[nsp] Best Practice for Secondary IP addresses on interfaces
Dmitri Kalintsev
dek at hades.uz
Mon Jan 20 12:49:12 EST 2003
Um, just don't forget that all inter-VLAN traffic will have to go in to the
router and back out (unless your switch can use your router as MLS RP). If
your router is like to be a choke-point and your switch is not MLS-capable,
you may want to still go with multiple IP ranges on the interface, enable
"ip route-cache same-interface" on it and install static routes on your
hosts in different subnets, telling them that other range(s) are in fact on
their directly connected interface (this can also be achieved by configuring
secondary IP addresses from different subnets on your hosts interfaces, but
this leads to waste of IP address space).
On Sun, Jan 19, 2003 at 07:27:59PM -0500, Brian Wallingford wrote:
> On Sun, 19 Jan 2003, Jon Allen Boone wrote:
> :On Sunday, Jan 19, 2003, at 01:49 US/Eastern, Brian R. Watters wrote:
> :> We have a few routers (7206's) which interface via ethernet 100 and
> :> CAT2924 and Extreme 24 port switches .. What we would like is to get
> :> some real world (From an ISP's) perspective on just what the best
> :> practice is for routing block's of IP space out to CAT switches ..
> :> Secondary IP addresses on eth interfaces or VLAN's? Good or bad for
> :> both
> :> .. In some cases we have 5 to 6 class C IP blocks being routed out over
> :> eth interfaces .. Any insight or direction would be great!
> :VLANs are a good idea, especially if you want to use OSPF/IS-IS routing
> :protocols. For example, you can determine which OSPF area an interface
> :is to be put in based on it's primary address, but *not* based on it's
> :secondary addresse(s).
> I wholeheartedly agree. Use of VLANs also provides more flexibility wrt
> ACLs and IGPs (i.e., you can do a passive-interface fX/Y.NNN, while
> allowing others to announce routing info).
---end quoted text---
SY,
--
CCNP, CCDP (R&S) Dmitri E. Kalintsev
CDPlayer at irc Network Architect @ connect.com.au
dek @ connect.com.au phone: +61 3 8687 5954 fax: 8414 3115
http://-UNAVAIL- UIN:7150410 cell: +61 414 821 382
More information about the cisco-nsp
mailing list