[c-nsp] Bridge group woes and IRB

David Coulson david at davidcoulson.net
Wed Apr 20 10:06:18 EDT 2005


I have a 7507 w/ RSP4 (12.3(13a) right now), which I am using to route
traffic between VLANs which enter the router via a FastEthernet PA on a
VIP2-50 using 802.1q. Using the basic sub-interface configuration, I am
able to route between VLANs and all that good stuff. Everything is happy.

With the idea that I could take two trunks into seperate switches and
use bridge groups on the router to bundle it all together, in order to
have some redundency if a switch fails, I enabled IRB on the router,
configured bridge groups for each VLAN and set the bridge-group option
within the sub-interfaces. All IP configurations from the sub-interface
was moved onto the BVI.

My issue is that with a configuration using IRB and BVIs, packets will
be bridged between VLANs (e.g. when I do a traceroute from one VLAN to
the other, I don't see the router as a hop as it would when I was using
sub-interfaces). Doing a 'no bridge 100 bridge ip' seems to break
everything, since I assume it will want t 'bridge' from the Fast
Ethernet sub-interface to the BVI. The bridging of packets between
VLANs, rather than routeing, is breaking quite a few things as I have a
FE on the same router which connects into VLAN 100 at another point
(yes, I know this isn't ideal, but it's part of a migration process).
Ultimatly, we end up with a Layer 2 loop in the network, even though the
non-trunked FE is not part of a bridge group at all and just has an IP
allocated.

Is IOS supposed to bridge frames between two bridge groups, or is this a
side effect of a misconfiguration or IOS bug? Alternativly, any better
suggestions as to how to have two redundent 802.1q trunks out to
switches would be welcomed. I know I can put the IP address on
thesub-interface and include it in a bridge group, rather than using a
BVI, but then the IP is dependent upon the link state of the FE.

Thanks,
David

-- 
David J. Coulson    email: david at n2net.net
Operations Manager  voice: (216) 619-2000
N2Net, Inc.         web:   http://www.n2net.net/




More information about the cisco-nsp mailing list