Re: ERS 8600, simple setup, IP, VLANs, etc.
- From: Frank Sweetser <fs@xxxxxxxxxxxxx>
- Date: Sun, 10 Jun 2007 23:36:46 +0000 (UTC)
Peter Grandi <pg_nh@xxxxxxxxxxxxxxxxxxx> wrote:
There will be a separate management network, but some bits of IOn Sun, 10 Jun 2007 19:18:20 +0000 (UTC), Frank Sweetser
have read gave me the impression impression that having a real
or virtual management port IP address important is important,
even if there is no management network; the (real or virtual)
management port is just used to hang an IP address to. I suppose
because of things like using DevManager etc., or simply to give
the node a canonical IP address.
Ah - this is usually more of an issue for 8600s that are acting as a router.
If you're not using a virtual IP address, you have to pick an address
associated with an interface, such as a VLAN. If that interface is down, then
the IP address will be unreachable. A virtual IP address, however, can be used
to contact the router via any interface that's still up. This address should
typically be on a small dedicated subnet for this purpose.
* User IP based brouter ports or port based VLANs to bind the
10.0.1-12.1 addresses (and related routes) to the ports to
which the leaf switches are connected?
fs> I'd go with port based VLANs. Using VLANs everywhere gives
fs> you a lot of flexability.
Our current setup is VLAN based, and we are trying to get rid of
them :-). We need little functional flexibility (thanks to a
fairly functionally homogenous network), but something that is
easier to understand and diagnose, and operates more as an
internet, not a single network with subsets.
fs> [ ... ] the first time you need to port two subnets out to a
fs> single edge switch, you'll have to [ ... ]
Well, I personally think that is in general a bad idea, but I
admit that it is a very seductive one. My style usually is ''one
LAN, one subnet, one router''; the motivation is ease of
Personally, I prefer my routers to have more than one subnet configured,
otherwise it can't talk to very much ;-)
The thing that you have to remember is that a VLAN is a LAN - it's just
one that's virtually defined. It's no different than virtual IP addresses,
or OS virtuallization - except that networks have been doing this kind of
virtualization for 10 years, and it's rock solid.
understanding and documentation, and separation of trouble and
concerns. The current VLAN based infrastructure I am dealing
with has several dozen switches and thousands of ports over a
dozen VLANs and it seems a bit prone to global accidents, and/or
fossilization of the configuration to minimize them. That's not
too bad for an office infrastructure, but the network subset
that is being reconfigured has very different requirements...
We have 7,748 active ports according to our drop database using this
style setup, and it's worked flawlessly for us.
If anything, I'd be more nervous about potential screwups and losing track
of what's where with a non-VLAN setup.
With VLAN multiple VLANs, I can look at any port in my entire network and
instantly tell you, with no ambiguity, exactly which subnet it belongs to.
Without them, I'd have to trace things back up to the correct router to find
out where I am. Much more of the state of the network is implicitly
configured, rather than explicitly.
Because of this, the network monitoring package we have is able to identify
what network each machine is one when it dumps the FDB and ARP tables
periodically.
With each VLAN explicitly configured on uplink ports, if something gets plugged
in somewhere it doesn't belong, it simply won't work due to the VLAN mismatch.
In our server room, it alows us to have a number of subnets all served off of
the same switch, letting us segregate out different classes of servers without
having to buy a seperate switch for every subnet.
When, eventually, you have to port another subnet out to an existing switch,
it's just five minutes work to do so.
fs> Routers don't forward broadcasts outside of subnets.
The problem here is that the 8600 is both a switch and a router,
and it configuration system is not totally simple :-), and in
That's certainly true =) You just have to remember that each VLAN is exactly
what the name implies - a virtual LAN. By configuring an interface on a given
VLAN, you create a logical IP interface from the routing engine to that VLAN.
particular it seems to handle routing by using mostly internal
VLANs. I'd like to avoid inadvertently creating a switching
situation where I just really want routing. For example the
All you have to do is not put two ports on the same VLAN, and there will not be
any switching, only routing. Switching is only done within a VLAN - the only
way to get between two VLANs is via routing.
description of a ''brouter'' port says that it continues to
route even if it is in a blocked state. In a sense I'd like to
make sure all ports are in a blocked state then :-).
Somehow I suspect that wouldn't actually be very useful =)
In the end, I think you're going to find that any new, enterprise class network
device is going to be built from the ground up around VLAN technology.
Non-VLAN netowrks these days are about as common as unpartitioned hard drives,
and even less flexible.
Thanks a lot for your comments!
Good luck, whichever way you end up going =)
(BTW, for what it's worth, I've only known of one large network that went with
non-VLAN tagged links in their initial deployment. A year later, they were
regretting this, and working on a plan to move to rolling VLANs out to the
edge.)
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
.
- References:
- ERS 8600, simple setup, IP, VLANs, etc.
- From: Peter Grandi
- Re: ERS 8600, simple setup, IP, VLANs, etc.
- From: Frank Sweetser
- Re: ERS 8600, simple setup, IP, VLANs, etc.
- From: Peter Grandi
- ERS 8600, simple setup, IP, VLANs, etc.
- Prev by Date: Re: ERS 8600, simple setup, IP, VLANs, etc.
- Next by Date: Re: Can Ping Call Pilot but no access?
- Previous by thread: Re: ERS 8600, simple setup, IP, VLANs, etc.
- Next by thread: Re: ERS 8600, simple setup, IP, VLANs, etc.
- Index(es):
Relevant Pages
|
|
