Quick question about secondary addresses
I'm in a debate with a guy over the use of 'ip address x.x.x.x s.s.s.s secondary' on Cisco gear. I seem to remember reading that the use of secondary addresses is a bad idea, but I can't recall the details of why. Process switched? Can anyone offer a resource or more specific information? Thanks, Dan
On Fri, Jul 30, 2004 at 10:21:06AM -0700, Dan Lockwood wrote:
I'm in a debate with a guy over the use of 'ip address x.x.x.x s.s.s.s secondary' on Cisco gear. I seem to remember reading that the use of secondary addresses is a bad idea, but I can't recall the details of why. Process switched?
No, traffic to hosts within a subnet configured as secondaries will be CEF switched. The only "bad" thing I can think of with secondaries, is that it's often not what you want, why not split it on layer 2 as well, and get the benefit of a smaller broadcast domain ?
Can anyone offer a resource or more specific information?
/Jesper
On Sat, 31 Jul 2004, Jesper Skriver wrote:
On Fri, Jul 30, 2004 at 10:21:06AM -0700, Dan Lockwood wrote:
I'm in a debate with a guy over the use of 'ip address x.x.x.x s.s.s.s secondary' on Cisco gear. I seem to remember reading that the use of secondary addresses is a bad idea, but I can't recall the details of why. Process switched?
No, traffic to hosts within a subnet configured as secondaries will be CEF switched.
The only "bad" thing I can think of with secondaries, is that it's often not what you want, why not split it on layer 2 as well, and get the benefit of a smaller broadcast domain ?
A few other possible issues: 1) routing protocols (i.e. ospf) will not form adjacencies with devices in the secondary address subnets...so if you're doing this to get more address space on a particular ethernet without renumbering, if you need OSPF on the ethernet, all the OSPF speakers have to be in the primary subnet. 2) If you're doing this to separate customers, it doesn't really. They're all free to steal each others IPs. Better solutions would be VLAN trunking back to the router with a subint for each subnet or a L3 switch effectively doing that all in one box. 3) Human error. More than once I've seen someone change an interface's primary IP by "adding a secondary" and hitting return before typing "secondary". Maybe it would have been better/safer if the command were "secondary ip addr ..." :) ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Jon Lewis wrote:
On Sat, 31 Jul 2004, Jesper Skriver wrote:
On Fri, Jul 30, 2004 at 10:21:06AM -0700, Dan Lockwood wrote:
I'm in a debate with a guy over the use of 'ip address x.x.x.x s.s.s.s secondary' on Cisco gear. I seem to remember reading that the use of secondary addresses is a bad idea, but I can't recall the details of why. Process switched?
No, traffic to hosts within a subnet configured as secondaries will be CEF switched.
The only "bad" thing I can think of with secondaries, is that it's often not what you want, why not split it on layer 2 as well, and get the benefit of a smaller broadcast domain ?
A few other possible issues:
1) routing protocols (i.e. ospf) will not form adjacencies with devices in the secondary address subnets...so if you're doing this to get more address space on a particular ethernet without renumbering, if you need OSPF on the ethernet, all the OSPF speakers have to be in the primary subnet.
2) If you're doing this to separate customers, it doesn't really. They're all free to steal each others IPs. Better solutions would be VLAN trunking back to the router with a subint for each subnet or a L3 switch effectively doing that all in one box.
I meant to add (but apparently didn't sent the reply where I thought I did): Depending on traffic flows, the "one-armed" routing (bouncing the traffic from one IP net to the other off the router) can be a significant issue for the router.
3) Human error. More than once I've seen someone change an interface's primary IP by "adding a secondary" and hitting return before typing "secondary". Maybe it would have been better/safer if the command were "secondary ip addr ..." :)
That is an especial treat when you do it the interface you are talking to the router on. I always set a secondary on the most-likely-to-be-the-managment interface and left it there and used it for managment sessions. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
On Fri, Jul 30, 2004 at 10:21:06AM -0700, Dan Lockwood wrote:
I'm in a debate with a guy over the use of 'ip address x.x.x.x s.s.s.s secondary' on Cisco gear. I seem to remember reading that the use of secondary addresses is a bad idea, but I can't recall the details of why. Process switched? Can anyone offer a resource or more specific information?
One which hasn't been mentioned - DHCP will break horribly if the dhcp shared-subnets declarations don't match the multinetted subnets on the wire.
participants (5)
-
Dan Lockwood
-
Jesper Skriver
-
Jon Lewis
-
Laurence F. Sheldon, Jr.
-
Will Hargrave