Router on a stick

Last updated
Router R1 is a one-armed router carrying out inter-VLAN routing. Nomin.png
Router R1 is a one-armed router carrying out inter-VLAN routing.

A router on a stick, also known as a one-armed router, [1] [2] is a router that has a single physical or logical connection to a network. It is a method of inter-VLAN routing where one router is connected to a switch via a single cable. The router has physical connections to the broadcast domains where one or more VLANs require the need for routing between them.

Contents

Devices on separate VLANs or in a typical local area network are unable to communicate with each other. Therefore, it is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.

Details

A simplified diagram of how the router on a stick works. Router on a stick concept.png
A simplified diagram of how the router on a stick works.

One-armed routers that perform traffic forwarding are often implemented on VLANs. They use a single Ethernet network interface port that is part of two or more Virtual LANs, enabling them to be joined. A VLAN allows multiple virtual LANs to coexist on the same physical LAN. This means that two machines attached to the same switch cannot send Ethernet frames to each other even though they pass over the same wires. If they need to communicate, then a router must be placed between the two VLANs to forward packets, just as if the two LANs were physically isolated. The only difference is that the router in question may contain only a single Ethernet network interface controller (NIC) that is part of both VLANs. Hence, "one-armed". While uncommon, hosts on the same physical medium may be assigned with addresses and to different networks. A one-armed router could be assigned addresses for each network and be used to forward traffic between locally distinct networks and to remote networks through another gateway.

One-armed routers are also used for administration purposes such as route collection, multi hop relay and looking glass servers.

All traffic goes over the trunk twice, so the theoretical maximum sum of up and download speed is the line rate. For a two-armed configuration, uploading does not need to impact download performance significantly. Furthermore, performance may be worse than these limits, such as in the case of half-duplexing and other system limitations.

Applications

Cases where this setup is used can be found in servers dedicated for prints, files or for segmenting different departments. An example of router on a stick usage is found in Call Manager Express installation, when the Voice over IP network and Cisco IP phone devices have a need to split. [3] Enterprise networks implement this method of separating servers to prevent all users from ‘having equal access privilege to resources’. [4]

Naming

As the network is separated virtually, the router does not need to be placed adjacent to the devices, rather is it placed to the side in the network topology. The router is connected to the switch by a single cable. Therefore, giving the eponymous ‘stick’ formation. In some institutions, the abbreviation RoaS or ROAS is used instead of router on a stick. [5]

Protocol and design

Router on a stick relies on one Ethernet link that is configured as IEEE 802.1Q trunk link. [6] The trunk is where data flows for the VLANs.

Advantages

Networks that utilise router on a stick benefit from only requiring one LAN connection to be used for multiple VLANs, i.e. the number of VLANs are not limited by the number of LAN ports available. Separation of network connections do not respond to the physical location of the ports on the router. Thus, this removes the need for multiple cable and wiring management.

As VLANs are segmented, it reduces the amount of traffic flow through a connection. By separating VLANs, it provides enhanced network security. Network administrators have direct control over multiple broadcast domains. In the event of a malicious user attempting to access any switch port, they will have limited access to the network. The segmentation assists in restricting sensitive traffic that flows within an enterprise.[ citation needed ]

Certain cases where workgroups are to be created. Users requiring high level of security can be isolated from other networks. Those outside of the VLANs cannot communicate, therefore departments are made independent from each other. Also third party users cannot access the network easily.[ citation needed ] Networks via router on a stick are independent from their physical locations, therefore sensitive data can be handled without compromise and with ease.

Changes to networks like adding or removing a broadcast domain is achievable by assigning hosts to the appropriate VLANs. Broadcasts of networks can be managed by multiple hosts, controlled by implementing as many VLANs as required. Therefore, this increases the number of networks while simultaneously decreasing their size.

Implementation of this setup only requires one router.

Disadvantages

Compared to the alternative of using L3 (Layer 3 switching), the trunk may become a source of congestion as traffic from all VLANs must flow through the trunk link. Modern networks utilise L3 switches that provide greater bandwidth output and functionality. [1] Bottleneck can be mitigated if the single interface is combined with other interfaces via link aggregation. [1]

If the router fails, there is no backup and that may become the bottleneck in the network, effectively making all inter-VLAN communication impossible. Moreover, since all VLANs must traverse one router, there is a great potential in insufficient bandwidth provided for all network connections.

Before implementing inter-VLAN routing into the network, it requires additional configuration and virtual implementation.[ citation needed ] Additional latency may be induced when connecting the switch to the router.

See also

Related Research Articles

A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments.

A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device.

Proxy ARP is a technique by which a proxy server on a given network answers the Address Resolution Protocol (ARP) queries for an IP address that is not on that network. The proxy is aware of the location of the traffic's destination and offers its own MAC address as the destination. The traffic directed to the proxy address is then typically routed by the proxy to the intended destination via another interface or via a tunnel.

The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include backup links providing fault tolerance if an active link fails.

A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

A multilayer switch (MLS) is a computer networking device that switches on OSI layer 2 like an ordinary network switch and provides extra functions on higher OSI layers. The MLS was invented by engineers at Digital Equipment Corporation.

<span class="mw-page-title-main">DSLAM</span> Network device that connects DSL interfaces to a digital communications channel

A digital subscriber line access multiplexer is a network device, often located in telephone exchanges, that connects multiple customer digital subscriber line (DSL) interfaces to a high-speed digital communications channel using multiplexing techniques. Its cable internet (DOCSIS) counterpart is the cable modem termination system.

In telecommunications, trunking is a technology for providing network access to multiple clients simultaneously by sharing a set of circuits, carriers, channels, or frequencies, instead of providing individual circuits or channels for each client. This is reminiscent to the structure of a tree with one trunk and many branches. Trunking in telecommunication originated in telegraphy, and later in telephone systems where a trunk line is a communications channel between telephone exchanges.

<span class="mw-page-title-main">Link aggregation</span> Using multiple network connections in parallel to increase capacity and reliability

In computer networking, link aggregation is the combining of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports.

<span class="mw-page-title-main">EtherChannel</span> Computer networking link aggregation technology

EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast, Gigabit or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.

Cisco Inter-Switch Link (ISL) is a Cisco proprietary link layer protocol that maintains VLAN information in Ethernet frames as traffic flows between switches and routers, or switches and switches. ISL is Cisco's VLAN encapsulation protocol and is supported only on some Cisco equipment over the Fast and Gigabit Ethernet links. It is offered as an alternative to the IEEE 802.1Q standard, a widely used VLAN tagging protocol, although the use of ISL for new sites is deprecated by Cisco.

The Multiple Spanning Tree Protocol (MSTP) and algorithm, provides both simple and full connectivity assigned to any given virtual LAN (VLAN) throughout a bridged local area network. MSTP uses bridge protocol data unit (BPDUs) to exchange information between spanning-tree compatible devices, to prevent loops in each Multiple Spanning Tree instance (MSTI) and in the common and internal spanning tree (CIST), by selecting active and blocked paths. This is done as well as in Spanning Tree Protocol (STP) without the need of manually enabling backup links and getting rid of switching loop danger.

A switch virtual interface (SVI) represents a logical layer-3 interface on a switch.

<span class="mw-page-title-main">Out-of-band management</span> Management of networking equipment

In systems management, out-of-band management is a process for accessing and managing devices and infrastructure at remote locations through a separate management plane from the production network. OOB allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on or whether an OS is installed or functional. It is contrasted to in-band management which requires the managed systems to be powered on and available over their operating system's networking facilities.

<span class="mw-page-title-main">Private VLAN</span> Computer network security technique

Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given uplink. The restricted ports are called private ports. Each private VLAN typically contains many private ports, and a single uplink. The uplink will typically be a port connected to a router, firewall, server, provider network, or similar central resource.

VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN hopping: switch spoofing and double tagging. Both attack vectors can be mitigated with proper switch port configuration.

Data center bridging (DCB) is a set of enhancements to the Ethernet local area network communication protocol for use in data center environments, in particular for use with clustering and storage area networks.

IEEE 802.1ad is an amendment to the IEEE 802.1Q-1998 networking standard which adds support for provider bridges. It was incorporated into the base 802.1Q standard in 2011. The technique specified by the standard is known informally as stacked VLANs or QinQ.

Virtual Link Trunking (VLT) is a name that has been used for at least two proprietary network protocols. A link aggregation protocol developed by Force10 and an early VLAN tagging capability from 3Com.

References

  1. 1 2 3 Jensen, Bjorn (11 July 2019). "For Networking Geeks Only: Why Router-on-a-Stick is Good". CEPRO. Cepro. Retrieved 20 November 2020.
  2. "How To Achieve Router-On-A-Stick Routing Between VLANs On Allied Telesis Routers" (PDF). Retrieved 20 November 2020.
  3. Wallace, Kevin. "Learning Path: CCNA Routing and Switching 200-125, 1/e". O'Reilly | Safari. Pearson IT Certification. Retrieved 20 November 2020.
  4. "Router-on-a-Stick Inter-VLAN Routing (4.2) > Inter-VLAN Routing | Cisco Press". www.ciscopress.com. Cisco Networking Academy. Retrieved 2 November 2020.
  5. Odom, Wendell. "IP Routing in the LAN". Cisco Press. Cisco Press. Retrieved 2 November 2020.
  6. "Configuring InterVLAN Routing and ISL/802.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using an External Router". Cisco. Cisco. Retrieved 2 November 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.