[nsp] Best Practice for Secondary IP addresses on interfaces
Brian R. Watters
brwatters at abs-internet.com
Sun Jan 19 08:48:18 EST 2003
Jon,
Thanks for the info .. You seem to confirm my thoughts as well .. No
real routing needed in these installs as these are all directly
connected and thus no hops out .. What we would like to do is take two
10/100 ports on the 7206 and bond them via a VLAN and of course drop
them onto a CAT and from there distribute the connections out to the
WWW/Email servers .. This box does handle as well three FULL views of
BGP via ATM and Serial connections so that's where our aggregation takes
place thus needs for routing ..
So that I understand .. If we are just using TCP/IP should we make a
VLAN for each secondary IP or just one large VLAN for the whole
interface and then just bind each IP address to the VLAN? ..
Brian
-----Original Message-----
From: Jon Allen Boone [mailto:ipmonger at delamancha.org]
Sent: Sunday, January 19, 2003 12:02 AM
To: brwatters at abs-internet.com
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] Best Practice for Secondary IP addresses on
interfaces
On Sunday, Jan 19, 2003, at 01:49 US/Eastern, Brian R. Watters wrote:
> We have a few routers (7206's) which interface via ethernet 100 and
> CAT2924 and Extreme 24 port switches .. What we would like is to get
> some real world (From an ISP's) perspective on just what the best
> practice is for routing block's of IP space out to CAT switches ..
> Secondary IP addresses on eth interfaces or VLAN's? Good or bad for
> both .. In some cases we have 5 to 6 class C IP blocks being routed
> out over eth interfaces .. Any insight or direction would be great!
>
VLANs are a good idea, especially if you want to use OSPF/IS-IS routing
protocols. For example, you can determine which OSPF area an interface
is to be put in based on it's primary address, but *not* based on it's
secondary addresse(s).
Another consideration is that choosing to not use VLANs means that all
devices on that Ethernet will be in the same broadcast domain - which
could be a potential problem if you have to support legacy protocols
that are notoriously "chatty" [i.e. AppleTalk or Novel IPX].
I tend to prefer separate VLANs to the use of secondaries where it's
practical to do so.
--jon
CCIE #8338
---
[Scanned for viruses with safE-Mail by American Broadband Services]
[To scan your company's email contact ABS info at abs-internet.com]
---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Brian R. Watters (brwatters at abs-internet.com).vcf
Type: text/x-vcard
Size: 523 bytes
Desc: not available
Url : http://puck.nether.net/pipermail/cisco-nsp/attachments/20030119/b388d0a4/BrianR.Wattersbrwattersabs-internet.com.vcf
More information about the cisco-nsp
mailing list