[nsp] Best Practice for Secondary IP addresses on interfaces

Pylko, Eric EPylko at frontrunnernetworks.com
Sun Jan 19 21:38:17 EST 2003 

Unless you're doing something with the subnet masks, all traffic is going
through the router now to be routed.

Since this is the NSP list and the question was asked from an ISP
perspective, my bet would be that:

1. Changing subnet masks for everyone isn't viable
2. putting static routes on end devices isn't viable either

-Eric

--
Eric Pylko
Systems Engineer
CCIE #5827

-----Original Message-----
From: Dmitri Kalintsev [mailto:dek at hades.uz]
Sent: Sunday, January 19, 2003 8:49 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [nsp] Best Practice for Secondary IP addresses on
interfaces


Um, just don't forget that all inter-VLAN traffic will have to go in to the
router and back out (unless your switch can use your router as MLS RP). If
your router is like to be a choke-point and your switch is not MLS-capable,
you may want to still go with multiple IP ranges on the interface, enable
"ip route-cache same-interface" on it and install static routes on your
hosts in different subnets, telling them that other range(s) are in fact on
their directly connected interface (this can also be achieved by configuring
secondary IP addresses from different subnets on your hosts interfaces, but
this leads to waste of IP address space).

On Sun, Jan 19, 2003 at 07:27:59PM -0500, Brian Wallingford wrote:
> On Sun, 19 Jan 2003, Jon Allen Boone wrote:
> :On Sunday, Jan 19, 2003, at 01:49 US/Eastern, Brian R. Watters wrote:
> :> We have a few routers (7206's) which interface via ethernet 100 and
> :> CAT2924 and Extreme 24 port switches .. What we would like is to get
> :> some real world (From an ISP's) perspective on just what the best
> :> practice is for routing block's of IP space out to CAT switches ..
> :> Secondary IP addresses on eth interfaces or VLAN's? Good or bad for 
> :> both
> :> .. In some cases we have 5 to 6 class C IP blocks being routed out over
> :> eth interfaces .. Any insight or direction would be great!
> :VLANs are a good idea, especially if you want to use OSPF/IS-IS routing 
> :protocols.  For example, you can determine which OSPF area an interface 
> :is to be put in based on it's primary address, but *not* based on it's 
> :secondary addresse(s).
> I wholeheartedly agree.  Use of VLANs also provides more flexibility wrt
> ACLs and IGPs (i.e., you can do a passive-interface fX/Y.NNN, while
> allowing others to announce routing info).
---end quoted text---

SY,
-- 
 CCNP, CCDP (R&S)                          Dmitri E. Kalintsev
 CDPlayer at irc               Network Architect @ connect.com.au
 dek @ connect.com.au    phone: +61 3 8687 5954 fax: 8414 3115
 http://-UNAVAIL-         UIN:7150410    cell: +61 414 821 382

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list