[nsp] Best Practice for Secondary IP addresses on interfaces
Brian R. Watters
brwatters at abs-internet.com
Sun Jan 19 20:02:25 EST 2003
This is correct .. Really the most I would want to see from this move
would be to bond the two Eth interfaces and reduce the domain broadcasts
.. Renumbering or placing static routes at the end is a no go .. Are we
still on the right track with VLAN's in this case?
Brian
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pylko, Eric
Sent: Sunday, January 19, 2003 6:38 PM
To: 'Dmitri Kalintsev'; cisco-nsp at puck.nether.net
Subject: RE: [nsp] Best Practice for Secondary IP addresses on
interfaces
Unless you're doing something with the subnet masks, all traffic is
going through the router now to be routed.
Since this is the NSP list and the question was asked from an ISP
perspective, my bet would be that:
1. Changing subnet masks for everyone isn't viable
2. putting static routes on end devices isn't viable either
-Eric
--
Eric Pylko
Systems Engineer
CCIE #5827
-----Original Message-----
From: Dmitri Kalintsev [mailto:dek at hades.uz]
Sent: Sunday, January 19, 2003 8:49 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [nsp] Best Practice for Secondary IP addresses on
interfaces
Um, just don't forget that all inter-VLAN traffic will have to go in to
the router and back out (unless your switch can use your router as MLS
RP). If your router is like to be a choke-point and your switch is not
MLS-capable, you may want to still go with multiple IP ranges on the
interface, enable "ip route-cache same-interface" on it and install
static routes on your hosts in different subnets, telling them that
other range(s) are in fact on their directly connected interface (this
can also be achieved by configuring secondary IP addresses from
different subnets on your hosts interfaces, but this leads to waste of
IP address space).
On Sun, Jan 19, 2003 at 07:27:59PM -0500, Brian Wallingford wrote:
> On Sun, 19 Jan 2003, Jon Allen Boone wrote:
> :On Sunday, Jan 19, 2003, at 01:49 US/Eastern, Brian R. Watters wrote:
> :> We have a few routers (7206's) which interface via ethernet 100 and
> :> CAT2924 and Extreme 24 port switches .. What we would like is to
> get :> some real world (From an ISP's) perspective on just what the
> best :> practice is for routing block's of IP space out to CAT
> switches .. :> Secondary IP addresses on eth interfaces or VLAN's?
> Good or bad for :> both :> .. In some cases we have 5 to 6 class C IP
> blocks being routed out over :> eth interfaces .. Any insight or
> direction would be great! :VLANs are a good idea, especially if you
> want to use OSPF/IS-IS routing :protocols. For example, you can
> determine which OSPF area an interface :is to be put in based on it's
> primary address, but *not* based on it's :secondary addresse(s).
> I wholeheartedly agree. Use of VLANs also provides more flexibility
wrt
> ACLs and IGPs (i.e., you can do a passive-interface fX/Y.NNN, while
> allowing others to announce routing info).
---end quoted text---
SY,
--
CCNP, CCDP (R&S) Dmitri E. Kalintsev
CDPlayer at irc Network Architect @ connect.com.au
dek @ connect.com.au phone: +61 3 8687 5954 fax: 8414 3115
http://-UNAVAIL- UIN:7150410 cell: +61 414 821 382
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
---
[Scanned for viruses with safE-Mail by American Broadband Services]
[To scan your company's email contact ABS info at abs-internet.com]
---
More information about the cisco-nsp
mailing list