[c-nsp] Problem interface

Rodney Dunn rodunn at cisco.com
Tue Aug 30 10:06:12 EDT 2005 

On Mon, Aug 29, 2005 at 07:53:45PM -0700, John Bittenbender wrote:
> On 8/28/05, Skeeve Stevens <skeeve at skeeve.org> wrote:
> > 
> > Hey guys,
> > 
> >         I have a new client for whom I manage their border and BGP.  The
> > router is a 7206vxr.  The router was badly setup before.. And I have
> > re-written 90% of the router already.  But their network is badly setup, but
> > I need some more reasons why I can pressure them to change.
> > 
> >         The key issue is that they run all their server - a couple of
> > hundred - in layer 2 with all the servers landing on a dot1q trunk on the
> > 7206vxr.
> > 
> > interface FastEthernet1/0.200
> >  encapsulation dot1Q 200
> >  ip address x.x.103.1 255.255.255.0 secondary
> >  ip address x.x.104.1 255.255.255.0 secondary
> >  ip address x.x.96.1 255.255.255.0 secondary
> >  ip address x.x.100.1 255.255.255.0 secondary
> >  ip address x.x.101.1 255.255.255.0 secondary
> >  ip address x.x.102.1 255.255.255.0 secondary
> >  ip address x.x.105.1 255.255.255.0 secondary
> >  ip address x.x.97.1 255.255.255.0
> >  no ip proxy-arp
> >  no ip mroute-cache
> >  no snmp trap link-status
> >  no cdp enable
> > 
> > So essentially every server, a couple of hundred land on the router here
> > with one of the above addresses being the servers default gateway.
> > 
> > I would like some advice from you guys in how many ways this is bad so I can
> > hit them with it all and convince them to a layer 2/3 switched environment.
> 
> I don't claim to be a Cisco expert, so correct me if I'm wrong.
> 
> I think that in the case of all those secondary ip addressess they are
> no longer CEF switched, but processor switched.

Not with CEF. We'll CEF switch packets between secondaries.
Before CEF with fastswitching you had to do "ip route-cache same-interface"

> 
> So, if I'm not mistaken you are eating up that poor 7206's CPU for all
> packets to and from the subnets that are secondaries. - Potential to
> impact routing reconvergence, throughput, management, etc.
> 
> You should tell them that there are 4096 possible VLANs and that they
> aren't going away so they may as well use them.

The major problem is the single broadcast domain that is caused with
so many host in a single VLAN. Having it like this only causes
trouble. Breaking it out in to more .1q subinterfaces doesn't cost
you anthing and removes the single broadcast domain problem.

> 
> JB
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list