multiple vlans based on the
department however the 2 applications on separate servers will have
difficulties deliver data to those vlans since vlan has its own broadcast
domain.

What is you opinion?

My solutions:

1) Segregate based on services. Place those users who require the service
into the same vlan as the 2 applications servers which use broadcast and
multicast traffic.

2) Use vlan capable trunk card on the application servers. Create multiple
vlans based on the department. Place the servers on a different vlan and
trunk those 6 departments which require the application data to the server.


What is a better solution? Why? In term of security which is better? Is
there other solution?

Thanks for taking your time.

sPiDEr

"sPiDEr" <spider@bgp5_.net_REMOVE_> wrote in message
news:3f0b0acc@news.starhub.net.sg...
> Hi,
>
> A senario:
>
> I have 2 applications using broadcast and multicast traffic to deliver
data.
> Given a company of 8 departments (each dept 50 users), 6 departments (300
> users) require those data. I intend to create multiple vlans based on the
> department however the 2 applications on separate servers will have
> difficulties deliver data to those vlans since vlan has its own broadcast
> domain.

You dont say if this is IP multicast or something else.
>
> What is you opinion?
>
> My solutions:
>
> 1) Segregate based on services. Place those users who require the service
> into the same vlan as the 2 applications servers which use broadcast and
> multicast traffic.
>
> 2) Use vlan capable trunk card on the application servers.

Not a good idea - you end up using something wierd - which equates to more
bugs and difficult support.

Create multiple
> vlans based on the department. Place the servers on a different vlan and
> trunk those 6 departments which require the application data to the
server.

what happens when youget a user wanting both systems? 2 PCs?
>
>
> What is a better solution?

As usual - it depends.

Why? In term of security which is better?

Neither - you havent decribed what your security requirements are.

Is
> there other solution?

Worry about bandwidth and numbers of packets rather than domains.

2 multicast apps should be able to share the same network without
interfering - if they cant you have more serious troubles than how to split
users.

If you have high bandwidth apps, then split the users into subnets, and
build a network that can selectively deliver multicast - in IP that means
using PIM and IGRP, or lots of other combinations.

300 users should sit comfortably in a single subnet unless you need to split
them up for other reasons than just traffic and broadcast background.
>
> Thanks for taking your time.
>
> sPiDEr
>
-- 
Regards

Stephen Hope - remove xx from email to reply

Hi,

Dont forget that mutlicast is forwarded by default on the switches, so
the only thing you really should need to worry about is the
broadcasts, there are two ways you could do this "keeping to the
fundermentals" bridge your server vlan to all other vlans or use udp
forwaring. you should try and keep to a standard layout for vlans,
servers on vlanx,y,z and host "dep" on other vlans.
this way you dont compemise security.
i hope this link helps
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs006.htm

Mike


"shope" <stephen_hope@xx.ntlworld.com> wrote in message news:<uc_Oa.7479$nP.3802@newsfep4-winn.server.ntli.net>...
> "sPiDEr" <spider@bgp5_.net_REMOVE_> wrote in message
> news:3f0b0acc@news.starhub.net.sg...
> > Hi,
> >
> > A senario:
> >
> > I have 2 applications using broadcast and multicast traffic to deliver
>  data.
> > Given a company of 8 departments (each dept 50 users), 6 departments (300
> > users) require those data. I intend to create multiple vlans based on the
> > department however the 2 applications on separate servers will have
> > difficulties deliver data to those vlans since vlan has its own broadcast
> > domain.
> 
> You dont say if this is IP multicast or something else.
> >
> > What is you opinion?
> >
> > My solutions:
> >
> > 1) Segregate based on services. Place those users who require the service
> > into the same vlan as the 2 applications servers which use broadcast and
> > multicast traffic.
> >
> > 2) Use vlan capable trunk card on the application servers.
> 
> Not a good idea - you end up using something wierd - which equates to more
> bugs and difficult support.
> 
> Create multiple
> > vlans based on the department. Place the servers on a different vlan and
> > trunk those 6 departments which require the application data to the
> server.
> 
> what happens when youget a user wanting both systems? 2 PCs?
> >
> >
> > What is a better solution?
> 
> As usual - it depends.
> 
> Why? In term of security which is better?
> 
> Neither - you havent decribed what your security requirements are.
> 
> Is
> > there other solution?
> 
> Worry about bandwidth and numbers of packets rather than domains.
> 
> 2 multicast apps should be able to share the same network without
> interfering - if they cant you have more serious troubles than how to split
> users.
> 
> If you have high bandwidth apps, then split the users into subnets, and
> build a network that can selectively deliver multicast - in IP that means
> using PIM and IGRP, or lots of other combinations.
> 
> 300 users should sit comfortably in a single subnet unless you need to split
> them up for other reasons than just traffic and broadcast background.
> >
> > Thanks for taking your time.
> >
> > sPiDEr
> >

"Michael Hatzis" <michael@multilearn.com> wrote in message
news:f3cc24f7.0307101514.2db7b730@posting.google.com...
> Hi,
>
> Dont forget that mutlicast is forwarded by default on the switches,

Only within a single VLAN - multicasts stop at a router unless IP multicast
is set up, or you have some other way for layer 2 multicasts to get "around"
the routing barrier.

so
> the only thing you really should need to worry about is the
> broadcasts, there are two ways you could do this "keeping to the
> fundermentals" bridge your server vlan to all other vlans or use udp
> forwaring.

Again broadcasts stop at a router by default - but you need to understand
what protocol the broadcasts are for, and whether they need to be forwarded
across the router.

Broadcast forwarding on the router is usually used for "all 1s" broadcasts
such as DHCP requests, and you can use a UDP forwarder on the router for
these.

Some apps that use a lot of broadcasts send "directed broadcasts" - these
are targeted at the IP broadcast address for a remote subnet. Recent IOS
versions (12.x and maybe 11.x?) follow the router requirements RFC and drop
these at the last hop router by default, but you can change this if needed
on a per interface basis

you should try and keep to a standard layout for vlans,
> servers on vlanx,y,z and host "dep" on other vlans.
> this way you dont compemise security.
> i hope this link helps
> http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs006.htm
>
> Mike
>
>
> "shope" <stephen_hope@xx.ntlworld.com> wrote in message
news:<uc_Oa.7479$nP.3802@newsfep4-winn.server.ntli.net>...
> > "sPiDEr" <spider@bgp5_.net_REMOVE_> wrote in message
> > news:3f0b0acc@news.starhub.net.sg...
> > > Hi,
> > >
> > > A senario:
> > >
> > > I have 2 applications using broadcast and multicast traffic to deliver
> >  data.
> > > Given a company of 8 departments (each dept 50 users), 6 departments
(300
> > > users) require those data. I intend to create multiple vlans based on
the
> > > department however the 2 applications on separate servers will have
> > > difficulties deliver data to those vlans since vlan has its own
broadcast
> > > domain.
> >
> > You dont say if this is IP multicast or something else.
> > >
> > > What is you opinion?
> > >
> > > My solutions:
> > >
> > > 1) Segregate based on services. Place those users who require the
service
> > > into the same vlan as the 2 applications servers which use broadcast
and
> > > multicast traffic.
> > >
> > > 2) Use vlan capable trunk card on the application servers.
> >
> > Not a good idea - you end up using something wierd - which equates to
more
> > bugs and difficult support.
> >
> > Create multiple
> > > vlans based on the department. Place the servers on a different vlan
and
> > > trunk those 6 departments which require the application data to the
> > server.
> >
> > what happens when youget a user wanting both systems? 2 PCs?
> > >
> > >
> > > What is a better solution?
> >
> > As usual - it depends.
> >
> > Why? In term of security which is better?
> >
> > Neither - you havent decribed what your security requirements are.
> >
> > Is
> > > there other solution?
> >
> > Worry about bandwidth and numbers of packets rather than domains.
> >
> > 2 multicast apps should be able to share the same network without
> > interfering - if they cant you have more serious troubles than how to
split
> > users.
> >
> > If you have high bandwidth apps, then split the users into subnets, and
> > build a network that can selectively deliver multicast - in IP that
means
> > using PIM and IGRP, or lots of other combinations.
> >
> > 300 users should sit comfortably in a single subnet unless you need to
split
> > them up for other reasons than just traffic and broadcast background.
> > >
> > > Thanks for taking your time.
> > >
> > > sPiDEr
> > -- 
Regards

Stephen Hope - remove xx from email to reply