Before talking about Inter VLAN routing, let me give you a brief introduction to VLAN first.
VLAN is a logical grouping of network devices connected to a switch. VLANs are used to create smaller broadcast domains at layer 2 by assigning different ports to different subnetworks on the same switch so that two or more departments cannot communicate with each other which helps to reduce unnecessary traffic in a network. Also, the use of VLAN in an organization is a common practice. This allows different departments to remain isolated from each other and saves bandwidth.
But what if two different VLANs or we can say two different departments of an organization want to communicate with each other? Can this be made possible?
What is Inter VLAN routing?
Inter VLAN routing is the process of enabling communication between devices on different VLANs within the same network. Without inter VLAN routing, devices on separate VLANs are essentially isolated from each other, unable to exchange data or access resources. Inter VLAN routing helps to resolve this communication gap by allowing data to flow between VLANs. To allow communication between different VLANs we take the help of routing and hence we need a device that can perform routing i.e., router or layer 3 switches.
Why is Inter-VLAN routing used?
As we discussed Inter VLAN routing can help to build a communication channel between two or more different VLANs, but besides this, it also has some other uses: –
Security
VLANs are used to enhance security by keeping sensitive data on a separate VLAN and ensuring that no unauthorized devices can access it. Inter-VLAN helps authorized devices access these resources and data.
Shared Resources
Inter VLAN routing allows devices on different VLANs to share network resources efficiently. For instance, printers, file servers, and network-attached storage (NAS) devices can be placed on a separate VLAN; users from multiple VLANs can access these shared resources. This simplifies resource management and utilization.
Scaling and Growth
As an organization grows, the network grows and new services are added, inter VLAN routing can help maintain efficient communication between VLANs without physically reconfiguring the network.
Traffic Management and Optimization
By routing traffic between VLANs, you have control over how traffic flows within your network. This allows you to optimize network performance and ensure that bandwidth is allocated according to the organization’s needs and policies.
How does Inter-VLAN routing work?
Inter VLAN routing can be implemented using three methods, namely-
External Router
The oldest method of implementing Inter VLAN routing is using a router with multiple interfaces and each router interface is connected to ports on a switch configured with different VLAN. The router interface acts as a default gateway for the particular VLAN.
An example of this method is shown in the diagram below.
Ports on the switch are assigned to particular VLANs as mentioned and each port is connected to the port on the RE. When a PC in VLAN 10 wants to communicate with a PC configured at VLAN 20, the packet is forwarded to the default gateway of VLAN 10 i.e., Gi0/0. The router examines the destination address and sends out a packet to the Gi0/1 interface. A packet that travels to the fa0/2 port of the switch and finally reaches PC 2 i.e., PC configured with VLAN 20.
This method is effective but it has a drawback. Since each VLAN requires a different default gateway and hence different RE ports. It becomes a costly method. RE used to have a smaller number of ports. In our example, we had only three VLANs. What is an organization that has 10 different departments and requires 10 different VLANs?
Hence this solution is not scalable.
Router-on-a-Stick
As we saw in the case of the old Inter-Vlan routing method we require ports equal to the number of VLAN configured in a network but the router-on-the-stick method overcomes this drawback.
NOTE: In the case of the Router-on-a-stick method we only require one physical Ethernet interface.
But, how is it possible to enable it using a single port?
The router uses the concept of Sub-Interfaces, each associated with a specific VLAN. These Sub-Interfaces are assigned IP addresses, acting as the default gateways for devices in their respective VLANs. VLAN tagging (usually with 802.1Q) is employed to differentiate traffic from different VLANs as it passes through the single physical connection to the router. This router port is connected to the layer 2 switch trunk port.
When a packet tagged with a VLAN enters the router sub-interface, the router makes the routing decision based on the destination IP Address and then it determines the exit interface for that particular packet. Since the exit sub-interface is also configured as an 802.1Q sub-interface, the new VLAN is tagged at the data frames and forwarded accordingly.
This method is cost-effective since it requires only one physical router. However, it can also become a bottleneck if there is a significant amount of inter-VLAN traffic since all the traffic must pass through a single physical interface. Since it employs the use of a single physical interface, latency is also high. Also, if this physical interface goes down for any reason, an outage in a network can occur.
Switch Virtual Interface/ Use of Layer 3 Switch
A Layer 3 switch, also known as a multilayer switch, combines the features of a traditional network switch and a router. A layer 3 switch is also known as a multi-layer switch since it can operate on both layer 2 and layer 3. We can configure a switched virtual interface on a layer 3 switch.
it has VLAN interfaces configured for each VLAN and can route traffic between these VLANs using the physical interfaces connected to the switch.
Devices within each VLAN use the Layer 3 switch as their default gateway. DVI performs the same function for the VLAN as a router sub-interface does but it is much faster than it since it employs the same hardware for routing and switching. This method is also not limited to one link because the concept of EtherChannel can also be used between switches to increase the bandwidth. Latency is also lower in SVI.
This approach is efficient and provides high-speed inter VLAN routing because it eliminates the need for a separate physical router. The main disadvantage of using this method is the cost. Generally, Multi-Layer switches are expensive devices.
Also, the configuration for Multi-Layer switches is a little complex.
