Thanks for input. Good to hear some insight. hard to dig anything up
in google. this will make the top of the query :)
On Tue, May 15, 2012 at 2:10 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
> Well, as far as the RB product line... there are multiple scenarios, but
> from the perspective of what we are talking about as long as your not
> spanning the L2 vlan across the eCampus I don't see any problems with these
> setups.
>
> In fact, We deployed this model in a recent Data Center design were the each
> major distribution blocked was divided into zones based on security with a
> Active/Standby Firewalls configured with vPC links to the distribution block
> and the Firewalls configured in Transparent Mode with VLAN remapping much
> like what I listed in my previous email. Unless you are to PBR to source
> route the traffic or WCCP there isn't much you can do to get your traffic
> through your desired device. But, again I haven't seen every network design
> and or topology, so like you I hope to hear from the rest of the group on
> their thoughts.
>
> JS.
>
> On Tue, May 15, 2012 at 3:41 PM, marc edwards <renorider_at_gmail.com> wrote:
>>
>> Joe:
>>
>> A little different but similar concept. Take subnet 192.168.1.0/24 for
>> example
>>
>>
>> VLAN 1 (also SVI 192.168.1.10) ---> (LAN side RB Steelhead inpath 0_0)
>> --> (WAN side RB Steelhead inpath 0_0) ---> VLAN2 (no svi un routed)
>> --- (multiple WAN next hops with ip addressing in the 192.168.1.0/24
>> address space)
>>
>> It is being used to get all traffic through Riverbed then to other
>> next hops on the VLAN2.
>>
>> I have seen a simmilar setup in Cisco IPS but the pair is actually
>> defined in IPS. I am not sure if Cisco has done away with this as I
>> hear there are newer inline techniques to add IPS to network.
>>
>> Your example holds the same premise where 2 VLANs per 1 subnet in
>> which devices have to cross VLANs to reach a default gatway. Is there
>> any wrongdoing in this I know it works...but...?
>>
>> On Tue, May 15, 2012 at 1:17 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
>> > Marc,
>> >
>> > are you referring to the designs like: (all on same L3 switch)
>> >
>> > vlan 200 (layer 2 only) -----> inside interface FW --> outside FW
>> > interface
>> > (vlan 200 re-map to vlan 210) --------> vlan 210 L3 SVI
>> > vlan 3400 (layer 2 only) ------> outside interface IPS ---> inside IPS
>> > interface vlan 3410 ----> outside FW interface
>> >
>> > Not sure is this is what you are speaking of, I just want to get
>> > on-point
>> > first.
>> >
>> > JS.
>> >
>> > On Tue, May 15, 2012 at 1:27 PM, marc edwards <renorider_at_gmail.com>
>> > wrote:
>> >>
>> >> I wanted to get some opinions about the habit of 2 VLANS 1 subnet
>> >> configurations I have seen for IPS sensing (inline) and WAN
>> >> optimization. Basically causes the switch to constantly ARP for
>> >> members on the IP'd VLAN. I am not a fan but don't have any technical
>> >> evidence to back my claims it just isn't right.... Nor really any
>> >> documentation on this so I can imagine it isn't highly used. Let me
>> >> know what you think and why. Thanks in advance for commentary.
>> >>
>> >> Regards,
>> >>
>> >> Marc
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue May 15 2012 - 19:40:43 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART