A router on a stick, also known as a one-armed router,[1] [2] is a router that has a single physical or logical connection to a network. It is a method of inter-VLAN routing where one router is connected to a switch via a single cable. The router has physical connections to the broadcast domains where one or more VLANs require the need for routing between them.
Devices on separate VLANs or in a typical local area network are unable to communicate with each other. Therefore, it is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.
One-armed routers that perform traffic forwarding are often implemented on VLANs. They use a single Ethernet network interface port that is part of two or more Virtual LANs, enabling them to be joined. A VLAN allows multiple virtual LANs to coexist on the same physical LAN. This means that two machines attached to the same switch cannot send Ethernet frames to each other even though they pass over the same wires. If they need to communicate, then a router must be placed between the two VLANs to forward packets, just as if the two LANs were physically isolated. The only difference is that the router in question may contain only a single Ethernet network interface controller (NIC) that is part of both VLANs. Hence, "one-armed". While uncommon, hosts on the same physical medium may be assigned with addresses and to different networks. A one-armed router could be assigned addresses for each network and be used to forward traffic between locally distinct networks and to remote networks through another gateway.
One-armed routers are also used for administration purposes such as route collection, multi hop relay and looking glass servers.
All traffic goes over the trunk twice, so the theoretical maximum sum of up and download speed is the line rate. For a two-armed configuration, uploading does not need to impact download performance significantly. Furthermore, performance may be worse than these limits, such as in the case of half-duplexing and other system limitations.
Cases where this setup is used can be found in servers dedicated for prints, files or for segmenting different departments. An example of router on a stick usage is found in Call Manager Express installation, when the Voice over IP network and Cisco IP phone devices have a need to split.[3] Enterprise networks implement this method of separating servers to prevent all users from ‘having equal access privilege to resources’.[4]
As the network is separated virtually, the router does not need to be placed adjacent to the devices, rather is it placed to the side in the network topology. The router is connected to the switch by a single cable. Therefore, giving the eponymous ‘stick’ formation. In some institutions, the abbreviation RoaS or ROAS is used instead of router on a stick.[5]
Router on a stick relies on one Ethernet link that is configured as IEEE 802.1Q trunk link.[6] The trunk is where data flows for the VLANs.
Networks that utilise router on a stick benefit from only requiring one LAN connection to be used for multiple VLANs, i.e. the number of VLANs are not limited by the number of LAN ports available. Separation of network connections do not respond to the physical location of the ports on the router. Thus, this removes the need for multiple cable and wiring management.
As VLANs are segmented, it reduces the amount of traffic flow through a connection. By separating VLANs, it provides enhanced network security. Network administrators have direct control over multiple broadcast domains. In the event of a malicious user attempting to access any switch port, they will have limited access to the network. The segmentation assists in restricting sensitive traffic that flows within an enterprise.
Certain cases where workgroups are to be created. Users requiring high level of security can be isolated from other networks. Those outside of the VLANs cannot communicate, therefore departments are made independent from each other. Also third party users cannot access the network easily. Networks via router on a stick are independent from their physical locations, therefore sensitive data can be handled without compromise and with ease. Changes to networks like adding or removing a broadcast domain is achievable by assigning hosts to the appropriate VLANs. Broadcasts of networks can be managed by multiple hosts, controlled by implementing as many VLANs as required. Therefore, this increases the number of networks while simultaneously decreasing their size.
Implementation of this setup only requires one router.
Compared to the alternative of using L3 (Layer 3 switching), the trunk may become a source of congestion as traffic from all VLANs must flow through the trunk link. Modern networks utilise L3 switches that provide greater bandwidth output and functionality. Bottleneck can be mitigated if the single interface is combined with other interfaces via link aggregation.
If the router fails, there is no backup and that may become the bottleneck in the network, effectively making all inter-VLAN communication impossible. Moreover, since all VLANs must traverse one router, there is a great potential in insufficient bandwidth provided for all network connections.
Before implementing inter-VLAN routing into the network, it requires additional configuration and virtual implementation. Additional latency may be induced when connecting the switch to the router.