When *not* to create a SVI for a L2 VLAN?
When creating VLANs for just L2 on a switch -- routing will be handled by a device within that VLAN such as a load-balancer -- it isn't necessary to create the vlan interface. As a matter of habit, I always create the interface anyway-- no IP address - so I get all the interface bits and packet stats in "sh interface".
Are there any negatives to what I think is a best practice to just create the L2 interface?
When do you create or not create the interface for a L2 VLAN?
I am looking for answers that discuss only L2 VLANs, not the merits and use cases for L3 VLAN SVIs.
Cisco reports a L2 interface as EtherSVI on my 6500 -- no IP address. Is it correct or incorrect to still think of a L2 interface as an SVI though the we all know the usual use-case is to have an IP address for routing? The question is only about whether or not I should have this L2 interface in the first place. You can see only the L2 counters are incremented, but still giving some value.
s-oc4-n2-agg1#sh int vl281 Vlan281 is up, line protocol is up Hardware is EtherSVI, address is 0019.a925.2000 (bia 0019.a925.2000) Description: svi.SLB-FE-Web-Servers MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:02, output 00:00:10, output hang never Last clearing of "show interface" counters 1d12h Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec L2 Switched: ucast: 1138722618 pkt, 1070173012274 bytes - mcast: 76471 pkt, 8482399 bytes L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes 74604 packets input, 8350307 bytes, 0 no buffer Received 74604 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 218 packets output, 17658 bytes, 0 underruns 0 output errors, 0 interface resets 0 output buffer failures, 0 output buffers swapped out
I know most everyone considers that an SVI means we have a interface with an IP address. A L2 interface is still reported as an SVI by Cisco (EtherSVI). Am I wrong to use the term SVI for both L3 and L2 interfaces?
Why do you create the L2 SVI in the first place (out of curiosity)? If this device doesn't have a L3 interface in this VLAN, where do the stats in your `sh int vl281` command output above come from? Has this device in your question processed `74604` Ethernet frames across all layer 2 ports in the VLAN then? What can you tell from that output? I am assuming you create these L2 SVIs for statistic gathering and debugging/troubleshooting. Do you create them for use with pseudowires, briding and xconnects instead then?
I primarily create L2 SVIs for statistical reporting (though limited as it is) and visibility on the switch as well as for a SNMP interface walk for Cacti (RRDTool graphs). The 74604 packets under L3 are just broadcasts shown by the next line "Received 74604 broadcasts". No other reason to create them except for comfort in having all interfaces defined whether L2 or L3.
You might not want to make a L2 SVI if you use VTP pruning. If pruning is on, an unused VLAN will be pruned from the trunk, resulting in less unnecessary broadcast/flooding traffic. However, creating an SVI, creates an "active" interface on your switch. A quick check in GNS3 gives the following:
R1#show vlan-switch VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa1/1, Fa1/2, Fa1/3, Fa1/4 Fa1/5, Fa1/6, Fa1/7, Fa1/8 Fa1/9, Fa1/10, Fa1/11, Fa1/12 Fa1/13, Fa1/14, Fa1/15 3 VLAN0003 active 4 VLAN0004 active [output omitted] R1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa1/0 on 802.1q trunking 1 Port Vlans allowed on trunk Fa1/0 1-4094 Port Vlans allowed and active in management domain Fa1/0 1,3-4 Port Vlans in spanning tree forwarding state and not pruned Fa1/0 1
Now, if I go to R2, connected to Fa1/0 and type
R2(config)#int vlan 3, we will see the following:
R2#show run interface vlan 3 Building configuration... Current configuration : 38 bytes ! interface Vlan3 no ip address end R2#show run | include vlan 3 R2#
As you can see, no interfaces in VLAN 3, except the SVI. And back on R1:
R1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa1/0 on 802.1q trunking 1 Port Vlans allowed on trunk Fa1/0 1-4094 Port Vlans allowed and active in management domain Fa1/0 1,3-4 Port Vlans in spanning tree forwarding state and not pruned Fa1/0 1,3
As you can see, VLAN 3 just came up on the trunk, adding to the traffic levels on your trunks.