Re: [c-nsp] Loopback/VLAN question
The transport product was supposed to be able to re-tag, but we learned
during the turn-up that that's coming in future version. As you can
imagine, we will be having further discussions on this issue.
Frank
-Original Message-
From: Thomas Habets [mailto:tho...@habets.pp.se]
Sent: Wednesday, December 16, 2009 6:50 AM
To: Frank Bulk - iName.com
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Loopback/VLAN question
On Tue, 15 Dec 2009, Frank Bulk - iName.com wrote:
I have 5 remote sites where I'm doing FTTH and transporting the traffic
over
a third-party transport gear to our HQ. Each site-HQ link is a separate
VLAN and uniquely numbered.
Have you considered re-tagging the VLANs on a cheaper device before the
7600 (which I assume you're sparing because of port cost) and re-tagging
them to the same VLAN, with some private vlan conf on there to keep VLANs
from talking to each other (assuming you want that)? Then the 7600 will
just get all sites on one VLAN.
Re-tagging VLANs does take up a few ports on a cheap switch, but it may be
cheaper than using up more ports in the 7600 and the 3rd party transport.
And I never said it wasn't ugly.
SiteA SiteB SiteC SiteD SiteE
| | | | |
VLAN1 VLAN2 VLAN3 VLAN4 VLAN5
| | | | |
=
|
802.1q tagged (1 thru 5)
|
2960
| - untagged, one per VLAN
the same 2960
|
7609-S
|
DHCP server
-
typedef struct me_s {
char name[] = { Thomas Habets };
char email[] = { tho...@habets.pp.se };
char kernel[]= { Linux };
char *pgpKey[] = { http://www.habets.pp.se/pubkey.txt; };
char pgp[] = { A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854 };
char coolcmd[] = { echo '. ./_. ./_'_;. ./_ };
} me_t;
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
On Tue, 15 Dec 2009, Frank Bulk - iName.com wrote:
I have 5 remote sites where I'm doing FTTH and transporting the traffic over
a third-party transport gear to our HQ. Each site-HQ link is a separate
VLAN and uniquely numbered.
Have you considered re-tagging the VLANs on a cheaper device before the
7600 (which I assume you're sparing because of port cost) and re-tagging
them to the same VLAN, with some private vlan conf on there to keep VLANs
from talking to each other (assuming you want that)? Then the 7600 will
just get all sites on one VLAN.
Re-tagging VLANs does take up a few ports on a cheap switch, but it may be
cheaper than using up more ports in the 7600 and the 3rd party transport.
And I never said it wasn't ugly.
SiteA SiteB SiteC SiteD SiteE
| | | | |
VLAN1 VLAN2 VLAN3 VLAN4 VLAN5
| | | | |
=
|
802.1q tagged (1 thru 5)
|
2960
| - untagged, one per VLAN
the same 2960
|
7609-S
|
DHCP server
-
typedef struct me_s {
char name[] = { Thomas Habets };
char email[] = { tho...@habets.pp.se };
char kernel[]= { Linux };
char *pgpKey[] = { http://www.habets.pp.se/pubkey.txt; };
char pgp[] = { A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854 };
char coolcmd[] = { echo '. ./_. ./_'_;. ./_ };
} me_t;
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Loopback/VLAN question
I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? interface Loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip address a.b.c.1 255.255.255.0 ip address a.b.d.1 255.255.255.0 secondary ip address a.b.e.1 255.255.255.0 secondary ip helper-address w.x.y.z arp timeout 300 interface Vlan10 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface Vlan11 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface GigabitEthernet1/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10, 11 switchport mode trunk end ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
On Tue, 15 Dec 2009, Frank Bulk - iName.com wrote: I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? Use BVI's, not loopbacks. Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: t...@lava.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
On Tue, 2009-12-15 at 08:30 -1000, Antonio Querubin wrote: On Tue, 15 Dec 2009, Frank Bulk - iName.com wrote: I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? Use BVI's, not loopbacks. I don't think using BVIs on a L3 switch will do much good; if it would work (can they do anything but fallback bridging?) it would probably be very bad performance wise. As for the original question, I wouldn't have thought a PFC3B could do such a thing, but one can never know. I suppose it _has_ to work like that? -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
Frank, Can you please explain what do you want to achieve? I think this should be done in a different way. Also, what HW do you have? Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Frank Bulk - iName.com Sent: Tuesday, December 15, 2009 20:19 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Loopback/VLAN question I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? interface Loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip address a.b.c.1 255.255.255.0 ip address a.b.d.1 255.255.255.0 secondary ip address a.b.e.1 255.255.255.0 secondary ip helper-address w.x.y.z arp timeout 300 interface Vlan10 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface Vlan11 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface GigabitEthernet1/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10, 11 switchport mode trunk end ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
It's my understanding that BVIs on the 7600-platform only bridge non-IP traffic, so that wouldn't work. Frank -Original Message- From: Antonio Querubin [mailto:t...@lava.net] Sent: Tuesday, December 15, 2009 12:30 PM To: Frank Bulk - iName.com Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Loopback/VLAN question On Tue, 15 Dec 2009, Frank Bulk - iName.com wrote: I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? Use BVI's, not loopbacks. Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: t...@lava.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
I have 5 remote sites where I'm doing FTTH and transporting the traffic over a third-party transport gear to our HQ. Each site-HQ link is a separate VLAN and uniquely numbered. My preference is to burn up only one port on the Cisco 7609-S (RSP720-3C with WS-X6748-DFC3C) and transport gear by trunking the traffic between the two boxes. But I don't want to have a separate IP address pool (with associated static IP /24 and web filter /24) for each remote site. I would like each remote site to use the same address pool. So I'm looking for something like IRB. SiteA SiteB SiteC SiteD SiteE | | | | | VLAN1 VLAN2 VLAN3 VLAN4 VLAN5 | | | | | = | 802.1q tagged (1 thru 5) | 7609-S | DHCP server I could use the transport gear's VLAN-translation and drop off each site into their own physical port on the 7609-S but have it be the same VLAN, but that's burning more ports on both boxes than what I would like. But perhaps I have to use separate IP address pools for each remote site. That would have the benefit of reducing the L3-broadcast traffic. Frank -Original Message- From: Arie Vayner (avayner) [mailto:avay...@cisco.com] Sent: Tuesday, December 15, 2009 1:32 PM To: frnk...@iname.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Loopback/VLAN question Frank, Can you please explain what do you want to achieve? I think this should be done in a different way. Also, what HW do you have? Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Frank Bulk - iName.com Sent: Tuesday, December 15, 2009 20:19 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Loopback/VLAN question I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? interface Loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip address a.b.c.1 255.255.255.0 ip address a.b.d.1 255.255.255.0 secondary ip address a.b.e.1 255.255.255.0 secondary ip helper-address w.x.y.z arp timeout 300 interface Vlan10 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface Vlan11 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface GigabitEthernet1/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10, 11 switchport mode trunk end ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
Frank, The right way to solve it would be to use the ES20 (or more actually the more recent ES+) modules. This would allow you to create a separate EVC/EFP (service-instance) per site, using whatever VLAN IDs (even reusing them, or using QinQ) and then bridge-domain them all to the same central global bridge VLAN, which would be the Layer 3 service endpoint (for DHCP). Use the right tools for the job Anyway, with your setup, if this is not becoming a big service (which would then make sense to invest in new HW), then maybe you should just break them into separate L3 domains. Another option is to use the MetroE model of uPE and nPE, where a uPE is used for some parts of the service. This could be a L2 switch (CPE? ME3400-2CS) to do the VLAN translation... Hope this helps. Arie -Original Message- From: Frank Bulk - iName.com [mailto:frnk...@iname.com] Sent: Tuesday, December 15, 2009 21:56 To: Arie Vayner (avayner); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Loopback/VLAN question I have 5 remote sites where I'm doing FTTH and transporting the traffic over a third-party transport gear to our HQ. Each site-HQ link is a separate VLAN and uniquely numbered. My preference is to burn up only one port on the Cisco 7609-S (RSP720-3C with WS-X6748-DFC3C) and transport gear by trunking the traffic between the two boxes. But I don't want to have a separate IP address pool (with associated static IP /24 and web filter /24) for each remote site. I would like each remote site to use the same address pool. So I'm looking for something like IRB. SiteA SiteB SiteC SiteD SiteE | | | | | VLAN1 VLAN2 VLAN3 VLAN4 VLAN5 | | | | | = | 802.1q tagged (1 thru 5) | 7609-S | DHCP server I could use the transport gear's VLAN-translation and drop off each site into their own physical port on the 7609-S but have it be the same VLAN, but that's burning more ports on both boxes than what I would like. But perhaps I have to use separate IP address pools for each remote site. That would have the benefit of reducing the L3-broadcast traffic. Frank -Original Message- From: Arie Vayner (avayner) [mailto:avay...@cisco.com] Sent: Tuesday, December 15, 2009 1:32 PM To: frnk...@iname.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Loopback/VLAN question Frank, Can you please explain what do you want to achieve? I think this should be done in a different way. Also, what HW do you have? Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Frank Bulk - iName.com Sent: Tuesday, December 15, 2009 20:19 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Loopback/VLAN question I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? interface Loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip address a.b.c.1 255.255.255.0 ip address a.b.d.1 255.255.255.0 secondary ip address a.b.e.1 255.255.255.0 secondary ip helper-address w.x.y.z arp timeout 300 interface Vlan10 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface Vlan11 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface GigabitEthernet1/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10, 11 switchport mode trunk end ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
Looks like I will be creating separate L3 domains. ARIN, here I come. =) Thanks again to this group for this helpful information. Frank -Original Message- From: Arie Vayner (avayner) [mailto:avay...@cisco.com] Sent: Tuesday, December 15, 2009 2:14 PM To: frnk...@iname.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Loopback/VLAN question Frank, The right way to solve it would be to use the ES20 (or more actually the more recent ES+) modules. This would allow you to create a separate EVC/EFP (service-instance) per site, using whatever VLAN IDs (even reusing them, or using QinQ) and then bridge-domain them all to the same central global bridge VLAN, which would be the Layer 3 service endpoint (for DHCP). Use the right tools for the job Anyway, with your setup, if this is not becoming a big service (which would then make sense to invest in new HW), then maybe you should just break them into separate L3 domains. Another option is to use the MetroE model of uPE and nPE, where a uPE is used for some parts of the service. This could be a L2 switch (CPE? ME3400-2CS) to do the VLAN translation... Hope this helps. Arie -Original Message- From: Frank Bulk - iName.com [mailto:frnk...@iname.com] Sent: Tuesday, December 15, 2009 21:56 To: Arie Vayner (avayner); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Loopback/VLAN question I have 5 remote sites where I'm doing FTTH and transporting the traffic over a third-party transport gear to our HQ. Each site-HQ link is a separate VLAN and uniquely numbered. My preference is to burn up only one port on the Cisco 7609-S (RSP720-3C with WS-X6748-DFC3C) and transport gear by trunking the traffic between the two boxes. But I don't want to have a separate IP address pool (with associated static IP /24 and web filter /24) for each remote site. I would like each remote site to use the same address pool. So I'm looking for something like IRB. SiteA SiteB SiteC SiteD SiteE | | | | | VLAN1 VLAN2 VLAN3 VLAN4 VLAN5 | | | | | = | 802.1q tagged (1 thru 5) | 7609-S | DHCP server I could use the transport gear's VLAN-translation and drop off each site into their own physical port on the 7609-S but have it be the same VLAN, but that's burning more ports on both boxes than what I would like. But perhaps I have to use separate IP address pools for each remote site. That would have the benefit of reducing the L3-broadcast traffic. Frank -Original Message- From: Arie Vayner (avayner) [mailto:avay...@cisco.com] Sent: Tuesday, December 15, 2009 1:32 PM To: frnk...@iname.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Loopback/VLAN question Frank, Can you please explain what do you want to achieve? I think this should be done in a different way. Also, what HW do you have? Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Frank Bulk - iName.com Sent: Tuesday, December 15, 2009 20:19 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Loopback/VLAN question I have several uniquely numbered 802.1q tagged links coming into a Cisco 7609-S (12.2(33)SRB3) on a single physical port. I would like to use the same group of subnets for each VLAN and I tried using loopbacks but it doesn't work. Any ideas on what I'm doing wrong? interface Loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip address a.b.c.1 255.255.255.0 ip address a.b.d.1 255.255.255.0 secondary ip address a.b.e.1 255.255.255.0 secondary ip helper-address w.x.y.z arp timeout 300 interface Vlan10 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface Vlan11 ip unnumbered loopback 2 ip dhcp relay information trusted ip dhcp relay information option-insert none ip dhcp relay information policy-action keep ip helper-address w.x.y.z interface GigabitEthernet1/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10, 11 switchport mode trunk end ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Loopback/VLAN question
On Tue, 15 Dec 2009, Frank Bulk - iName.com wrote: Looks like I will be creating separate L3 domains. If you can live with knowing what part of the IP pool belongs in what vlan then you can (this works with static addresses (no dhcp) anyway) route the individual parts of the unnumbered subnets to the vlan interface in question. A static route to an interface means the ARP(s) will be done on that interface, so in conjunction with local-proxy-arp (which you seem to have missed in your conf?) you can do this: int lo20 ip addr 192.168.1.1 255.255.255.0 int vlan10 ip unnumbered lo20 ip local-proxy-arp int vlan20 ip unnumbered lo20 ip local-proxy-arp ip route 192.168.1.0 255.255.255.128 vlan10 ip route 192.168.1.128 255.255.255.128 vlan10 Now you've split this subnet into two vlans and there is still full communication between them. How this interacts with dhcp, I don't know. You should try your original conf with added ip local-proxy-arp anyway. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
