Router with 2 (or more) interfaces in same network
Hi, I am curious to know if its possible to have a router with its two interfaces, say configured as, 1.1.1.1/16 and 1.1.1.2/16. Theoretically, i see nothing which can stop a router from doing this. But practically, is it of any use? And if used, then, when and why will somebody want to use such a kind of configuration? Would appreciate if somebody could enlighten me on this. Regards, Rasputin P.S. I have a customer who insists he wants to do this, without providing any explanations! ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk
On 11 Nov 2003 08:35 UTC Sylvia Sugar <truesylvia@yahoo.co.uk> wrote:
I have a customer who insists he wants to do this, without providing any explanations!
In my experience if a customer says they want to do something but will not provide explanations, then either they have been told by someone else to ask for that (and have possibly misunderstood the requirement) or they know that if they did provide the explanations, you would be most unlikely to agree to their doing it. If the former case applies you should always ask that the request come directly to you - rather than through the (often-unwilling) intermediary! -- Richard Cox \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Contribute to the SpamCon Legal Fund!! http://www.spamcon.org/legalfund/
In a message written on Tue, Nov 11, 2003 at 08:35:34AM +0000, Sugar, Sylvia wrote:
I am curious to know if its possible to have a router with its two interfaces, say configured as, 1.1.1.1/16 and 1.1.1.2/16. Theoretically, i see nothing which can stop a router from doing this.
Cisco's don't let you do this. I have always considered that broken, although I'm sure Cisco thinks it's a feature. Other routers (of note FreeBSD boxes) do this just fine. In almost all cases I've seen it done it was for more bandwidth to the box (typically inbound only, because there are no good tools on Unix boxes to split the traffic between the outgoing interfaces). I've seen it done a lot in labs where you have something like this: client 1 | | client 5 client 2 +----B----+ client 6 client 3 | | client 7 client 4 | | client 8 | | file-server-router-box | Internet Where all the clients are in one subnet, there are two interfaces, and the networks are separated (today the left and right groups on two different switches, I drew the old school picture of thinwire with a bridge in the middle. While this will work (with some boxes, again Cisco's won't let you configure the same subnet on two interfaces), it is at best a hack that helps in some specific instances. It is quite clearly not good network design. Maybe they have one of those specific instances but I'd get a lot more detail and be sure before you offer up this hack as otherwise you've got a messy config that didn't do what the customer wanted anyway. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
On Tue, Nov 11, 2003 at 09:55:34AM -0500, Leo Bicknell wrote:
In a message written on Tue, Nov 11, 2003 at 08:35:34AM +0000, Sugar, Sylvia wrote:
I am curious to know if its possible to have a router with its two interfaces, say configured as, 1.1.1.1/16 and 1.1.1.2/16. Theoretically, i see nothing which can stop a router from doing this.
Cisco's don't let you do this. I have always considered that broken, although I'm sure Cisco thinks it's a feature.
I'm not sure how Cisco is wrong on this one. If you want 2 router interfaces to have the same route and you actually want both of them to work, it means at the very least you must have a non point-to-point medium, such as Ethernet. In this case, the correct configuration would be a bridge-group and IRB, creating a virtual routed interface with 2 physical ports for bridging.
Other routers (of note FreeBSD boxes) do this just fine. In almost all cases I've seen it done it was for more bandwidth to the box (typically inbound only, because there are no good tools on Unix boxes to split the traffic between the outgoing interfaces).
I love FreeBSD, but it's routing code is probably the thing you least want to look to for examples on how things should be. BTW there is a netgraph module for L2 hash-based load balancing (aka etherchannel without the PAgP/LACP), but yeah the lack of ECMP and a reasonable switching method to support it falls into the category of the previous sentence. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
In a message written on Tue, Nov 11, 2003 at 10:34:31AM -0500, Richard A Steenbergen wrote:
I'm not sure how Cisco is wrong on this one. If you want 2 router interfaces to have the same route and you actually want both of them to work, it means at the very least you must have a non point-to-point medium, such as Ethernet. In this case, the correct configuration would be a bridge-group and IRB, creating a virtual routed interface with 2 physical ports for bridging.
Correct config yes, however it doesn't have some of the load balancing properties the other "hack" method does. Given how many other ways Cisco will let you shoot yourself in the foot, this particular "feature" seems odd. I've asked about it before though, and it seems to a under-the-hood issue due to the way they do arp.
I love FreeBSD, but it's routing code is probably the thing you least want to look to for examples on how things should be. BTW there is a netgraph module for L2 hash-based load balancing (aka etherchannel without the PAgP/LACP), but yeah the lack of ECMP and a reasonable switching method to support it falls into the category of the previous sentence. :)
Well, s/FreeBSD/{Linux,SunOS,HP-UX,OSF/1,probably others}/. I've seen this done a lot with various unix boxes. Never tried on a Juniper. My point was simply that there are boxes that will let you do this, and that some people do it with great success to solve specific problems. Doesn't mean it's not a hack, or that an ISP should "support" that type of configuration. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
Leo Bicknell wrote:
In a message written on Tue, Nov 11, 2003 at 08:35:34AM +0000, Sugar, Sylvia wrote:
I am curious to know if its possible to have a router with its two interfaces, say configured as, 1.1.1.1/16 and 1.1.1.2/16. Theoretically, i see nothing which can stop a router from doing this.
Cisco's don't let you do this. I have always considered that broken, although I'm sure Cisco thinks it's a feature. Other routers (of note FreeBSD boxes) do this just fine.
Errr, no. FreeBSD won't let you do this. # ifconfig fxp0 inet 10.0.0.1 # ifconfig ep0 inet 10.0.0.2 ifconfig: ioctl (SIOCAIFADDR): File exists The error is a round-about way for the system to tell you, "hey, genius, I've already got a route for that network." You _used_ to be able to do this (oh, over two years ago?). The address was assigned to the interface, and the error from trying to add a duplicate route was simply ignored, no route got added anywhere. You can figure out when the change was made by examining the code or by seeing when the maillists started to get flooded by people who could no longer do, # ifconfig if0 inet 10.0.0.1 # ifconfig if0 alias 10.0.0.2 When they meant, # ifconfig if0 inet 10.0.0.1 # ifconfig if0 alias 10.0.0.2 netmask 0xffffffff But to reiterate the problem here, it's not really assigning addresses to interfaces, but trying to assign a route to the same network to different places. -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387
In a message written on Tue, Nov 11, 2003 at 09:38:23AM -0800, Crist Clark wrote:
You _used_ to be able to do this (oh, over two years ago?). The address was assigned to the interface, and the error from trying to add a duplicate route was simply ignored, no route got added anywhere. You can figure out when the change was made by examining the code or by seeing when the maillists started to get flooded by people who could no longer do,
When the code changed to support multiple IP's on a single interface it changed the way you configure this in FreeBSD land: testbox# ifconfig fxp1 fxp1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 ether 00:02:b3:3e:a7:e6 media: Ethernet autoselect (none) status: no carrier testbox# ifconfig fxp2 fxp2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 ether 00:02:b3:3e:a5:f1 media: Ethernet autoselect (none) status: no carrier testbox# ifconfig fxp1 inet 10.10.10.1 netmask 255.255.255.0 testbox# ifconfig fxp2 inet 10.10.10.2 netmask 255.255.255.255 testbox# ifconfig fxp1 fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 inet6 fe80::202:b3ff:fe3e:a7e6%fxp1 prefixlen 64 scopeid 0x2 ether 00:02:b3:3e:a7:e6 media: Ethernet autoselect (none) status: no carrier testbox# ifconfig fxp2 fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::202:b3ff:fe3e:a5f1%fxp2 prefixlen 64 scopeid 0x4 inet 10.10.10.2 netmask 0xffffffff broadcast 10.10.10.2 ether 00:02:b3:3e:a5:f1 media: Ethernet autoselect (none) status: no carrier Just like an alias, the second (to nth) IP on a lan must have a host netmask due to the way the routing code works. If you plug both of these into a switch and put a host on the other end, traffic to .1 will go to fxp1, traffic to .2 will go to fxp2. Traffic leaving the box will use fxp1 only. At least, it worked this way the last I tested with 4.8, I haven't tried with the 5.x tree, but the box I did the test above on was a -current box. I shouldn't have opened my mouth. When you admit to knowing how to make a gross hack work it seems everyone wants to e-mail you about how it is a gross hack, or about all the picky details of how it works. :) -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
I think it will if you specify a netmask, otherwise it uses, wrongly in my view, an old style classless netmask based on the old class A B and C rules.
On a side issue then.. : Why do so many vendors automatically generate a classful netmask? Surely the correct practice is to force the input of a mask as there is these days (cidr) no system to state what your netmask is.. even a /24 would be better than typing in 10.3.2.1 and getting a /8 </rant> Steve
participants (7)
-
Crist Clark -
Leo Bicknell -
neil@DOMINO.ORG -
Richard A Steenbergen -
Richard Cox -
Stephen J. Wilcox -
Sugar, Sylvia