I deserve whatever ribbing I get from this confession. In fact, I think dear Pixy might get the biggest laugh out of this.
Stand back children, and remember that I'm a professional:
You can't route on-subnet. You just can't.
I just spent an hour trying.
It was beautifully subnetted. Three VLANs! Static routes! A drawn topology, doncha know!
My private networks were going through the firewall, getting NAT'ed, and going out to the gateway. I was hitting the internet. It was beautiful.
But the VLAN with the public address, which had a corresponding interface on the firewall, and then another on the gateway router wasn't going anywhere.
I actually spent time troubleshooting this.
Then another engineer walked up, "Emperor, meet nudie beach."
I'm hiding in my pod, now.