[nsp] Best Practice for Secondary IP addresses on interfaces

Dmitri Kalintsev dek at hades.uz
Mon Jan 20 15:27:03 EST 2003 

On Sun, Jan 19, 2003 at 08:02:25PM -0800, Brian R. Watters wrote:
> This is correct .. Really the most I would want to see from this move
> would be to bond the two Eth interfaces and reduce the domain broadcasts
> .. Renumbering or placing static routes at the end is a no go .. Are we
> still on the right track with VLAN's in this case?

If you do not expect large data transfers between hosts in different
subnets, then VLANs are the way to go.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pylko, Eric
> Sent: Sunday, January 19, 2003 6:38 PM
> To: 'Dmitri Kalintsev'; cisco-nsp at puck.nether.net
> Subject: RE: [nsp] Best Practice for Secondary IP addresses on
> interfaces
> 
> 
> Unless you're doing something with the subnet masks, all traffic is
> going through the router now to be routed.
> 
> Since this is the NSP list and the question was asked from an ISP
> perspective, my bet would be that:
> 
> 1. Changing subnet masks for everyone isn't viable
> 2. putting static routes on end devices isn't viable either
> 
> -Eric
> 
> --
> Eric Pylko
> Systems Engineer
> CCIE #5827
> 
> -----Original Message-----
> From: Dmitri Kalintsev [mailto:dek at hades.uz]
> Sent: Sunday, January 19, 2003 8:49 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] Best Practice for Secondary IP addresses on
> interfaces
> 
> 
> Um, just don't forget that all inter-VLAN traffic will have to go in to
> the router and back out (unless your switch can use your router as MLS
> RP). If your router is like to be a choke-point and your switch is not
> MLS-capable, you may want to still go with multiple IP ranges on the
> interface, enable "ip route-cache same-interface" on it and install
> static routes on your hosts in different subnets, telling them that
> other range(s) are in fact on their directly connected interface (this
> can also be achieved by configuring secondary IP addresses from
> different subnets on your hosts interfaces, but this leads to waste of
> IP address space).
> 
> On Sun, Jan 19, 2003 at 07:27:59PM -0500, Brian Wallingford wrote:
> > On Sun, 19 Jan 2003, Jon Allen Boone wrote:
> > :On Sunday, Jan 19, 2003, at 01:49 US/Eastern, Brian R. Watters wrote:
> 
> > :> We have a few routers (7206's) which interface via ethernet 100 and
> 
> > :> CAT2924 and Extreme 24 port switches .. What we would like is to 
> > get :> some real world (From an ISP's) perspective on just what the 
> > best :> practice is for routing block's of IP space out to CAT 
> > switches .. :> Secondary IP addresses on eth interfaces or VLAN's? 
> > Good or bad for :> both :> .. In some cases we have 5 to 6 class C IP 
> > blocks being routed out over :> eth interfaces .. Any insight or 
> > direction would be great! :VLANs are a good idea, especially if you 
> > want to use OSPF/IS-IS routing :protocols.  For example, you can 
> > determine which OSPF area an interface :is to be put in based on it's 
> > primary address, but *not* based on it's :secondary addresse(s).
> > I wholeheartedly agree.  Use of VLANs also provides more flexibility
> wrt
> > ACLs and IGPs (i.e., you can do a passive-interface fX/Y.NNN, while
> > allowing others to announce routing info).
---end quoted text---

SY,
-- 
 CCNP, CCDP (R&S)                          Dmitri E. Kalintsev
 CDPlayer at irc               Network Architect @ connect.com.au
 dek @ connect.com.au    phone: +61 3 8687 5954 fax: 8414 3115
 http://-UNAVAIL-         UIN:7150410    cell: +61 414 821 382

More information about the cisco-nsp mailing list