When *not* to create a SVI for a L2 VLAN?

  • When creating VLANs for just L2 on a switch -- routing will be handled by a device within that VLAN such as a load-balancer -- it isn't necessary to create the vlan interface. As a matter of habit, I always create the interface anyway-- no IP address - so I get all the interface bits and packet stats in "sh interface".

    Are there any negatives to what I think is a best practice to just create the L2 interface?

    When do you create or not create the interface for a L2 VLAN?

    I am looking for answers that discuss only L2 VLANs, not the merits and use cases for L3 VLAN SVIs.

    Cisco reports a L2 interface as EtherSVI on my 6500 -- no IP address. Is it correct or incorrect to still think of a L2 interface as an SVI though the we all know the usual use-case is to have an IP address for routing? The question is only about whether or not I should have this L2 interface in the first place. You can see only the L2 counters are incremented, but still giving some value.

    s-oc4-n2-agg1#sh int vl281
    Vlan281 is up, line protocol is up
      Hardware is EtherSVI, address is 0019.a925.2000 (bia 0019.a925.2000)
      Description: svi.SLB-FE-Web-Servers
      MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive not supported
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:02, output 00:00:10, output hang never
      Last clearing of "show interface" counters 1d12h
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
      L2 Switched: ucast: 1138722618 pkt, 1070173012274 bytes - mcast: 76471 pkt, 8482399 bytes
      L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
      L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
         74604 packets input, 8350307 bytes, 0 no buffer
         Received 74604 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         218 packets output, 17658 bytes, 0 underruns
         0 output errors, 0 interface resets
         0 output buffer failures, 0 output buffers swapped out
    

    I know most everyone considers that an SVI means we have a interface with an IP address. A L2 interface is still reported as an SVI by Cisco (EtherSVI). Am I wrong to use the term SVI for both L3 and L2 interfaces?

    Why do you create the L2 SVI in the first place (out of curiosity)? If this device doesn't have a L3 interface in this VLAN, where do the stats in your `sh int vl281` command output above come from? Has this device in your question processed `74604` Ethernet frames across all layer 2 ports in the VLAN then? What can you tell from that output? I am assuming you create these L2 SVIs for statistic gathering and debugging/troubleshooting. Do you create them for use with pseudowires, briding and xconnects instead then?

    I primarily create L2 SVIs for statistical reporting (though limited as it is) and visibility on the switch as well as for a SNMP interface walk for Cacti (RRDTool graphs). The 74604 packets under L3 are just broadcasts shown by the next line "Received 74604 broadcasts". No other reason to create them except for comfort in having all interfaces defined whether L2 or L3.

  • JelmerS

    JelmerS Correct answer

    9 years ago

    You might not want to make a L2 SVI if you use VTP pruning. If pruning is on, an unused VLAN will be pruned from the trunk, resulting in less unnecessary broadcast/flooding traffic. However, creating an SVI, creates an "active" interface on your switch. A quick check in GNS3 gives the following:

    R1#show vlan-switch
    
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    Fa1/1, Fa1/2, Fa1/3, Fa1/4
                                                    Fa1/5, Fa1/6, Fa1/7, Fa1/8
                                                    Fa1/9, Fa1/10, Fa1/11, Fa1/12
                                                    Fa1/13, Fa1/14, Fa1/15
    3    VLAN0003                         active
    4    VLAN0004                         active
    [output omitted]
    
    R1#show interfaces trunk
    
    Port      Mode         Encapsulation  Status        Native vlan
    Fa1/0     on           802.1q         trunking      1
    
    Port      Vlans allowed on trunk
    Fa1/0     1-4094
    
    Port      Vlans allowed and active in management domain
    Fa1/0     1,3-4
    
    Port      Vlans in spanning tree forwarding state and not pruned
    Fa1/0     1
    

    Now, if I go to R2, connected to Fa1/0 and type R2(config)#int vlan 3, we will see the following:

    R2#show run interface vlan 3
    Building configuration...
    
    Current configuration : 38 bytes
    !
    interface Vlan3
     no ip address
    end
    R2#show run | include vlan 3
    R2#
    

    As you can see, no interfaces in VLAN 3, except the SVI. And back on R1:

    R1#show interfaces trunk
    
    Port      Mode         Encapsulation  Status        Native vlan
    Fa1/0     on           802.1q         trunking      1
    
    Port      Vlans allowed on trunk
    Fa1/0     1-4094
    
    Port      Vlans allowed and active in management domain
    Fa1/0     1,3-4
    
    Port      Vlans in spanning tree forwarding state and not pruned
    Fa1/0     1,3
    

    As you can see, VLAN 3 just came up on the trunk, adding to the traffic levels on your trunks.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used