[c-nsp] Using switchport 802.1q for a point-to-point instead of routed /30

Mon Feb 8 21:42:47 EST 2010

Rick Kunkel wrote:
> Hello all...

> The connection between the two location is ethnernet, and the hardware 
> is (well, will be as soon as we upgrade out of a 7200) a 6509 on either 
> side, and I think it'd be pretty cool to run an 802.1q trunk between 
> them using 6509 switchports instead of routed ports.  However, I've got 
> some problems, or at least I'm having trouble wrapping my brain around 
> some things...
> 
> 1. In the interests of keeping things simple, is it a "bad" idea to use 
> an 802.1q trunk for backbone connectivity?

One thing to consider is contention for the link among the VLANs. 
You'll want some form of QoS and/or rate limiting to ensure that a 
particular VLAN can't choke the link.

> 2. I'd normally set up this kind of point-to-point link using a /30, 
> using interfaces in "routed" mode, and assigning the addresses to the 
> interfaces on each end of the link.  If using and 802.1q trunk with 
> interafaces in "switchport" mode, would it be advisable to use loopback 
> interfaces for these addresses instead?
> 
> 3.  I'm used to having the customer's gateway set on that Gigabit 
> subinterface, as above.  But if I want this customer to have their stuff 
> on the same VLAN in both locations, AFAIK, I should set switchport 
> access VLAN 80 on both their access ports.  I'm then stuck figuring out 
> where to put the gateway address for their IP space.  Again, would 
> loopback interfaces be good candidates for this?  Or perhaps a VLAN 
> interface, as weird as that seems to me?

A VLAN interface is what I would use here.  You're providing a layer 2 
connection between the two customer locations so their IP-layer 
addresses won't show up in your routing table at all.  The VLAN 
interface is needed as the gateway, with whatever subnet mask is 
appropriate for the customer's network needs.  See below for why this 
may not be a good idea.

> 4.  My motivation for doing any of this in the first place, as opposed 
> to a simple /30 point-to-point interface, is to allow customers to have 
> access to layer 2 across our network, whether it be for internal use or 
> for purchasing third-party connectivity.  Is it "acceptable" to use our 
> single point-to-point ethernet for this, or should I be using a separate 
> network for this entirely?

As a rule, a hybrid solution with layer 2 across the customer endpoints 
with a layer 3 gateway to the Internet on a VLAN interface doesn't scale 
very well.  If the customer wants their own firewall there are issues. 
It isn't unusual for them to have a lot of internal traffic (file 
server, etc.) with lower Internet needs.  Metering this for billing can 
be an issue.

What we usually do in this scenario is to provide a layer 2 VLAN bridge 
on one VLAN for the customer's internal network.  Then, on a separate 
VLAN, provide Internet access to one location.  The customer can then 
put their own NAT firewall between the two VLANs.

For scaling among more than two customer locations and cutting down 
broadcast noise, consider MPLS with a VRF per customer and offer them a 
private routed layer 3 network.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV