I’m looking for advice on how to reduce trunk traffic on the below diagram.
I have the below setup as in the attachment: two VLANs (1, 2), one network block (172.27.0.0/16) divided into two subnets (DMZ: 172.27.0.0/18 for VLAN 1, office: 172.27.64.0/18 for VLAN 2), two routers (hEX, RB with WiFi) interconnected with a trunk link.
In this set up what’s the easiest way to avoid the red path? That is happening when one “office pc” on hEX transferring data from a “DMZ server” on the very same hEX, the data has to travel through RB, as acts the gateway between the two subnets, so the data passes through the trunk back and forth twice unnecessarily.
IMO of course hEX should also route IP, instead of just being a switch, but how? Shall I subdivide both subnets into two halves and run DHCP on both routers serving IPs from their own half-pool, and route the other half to the opposite side of the net? It seems like a lot of extra config, is there a more elegant solution?
Only single router should be routing between both VLANs. RB4011 is a beast of a router compared to hEX. So I’d setup all routing on RB4011 and use hEX as switch. However: actual hEX (RB750Gr3) doesn’t HW offload switching VLANs, so it would make a mediocre switch in your case. You should look for a switch properly supporting VLANs in hardware.
And a suggestion: don’t use VLAN ID 1. It is used as implicit default value all over and can mess config royally if one is not extra careful.
I think wasn’t specific enough, sorry about that, I’m looking for a way to reduce trunk traffic at that specific case (office PC .204 downloads stuff from .110 server) as I’m getting mediocre transfer speeds in the case marked with the red path. I know hEX is weak, but certainly looping through the traffic on RB unnecessarily doesn’t help.
I suspected this, thank you for the confirmation, I had to cook what I had in hand, I bought the hEX back then as my entry to the MikroTik world, and it’s still kickin really good. I’ll replace it, but maybe it has to route as well, as my main goal is to reduce unnecessary traffic on the trunk.
Thank you, in the actual setup I used 10 and 20, I updated the diagram.
Thanks for this, indeed it has a lot of useful info about configuring VLANs, but I have this setup below working already, I’m just looking for a way to reduce trunk traffic in this specific case, maybe I wasn’t clear enough in the original question. Or that referred topic has already info on that, I skimmed trough it, maybe I just missed it.
As I wrote, only one router can route between both VLANs (well, multiple can, but that can cause all sort of routing loops if not done carefully). You can move this task from RB4011 to hEX if majority of traffic between both VLANs doesn’t pass RB4011. If you can’t (or don’t want to) configure client machines with static routes towards the IP subnet services by the other VLAN, then you would have to move one of VLANs (probably VLAN20) to be serviced only by hEX, you would configure RB4011 to use hEX as gateway towards that subnet. Then traffic from VLAN10 devices, connected to RB4011, would still be subject to routing triangle (which might upset firewall on RB4011 if the configuration was not adjusted very carefully).
There are some other minor details which would help with proper shaping of traffic flow. But anyway, the situation is not exactly simple.
Thanks for your response, that’s exactly what I wanted to hear, a second opinion, either there is an easy way to do it I’m not aware of, or at least a confirmation that there is no easy way.
