On Sat, 14 Oct 2000, Brandon J. Carroll wrote:
> We use bridging quite a bit in our ADSL networks.
> Here is a sample.
>
> bridge irb
> bridge 64 protocol ieee
> bridge 64 route ip
> interface BVI1
> ip address 172.64.0.254 255.255.255.0
> no ip route-cache
> no ip mroute-cache
> interface Serial0.1 multipoint
> frame-relay map bridge 35 broadcast IETF
> frame-relay map bridge 34 broadcast IETF
> frame-relay map bridge 33 broadcast IETF
> bridge-group 64
We use IRB alot with DSL as well. The above way is sort of a bad way to
do it though, and I will tell you why:
You are mapping multiple PVC's on a single interface. realize their is
*no way* these users can directly contact eachother (like if one wanted to
download a file from the other or whatever). A Bridge group is going to
treat all 3 PVC's as a single bridge port. A rule of bridging is that if
the router receives a packet from a port that is destined out that same
port, it will drop it. You may think of this as a feature, that the users
can't see eachothers network neighborhoods etc.........but what you are
doing is blackholing users from eachother. And judging on the size of
your BVI's, you may be blackholing alot of users from eachother and its
probably going to come back to you some day.
Also, nothing stops any of those users above from stealing *any* IP they
want in the bridge group........or as many as they want. You can have
total and complete chaos and you can't stop it. Their are alot of
trade-offs using IRB in a DSL enviroment, and to avoid all the pitfalls is
going to require a certain amount of resources to be used on the router.
Users on different interfaces, but the same BVI, will be able to
communicate, because the router will treat this as two different bridge
ports and bridge between them. Users on different BVI's can communicate,
because the router will "route" between them. But the above scenerio
would never allow users to directly communicate with eachtoher (users on
the same interface and bvi).
Also, I would recommend hard coding the mac-address into the BVI, after
you create it. Looking at the above, you are using the default ARP
timeout, which I think is like 3 hours. When your router reboots, a new
MAC address will be chosen for the BVI. So users who have the old mac
address cached will be dead in the water. Perhaps the cisco sends a
gratuitous arp on reboot for the BVI's........I don't know, but I don't
think all stacks respond to those necessarily.
Also, I would definitly turn off Spanning Tree to those DSL customers
since thats just excess overhead and not needed. Also a subscriber-policy
may be a good idea to apply to each BVI that limits broadcasts to only ARP
packets........people can do bad things with the other types.
Brian
>
> I hope this helps. I usually forget the bridge 64
> route ip, statement.
>
> Let me know if this helps.
>
> Brandon
>
> --- "Hartnell, George" <[EMAIL PROTECTED]>
> wrote:
> > I'm having some difficulty getting bridge-group
> > routing to happen. Static
> > routing happens just ducky between two IP addressed
> > interfaces. IRB is
> > enabled. Bridge group 64 (my number of the month)
> > remains painfully silent
> > as the packets bounce back and forth, back and
> > forth, between a routed port
> > and the default gateway downstream. The (sparse)
> > manual has been followed,
> > but the BVI class C virtual interface will neither
> > route nor respond.
> >
> > The example scripts at Cisco were quite instructive.
> > They do not, however,
> > assign routed interfaces a direct IP address,
> > instead relying on this BVI
> > scheme. The very one I can't get to work.
> >
> > Anyone out there with similar equipment, having
> > time, might drop a piece of
> > wisdom this way.
> >
> > Best, G.
> >
> > "Be strict in what you send, and forgiving in what
> > you receive."
> >
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > George Hartnell, Network Supervisor
> > Bellingham School District, 1306 DuPont St.
> > Bellingham, Wa. 98225-3198 (360)647-6860
> > [EMAIL PROTECTED] Internet Mail
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Messenger - Talk while you surf! It's FREE.
> http://im.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
-----------------------------------------------
Brian Feeny, CCNP, CCDP [EMAIL PROTECTED]
Network Administrator
ShreveNet Inc. (ASN 11881)
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
