[nsp] Best Practice for Secondary IP addresses on interfaces

'Dmitri Kalintsev' dek at hades.uz
Mon Jan 20 13:47:56 EST 2003


On Sun, Jan 19, 2003 at 09:38:17PM -0500, Pylko, Eric wrote:
> Unless you're doing something with the subnet masks, all traffic is going
> through the router now to be routed.

Sorry, I didn't get what you mean by this.

> Since this is the NSP list and the question was asked from an ISP
> perspective, my bet would be that:
> 
> 1. Changing subnet masks for everyone isn't viable

Don't see any need to change netmasks to do what I've suggested.

> 2. putting static routes on end devices isn't viable either

One would only have to do this for the devices that need to exchange data
extensively (like backup server and clients).

All in all, having multiple IP ranges on the same interface is a sure sign
of bad network design or poor network planning. ;^)

> -----Original Message-----
> From: Dmitri Kalintsev [mailto:dek at hades.uz]
> Sent: Sunday, January 19, 2003 8:49 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] Best Practice for Secondary IP addresses on
> interfaces
> 
> 
> Um, just don't forget that all inter-VLAN traffic will have to go in to the
> router and back out (unless your switch can use your router as MLS RP). If
> your router is like to be a choke-point and your switch is not MLS-capable,
> you may want to still go with multiple IP ranges on the interface, enable
> "ip route-cache same-interface" on it and install static routes on your
> hosts in different subnets, telling them that other range(s) are in fact on
> their directly connected interface (this can also be achieved by configuring
> secondary IP addresses from different subnets on your hosts interfaces, but
> this leads to waste of IP address space).
> 
> On Sun, Jan 19, 2003 at 07:27:59PM -0500, Brian Wallingford wrote:
> > On Sun, 19 Jan 2003, Jon Allen Boone wrote:
> > :On Sunday, Jan 19, 2003, at 01:49 US/Eastern, Brian R. Watters wrote:
> > :> We have a few routers (7206's) which interface via ethernet 100 and
> > :> CAT2924 and Extreme 24 port switches .. What we would like is to get
> > :> some real world (From an ISP's) perspective on just what the best
> > :> practice is for routing block's of IP space out to CAT switches ..
> > :> Secondary IP addresses on eth interfaces or VLAN's? Good or bad for 
> > :> both
> > :> .. In some cases we have 5 to 6 class C IP blocks being routed out over
> > :> eth interfaces .. Any insight or direction would be great!
> > :VLANs are a good idea, especially if you want to use OSPF/IS-IS routing 
> > :protocols.  For example, you can determine which OSPF area an interface 
> > :is to be put in based on it's primary address, but *not* based on it's 
> > :secondary addresse(s).
> > I wholeheartedly agree.  Use of VLANs also provides more flexibility wrt
> > ACLs and IGPs (i.e., you can do a passive-interface fX/Y.NNN, while
> > allowing others to announce routing info).
---end quoted text---

SY,
-- 
 CCNP, CCDP (R&S)                          Dmitri E. Kalintsev
 CDPlayer at irc               Network Architect @ connect.com.au
 dek @ connect.com.au    phone: +61 3 8687 5954 fax: 8414 3115
 http://-UNAVAIL-         UIN:7150410    cell: +61 414 821 382



More information about the cisco-nsp mailing list