On Tue, 2008-02-12 at 16:19 +0100, Matthias Saou wrote: > If not, then the idea I had was the following : With 3 or more physical > network ports, keep one just for "maintenance" (IPMI/DRAC and PXE boot) > and bond the others with LACP, then trunk the two VLANs for private and > public LANs on top of that. Sounds possible? (as I've never used VLANs > on Linux, even less on top of some bonding!)
You can certainly do this part, although it could be argued, probably correctly, that VLAN's are not a strong enough security barrier on which to mix a "Public" and "Private" network, although those terms can mean slightly different things to different people. We actually do this in a few cases, but the "public" VLAN is already firewalled and restricted by application layer proxies before it's VLAN's are mixed on the same wire/network infrastructure with our "public" VLAN's. > This last setup would possibly mean loosing access to the "maintenance" > interface if a switch dies, but never loosing access to any of the two > production networks. The switches I have in mind are Cisco 4948, which > would be stacked together, and always have LACP configured across two > or more devices. > Has anyone done anything similar? Sounds reasonable? Any advice? We have a similar setup with Cisco 3750's in a stack (well, as far as VLAN's and redundant access), however, I don't think that an LACP channel bonded link can span across two different switches on a Cisco 4948. This works on the 3750's because they stack via a special cable in the back and basically become a single switch, however I think that Cisco 4948's stack via trunk ports and still act as separate switches, with separate configs and switching engines, although I'd have to look it up to be 100% sure. That doesn't mean you can't used use adaptive load balancing or simple failover across two switches (we do a good bit of this as well), but LACP is designed to make the links appear as a single link and typically can't span switches that don't share the same switching fabric. That means it usually requires chassis based switches or stackable switches that become a single fabric via a fabric cable rather than connecting via ethernet trunks. I could be wrong on the 4948 and it's capabilities, we have a couple of these and I'm pulling it from my memory. I know it supports LACP on multiple ports within a single switch, but I'm pretty sure it cannot be LACP aware across multiple switches like the 3750's. Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
