What is the default maximum for the number of vlans i can define per interface on sles 11sp2 and can i modify this default maximum to make it larger?
Thanks!
Hi sirsparc,
What is the default maximum for the number of vlans i can define per interface on sles 11sp2 and can i modify this default maximum to make it larger?
seems like you have already hit some limit - would you mind disclosing how many VLANs you’d like to be able to define and what error situation you came across? In the mean time, I’ll have a look at the code…
Regards,
Jens
Hi sirsparc,
btw, technically speaking the limit is “1” - AFAIK each “VLAN” is created as a separate interface, which is “hooked” to the physical interface. So the number is at least limited by the total number of interfaces your system can have… but I hopefully can provide more details once I dug through the code.
Regards,
Jens
Thanks.
I have an application going into a very large customer that has totally embraced 802.1q vlans. Instead of having static routes defined in the thousands of clients they will have across multiple subnets, they want to create a vlan per subnet so that no static route will have to be created for each client which will have 2 interfaces (one for general network access and one for my application). The question came up on the limitation of how many vlans i can define on a bonded pair of physical interfaces bond0.aaa-bond0.zzz. It seems that on some OSs, the limitation is 4096 but im not sure if that is a limit of 802.1q or just a limit of the particular situation that google came up with 
Knowing what suse 11sp2 would be of great help and is there a kernel parameter defining it?
Thanks!
Hi sirsparc,
while I came across no specific limit while scanning the kernel, I can confirm the “4096” limit - that architectural (the MAC-layer header fields allow for VLAN numbers from 0 to 4095) and cannot be changed.
I’m not sure what network design your customer is after, but usually you do not have 4000+ subnets in a single Ethernet switch domain, but closer to a 1 or (at max) 2-digit number. VLAN IDs need only be unique within a switch domain, so it is hopefully very hard to hit that limit with a reasonable network design 
If I understood your description right, they’d face one VLAN for “your subnet” (all clients have an interface in that subnet, so they can access the application host “directly”) and a limited number of VLANs, one per existing IP subnet. Every client then would need to know about two VLANs, your server about a single VLAN, and the router(s) about one VLAN per subnet… sounds feasible.
Regards,
Jens
The limit is 4096 because of the limits of Ethernet. Additional switches / network cores can allow an another 4096, but they would be separate and distinct networks.
BTW, this is ridiculously easy to test. Just instantiate interfaces for vlan 1-4095. There is no actual need to even have the vlans live on the netwprk interface to see if the kernel lets you do this. If you set up two test boxes with a crossover cable, you couls put all of them into a live test setup, bind distinct 10. networks to each.
Many moons ago I used to write NIC drivers. There may be internal constraints based on the drivers themselves, as the drivers may rely on hardware features to mask which vlanids are responded to. Obviously in a trunking situation you don;t want to generate interrupts, or buffer packets for VLANs you don’t care about. Some NIC implement this as a 4096-bit mask. Others as a list of tags. In the latter implementation, the tag lists are limited, so you may have issues trying to get the driver to allow that N’th vlanid.
With modern kernels, there is no limit, really, to the number of address aliases or sub interfaces. The limitations will come in with the driver authors not anticipating the need to support this, or support it “well.” So if this is a physical machine, you may need to find NICs which like this setup. Obviously if the customer is already doing this, they will already know what works.
You may also see higher memory footprint to support this many IP’s and interfaces. Plus your routing table will be enormous.
I have one box with all our vlans plumbed to it, about 120, it works. But you are upping that by potentially 40x…
– Bob
– Bob