[j-nsp] Network configuration question / vlan and bridging related
Saku Ytti
saku+juniper-nsp at ytti.fi
Fri Jun 24 16:33:43 EDT 2005
On (2005-06-24 13:23 +0200), Steinar Torsvik wrote:
> > proxy-arp is not the feature Niels is referring to - i.e. proxy-arp is
> > not quite the same as local-proxy-arp. You need something that supports
> > a shared IP interface and a local-proxy-arp style mechanism to do this.
> > An ERX-310 for instance will work nicely for your type of setup. The
> > M-series are pretty flexible all-round boxes but they are (currently)
> > not really suited for BRAS-type setups, which the E-series do very well.
>
> So my best bet with this equipment / hardware in place is allocating a
> /30 network to each client?
>
> And maybe in the future with JunOS upgrades we can migrate to this
> solution who is a bit easier to maintain.
I'm sorry to say, but your initial post is pretty much on the dot. You
need both PVLAN (or RFC3069) and local-proxy-arp to solve this, so you're
stuck with /30 until you can upgrade your L2.
Just adding local-proxy-arp can't guarantee that traffic flows
via your M7i, as any other host in the L2 can answer to the ARP WHO HAS
with it's MAC address which would make the traffic flow directly between
two customer ports.bb
Another solution might be to keep each customer in it's own unnumbered VLAN's
towards loopback interface with the eg. /24 GW address and local-proxy-arp in
those VLANs. But this can't be done in M7i. Cisco supports unnumbered
VLAN subinterfaces, but last time I checked MAC learning is disabled on
them always, so customers must run DHCP to make router learn MAC/IP relations,
but if this is ok, you can use multiple VLAN's and single subnet w/o PVLAN or
RFC3069.
(and for the list, proxy-arp answers to all ARP WHO HAS's, local-proxy-arp
only for the subnet)
--
++ytti
More information about the juniper-nsp
mailing list