From: Scott M Vermillion (scott@it-ag.com)
Date: Tue Oct 02 2007 - 19:59:57 ART
Howdy all,
Not sure if there is a solution to this problem or not. ..
Of course IOS will not allow any two given interfaces on a single box to
have overlapping address space. I have a need to try to do something like
this, though, so I've been experimenting with different options. One was to
populate my router with an NM-16ESW module and do 'no switchport' and 'ip
unnumbered loXX', with the loopbacks having /32 addresses assigned.
Unnumbered is not allowed on "non-point-to-point" interfaces, though. Any
way to force a router to "perceive" an Ethernet interface to be
non-broadcast? Or any other tricks to getting IOS to accept overlapping
address space?
Read further at your own peril (not at all necessary to understand my basic
question above, just some background for those interested in why I would
want to attempt this).
This is a funky Head End QoS situation that would take pages to fully write
up. The gist of it is that I am looking to have multiple physical
interfaces at a Head End, each with differing QoS policies applied, but I
lack sufficient public IP space to have a bunch of /30 or /31 subnets for
each of those physical interfaces. Right now, I have mobile spoke routers
running DMVPN and they have Internet connectivity via both broadband
cellular and a low-speed satellite link (for example - there's actually
more). I have a separate DMVPN tunnel back to the Head End via each
Internet connection. At the Head End, I currently have only one single
physical connection to the Internet which supports these redundant tunnels
by way of loopback interfaces (e.g. at the spokes, the broadband cellular
tunnel points to publicly routable Lo101, while the satellite tunnel points
to publicly routable lo102, and the Head End ISP has a static route which
encompasses all of these Lo interfaces via my single physical interface IP
that points to them). Main problem here being that I can't apply CBWFQ to
those loopbacks at the Head End (this is no problem at the spokes, as it's a
different physical interface for each Internet connection, and I apply
individual policy per physical interface). I can, obviously, apply policy
to that one single physical interface providing my Head End Internet
connectivity. But I need differing policies for the two tunnels (e.g. I
want to police outbound traffic appropriately for broadband cellular, which
is different than what's appropriate for the satellite connection, and then
once I've policed to a certain rate, apply CBWFQ and LLQ for different
outbound traffic classes based on DSCP). I don't have sufficient public
address space to branch this off into a separate /30 or /31 per tunnel at
the Head End (because I actually have quite a number of tunnels per spoke,
the two given were just representative examples). What I want is to have my
"Internet" box at the Head End (actually a firewall) have one single
interface pointing upstream towards the ISP and another interface pointing
back downstream towards my "DMVPN" router with an address in, say, a /21
subnet (which is all I have). This ties to a switch. Within that same
subnet, my DMVPN router has a single physical interface per tunnel, each of
which connect to that same switch in a common VLAN. This way I can stay
within my allotted /21 public IP space and still have a separate physical
interface available for differing outbound policy implementations towards my
spokes.
Thanks all for any thoughts, tips, or tricks.
Scott
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:11 ART