[nsp] HSRP and VLANs

Wed Dec 17 10:25:06 EST 2003

Well, this is interesting - my previous comment about being able to use a
VIP that's in a different subnet than the physical interface addresses needs
a bit of clarification...

I based this statement on a tested configuration using Riverstone routers.
Here, you create IP software interfaces that are usually associated with a
physical port or VLAN.  You also create an IP interface that has no
association like this, which is typically used as a loopback address for
management.  With Riverstone, you can give an IP interface any text name you
like (not just loopback 0, fastethernet x/y, fe-x/y/z, etc.), and of course
you specify what IP address and mask you want for that IP interface.

Now when you define the VIP for VRRP, you add the name of the IP interface.
That's how you can do this using Riverstone.

I've had a quick look at IOS and JUNOS, and I can't immediately see a way of
achieving this, unless anyone else can shed any light on it?

Rob.

-----Original Message-----
From: Marco Matarazzo [mailto:marmata at libero.it] 
Sent: 17 December 2003 09:12
To: Robert Larsen; jlewis at lewis.org
Cc: cisco-nsp at puck.nether.net; Robert Larsen
Subject: Re: [nsp] HSRP and VLANs

> There's nothing that says the VIP has to be in the same subnet as the
> physical interface addresses, so yes, you can use RFC1918 addresses as the
> two physical interface addresses, and the VIP is then simply taken from
the
> customer's public assigned subnet.  This way you don't use any extra IP
> addresses from the customers public space.

Uhm... it seems interesting Robert, but I don't know how I could integrate
it in my current config... what I'm doing now is create subinterfaces for
each customer, with it's own IP space (say 80.80.80.80/28) and vlan. If I
assign RFC1918 address to the subinterface, how will packet coming from the
outside routed to 80.80.80.80/28 if the directly connected interface has no
ip address in that range? I cannot even assign a subnet mask to a VIP
address... I think I missed something here! :O

Thanks!
]\/[arco

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of jlewis at lewis.org
Sent: 16 December 2003 14:18
To: Marco Matarazzo
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] HSRP and VLANs

On Tue, 16 Dec 2003, Marco Matarazzo wrote:

> > As I understand it, you need at least 3 IPs to do HSRP for one
> > subnet or VLAN.  One IP for each physical interface on the router
> > and one virtual IP which becomes the host's default gateway.  By the
> > sounds of it, you may need to expand the subnets for each of those
> > 50 VLANs (if you have promised each customer in the vlan 6 or 14
> > usable IP addresses, depending) for each  .  I don't know if you can
> > do unnumbered HSRP.

I haven't tried this, but what if you put the real IPs in a different
subnet (maybe even RFC1918 IPs) and the standby IP in the customer's
subnet?

> Good point Jason! But I wonder how one can deliver a point to point
> connection (I also have a couple of BGP downstreams) with a  /30, and
> have redundancy... there should been something we missed! At least I
> hope so! :)

If you mean a PTP T1 or other similar connection, PTP implies there are
only 2 devices connected.  If you mean a vlan where you used a /30 to give
yourself (gateway) 1 IP, and the customer 1 IP, then maybe the above idea
would work.

Is there a limit (other than the number of VLANs a router can support) on
the number of standby IPs that can be configured?

----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/