I am going to try and explain this the best I can here....
If I have lets say 3 locations, a central location with a datacenter and 2 remote locations over 1gig fiber to the datacenter. The central location has clients and servers on vlan 1. The main location has a layer 3 switch that has layer 3 interfaces back to the remote locations. All clients at remote locations are also on vlan 1. The internet is also accessed through the central location as well. There is a layer 3 interface from the main location layer 3 switch to the firewall.
Now when clients at the remote location access server resources, there traffic comes over the WAN and then is essentially part of VLAN 1 at the main location? Is that correct? What about their internet traffic? They request the internet, it comes over the WAN, it doesn't match any route in the main site layer 3 switch so that switch will just hand it off to its default gateway (the Firewall), correct? So that traffic that needs to hit the internet will not hit VLAN 1, but traffic needing server resources will.
I think you're on the right track if I'm reading your configuration correctly. Are you trunking VLANs between remote sites and the main/central site? If not, the VLANs are of local significance only. Internet traffic (or any traffic for which the "main site switch" does not have a specific route) would be handed off to the default gateway.
Not trunking to remote sites. Layer 3 interfaces from remote sites to main site. So vlans are locally significant. But when traffic from a remote site needs to access a server on VLAN 1 at the main site...all that remote traffic becomes VLAN 1 at the main site in the end correct?
Conwyn, if you have L3 devices between them, that is not a large L2 LAN at all. That is two LANs on either side of a L3 link. That means at least 2 broadcast domains, etc.
Hollywood, if you have L3 paths between the clients at the remote sites all the way to the firewall interface headed to the internet, and the routing takes them straight up that path, they will not be assigned to VLAN1 at the main site.
The L3 switch receives routed packets from the WAN, and then it delivers the packet according to the routing table. If the destination ip address of the packet matches a "connected" route (e.g. "interface vlan 1"), then the packet is shoveled out (vlan 1) to the destination MAC address found in the ARP table. Otherwise, the packet is forwarded to the next-hop ip address specified in the matching route.
So packets coming from remote sites will only traverse vlan 1 if the destination ip address belongs on vlan 1. Packet delivery from one routed interface to another routed interface does not involve any vlan at all.
I have argued with some (CCNA level) people who claim that such traffic actually traverses vlan 1. In spite of the fact that they could not prove it, they maintained their assertion against all sorts of compelling arguments. The whole basis for their tenacity on this issue is based on the belief that all packets in a L3 switch must be associated with a vlan, and vlan 1 is the default vlan. But there is no technical reason why a routed packet must be associated with any vlan. I have setup a port monitor of vlan 1 and captured traffic, but I never saw any routed packets -- only packets that actually belong to vlan 1.
So unless somebody knows of special cases where packets forwarded by an L3 switch from one routed interface to another routed interface are actually visible on vlan 1, I have to say that those individuals who claim that such packets actually traverse vlan 1 are profoundly misguided.
Does any part of this rant actually help?
It does. So my question is....what is the bandwidth or speed of a vlan? The reason I ask is let's say that the 2 remote locations is actually 50, that's a lot of traffic that will transverse vlan 1.
VLANs do not have a "speed", per se, you are constrained by the speed of links it traverses, the backplane capacity of the devices you are going across. That is like saying an IP subnet has a speed, if you catch the comparison.
Whether you have 2 or 50 remote sites probably won't make as much difference to the vlan 1 on the "main switch" in this instance as it would to the main switch itself or the server that all of those sites are accessing. Remember that the vlan is simply segregating ports on the switch. Regardless of whether or not the vlan is there, the switch is still going to exhibit switching behavior...meaning if it has a mapping of the destination MAC and port, it will switch the traffic directly to that port. Broadcast traffic would be flooded, but you already noted that your remote sites are interconnected to the main via L3 links (hence separate broadcast domains).
Assuming your hardware is relatively new your likely bottleneck will be the links connecting the remote sites to main site (as Travis noted), or the link to the server (or server itself) if everyone decides to hammer it first thing in the morning to download their music.
ok, I am curious. Do you ever monitor the utilization of your 1 gig wan links? I have a similar setup and really. Those links are gonna last me a while.
Well we have solarwinds so I can....never really thought about it till we had this mass amounts of video hit the network. So I am going to be doing this soon. I would love to get netflow for my network too, but kind of expensive.