[nsp] Routing through Management Vlan on 3750?

Deepak Jain deepak at ai.net
Tue Dec 16 15:51:47 EST 2003 

On a 3750,

g1/0/24 - g1/0/27 are L2 ports that bring traffic into the box over VLAN 1.

g1/0/28 is the uplink (no switchport, ip addr x.x.x.x)

There is a default route to the uplink on g1/0/28.

int vlan 1
has several ip addresses configured corresponding to all of the networks 
on g1/0/24-g1/0/27.

For numerous legacy reasons, the address allocations and port 
allocations don't easily correspond to discrete subnet masks.

No ip addresses are configured on loopback 0 or anywhere else.

Pinging/tracing from the 3750 to the rest of the internet is fine.

Pinging from the 3750 to any of the hosts on g1/0/24 - g1/0/27 seems 
fine, at HIGH packet rates, some packet loss is noted -- could be the 
server or it could be the config. But it leads to the question:

Is there a performance limitation on this configuration (by requiring 
VLAN 1 to do all of the routing between the interfaces and the rest of 
the internet). Peak aggregate traffic is > 1000Mb/s, typical traffic is 
around 300Mb/s right now.

There is a strange problem that appears occassionally, and is not 
predictable. The problem is the hosts are not able to trace through the 
router. Traces show the router IP at hop 1, and then stars from there 
onwards. Traces in from the internet work fine all the way to the host. 
TCP connections (telnet to the host) do not even connect, but work fine 
from the CPE router. This obviously causes the bulk of the problems.

I am _wondering_ if this is a broadcast problem as broadcasts might not 
be being re-sent down each interface, and since there is the legacy 
problem with the addressing, a simple broadcast helper might not cut it.

I don't want to configure a bridge group because the total traffic 
exceeds a single link, and Etherchannel doesn't work because each port 
goes to a different aggregation switch.

My understanding is that this configuration should work, while being 
less than optimal. Further, the configuration did work, but has recently 
begun showing issues for the customer, possibly correlating to an 
increase in traffic flows around the Holiday season.

Is there a big difference between VLAN 1 and one of the others? The 
example I saw on the Cisco web site showed VLAN 1 being disabled, so I 
don't know if the solution is that simple or its something more problematic.

Thanks in advance,

DJ

More information about the cisco-nsp mailing list