Well, as far as the RB product line... there are multiple scenarios, but
from the perspective of what we are talking about as long as your not
spanning the L2 vlan across the eCampus I don't see any problems with these
setups.
In fact, We deployed this model in a recent Data Center design were the
each major distribution blocked was divided into zones based on security
with a Active/Standby Firewalls configured with vPC links to the
distribution block and the Firewalls configured in Transparent Mode with
VLAN remapping much like what I listed in my previous email. Unless you
are to PBR to source route the traffic or WCCP there isn't much you can do
to get your traffic through your desired device. But, again I haven't seen
every network design and or topology, so like you I hope to hear from the
rest of the group on their thoughts.
JS.
On Tue, May 15, 2012 at 3:41 PM, marc edwards <renorider_at_gmail.com> wrote:
> Joe:
>
> A little different but similar concept. Take subnet 192.168.1.0/24 for
> example
>
>
> VLAN 1 (also SVI 192.168.1.10) ---> (LAN side RB Steelhead inpath 0_0)
> --> (WAN side RB Steelhead inpath 0_0) ---> VLAN2 (no svi un routed)
> --- (multiple WAN next hops with ip addressing in the 192.168.1.0/24
> address space)
>
> It is being used to get all traffic through Riverbed then to other
> next hops on the VLAN2.
>
> I have seen a simmilar setup in Cisco IPS but the pair is actually
> defined in IPS. I am not sure if Cisco has done away with this as I
> hear there are newer inline techniques to add IPS to network.
>
> Your example holds the same premise where 2 VLANs per 1 subnet in
> which devices have to cross VLANs to reach a default gatway. Is there
> any wrongdoing in this I know it works...but...?
>
> On Tue, May 15, 2012 at 1:17 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
> > Marc,
> >
> > are you referring to the designs like: (all on same L3 switch)
> >
> > vlan 200 (layer 2 only) -----> inside interface FW --> outside FW
> interface
> > (vlan 200 re-map to vlan 210) --------> vlan 210 L3 SVI
> > vlan 3400 (layer 2 only) ------> outside interface IPS ---> inside IPS
> > interface vlan 3410 ----> outside FW interface
> >
> > Not sure is this is what you are speaking of, I just want to get on-point
> > first.
> >
> > JS.
> >
> > On Tue, May 15, 2012 at 1:27 PM, marc edwards <renorider_at_gmail.com>
> wrote:
> >>
> >> I wanted to get some opinions about the habit of 2 VLANS 1 subnet
> >> configurations I have seen for IPS sensing (inline) and WAN
> >> optimization. Basically causes the switch to constantly ARP for
> >> members on the IP'd VLAN. I am not a fan but don't have any technical
> >> evidence to back my claims it just isn't right.... Nor really any
> >> documentation on this so I can imagine it isn't highly used. Let me
> >> know what you think and why. Thanks in advance for commentary.
> >>
> >> Regards,
> >>
> >> Marc
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue May 15 2012 - 16:10:10 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART