From: Herbert Maosa (asawilunda@googlemail.com)
Date: Tue Oct 02 2007 - 20:18:27 ART
Have you considered using VRF Lite ? You could create different vrfs on the
head router and place a loopback in each of the vrfs. These loopbacks can
share the IP address withouta problem since they are contained within their
own vrfs.
Herbert.
On 10/2/07, Scott M Vermillion <scott@it-ag.com> wrote:
>
> Howdy all,
>
>
> Not sure if there is a solution to this problem or not. ..
>
>
>
> Of course IOS will not allow any two given interfaces on a single box to
> have overlapping address space. I have a need to try to do something like
> this, though, so I've been experimenting with different options. One was
> to
> populate my router with an NM-16ESW module and do 'no switchport' and 'ip
> unnumbered loXX', with the loopbacks having /32 addresses assigned.
> Unnumbered is not allowed on "non-point-to-point" interfaces, though. Any
> way to force a router to "perceive" an Ethernet interface to be
> non-broadcast? Or any other tricks to getting IOS to accept overlapping
> address space?
>
>
>
> Read further at your own peril (not at all necessary to understand my
> basic
> question above, just some background for those interested in why I would
> want to attempt this).
>
>
>
> This is a funky Head End QoS situation that would take pages to fully
> write
> up. The gist of it is that I am looking to have multiple physical
> interfaces at a Head End, each with differing QoS policies applied, but I
> lack sufficient public IP space to have a bunch of /30 or /31 subnets for
> each of those physical interfaces. Right now, I have mobile spoke routers
> running DMVPN and they have Internet connectivity via both broadband
> cellular and a low-speed satellite link (for example - there's actually
> more). I have a separate DMVPN tunnel back to the Head End via each
> Internet connection. At the Head End, I currently have only one single
> physical connection to the Internet which supports these redundant tunnels
> by way of loopback interfaces (e.g. at the spokes, the broadband cellular
> tunnel points to publicly routable Lo101, while the satellite tunnel
> points
> to publicly routable lo102, and the Head End ISP has a static route which
> encompasses all of these Lo interfaces via my single physical interface IP
> that points to them). Main problem here being that I can't apply CBWFQ to
> those loopbacks at the Head End (this is no problem at the spokes, as it's
> a
> different physical interface for each Internet connection, and I apply
> individual policy per physical interface). I can, obviously, apply policy
> to that one single physical interface providing my Head End Internet
> connectivity. But I need differing policies for the two tunnels (e.g. I
> want to police outbound traffic appropriately for broadband cellular,
> which
> is different than what's appropriate for the satellite connection, and
> then
> once I've policed to a certain rate, apply CBWFQ and LLQ for different
> outbound traffic classes based on DSCP). I don't have sufficient public
> address space to branch this off into a separate /30 or /31 per tunnel at
> the Head End (because I actually have quite a number of tunnels per spoke,
> the two given were just representative examples). What I want is to have
> my
> "Internet" box at the Head End (actually a firewall) have one single
> interface pointing upstream towards the ISP and another interface pointing
> back downstream towards my "DMVPN" router with an address in, say, a /21
> subnet (which is all I have). This ties to a switch. Within that same
> subnet, my DMVPN router has a single physical interface per tunnel, each
> of
> which connect to that same switch in a common VLAN. This way I can stay
> within my allotted /21 public IP space and still have a separate physical
> interface available for differing outbound policy implementations towards
> my
> spokes.
>
>
>
> Thanks all for any thoughts, tips, or tricks.
>
>
> Scott
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Kindest regards, hm
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:11 ART