#cisco
25 December 2007
Total 7 pages. You are browsing page 2/7.
First :: Prev :: [1] [2] [3] [4] [5] [...] :: Next :: Last
05:22 <****> the problem is sending 2 seperate networks across a layer 3 link
05:22 <****> you'd need trunking or full vrf for that
05:23 <****> sigh, yeah trunking to access is what I am trying to avoid.
05:24 <****> why?
05:25 <****> I would like to limit STP/layer2 problem domains within the campus as much as possible.
05:25 <****> well, trunk just 2 point to point l3 links, maybe
05:26 <****> For most of our networks layer3 to the access layer is fine, there are some expections where vendors have equipment located around campus where our policy is to isolate them to a common VLAN routed via FWSMs.
05:27 <****> loceur - wouldn't it be a layer3 link per vendor though?
05:28 <****> yep
05:29 <****> So what about VRF-lite vs VRF limits it to a single VRF per interface? The fact that there are no labels to sort through?
05:30 <****> vrf-lite is just local segmenting
05:30 <****> local to a router
05:30 <****> vrf is full mpls
05:30 <****> what's your 'access' routers?
05:30 <****> what type?
05:30 <****> 6500s?
05:31 <****> 65xx-SUP32 for campus access, 6509-SUP720VSS for distribution, farm and 7600/SUP720 for core
05:32 <****> But at least at this time I doubt I can justify the 10k per access switch to upgrade to IP advanced services
05:32 <****> vss
05:32 <****> nice
05:33 <****> you have vsses and you can't justify a software upgrade?
05:33 <****> i hope you dont plan on sup32s carrying full table
05:33 <****> eak
05:33 <****> and just 0/0
05:33 <****> loc - with bundle pricing the VSS was only 8k more (before discount)
05:33 <****> implement the vss yet?
05:34 <****> plus 10k x 60 = 600k and our budget was stretched as is :)
05:34 <****> k
05:34 <****> so vrf-lite on each switch
05:34 <****> and trunk with point to point to the distro
05:34 <****> poor mans mpls
05:34 <****> lol
05:34 <****> poor mans mpls
05:35 <****> Ghetto MPLS
05:35 <****> I think you should offer that up. A. Ghetto MPLS
05:35 <****> B. MPLS
05:35 <****> I should :)
05:36 <****> but then i'll have to do the management overhead to $$$ presenation to justify the IOS upgrade :)
05:36 <****> um
05:36 <****> i usually build ios upgrades/smartnet into net capitalized cost for project estimates
05:36 <****> just add the words 'Ghetto rigging it'
05:37 <****> for 10 years
05:37 <****> somewhere in the presso
05:37 <****> use terms the execs understand
05:37 <****> like
05:37 <****> "This would be like your daughter bringing home a meth head for a boyfriend"
05:37 <****> lol
05:38 <****> 'it;s like buying the benz and not opting for the tires'
05:39 <****> Hmmm, sigh. I think i'll just trunk the vendor vlans and configure layer interfaces on the access switches for the common data/voice vlans.
05:40 <****> KISS
05:40 <****> I'd agree
05:40 <****> if you can't do it right, do it simple
05:40 * loceur ducks
05:40 <****> simple is usually right to me.
05:40 <****> as long as it satisfys the reqs
05:40 <****> simple means you don't have to think about it too much when an outage occurs at 3am
05:41 <****> if it's too complicated to deal with at 3am, you've fucked up
05:41 <****> Stixs; come back and tell us how you like the VSS
05:41 <****> Yes :), I think i'll just tell our Cisco account team that if they want us to do pure layer3 to access layer they need to sell MPLS enabled access switches :)
05:41 <****> now you're talking to the right people
05:42 <****> loc - I will, but we wont be deploying them in VSS mode right away, until they support FWSM modules anyways
05:42 <****> those guys cave like bad habits
05:42 <****> fwsm yuck
05:43 <****> better than doing ACLs in IOS for a huge number of DMZs.
05:44 <****> until 3am
05:44 <****> But thats when your failover FWSM tries to kick in and the HA fails ;)
05:45 <****> or better yet half of the interfaces are active on both sides :)
05:47 <****> I pulled a pair of fwsms and replaced them with asas
05:47 <****> long story that I don't have time for
05:47 <****> nite
05:47 <****> night
05:50 <****> Unter, to answer your earlier question. The access layer switches shouldn't need more than 0/0.
05:50 <****> right
05:50 <****> redist connected ints into whatever igp u run
05:50 <****> We are eigrp currently, but likely moving to OSPF.
05:51 <****> enhanced im gonna route poorly
05:52 <****> We are redoing our ip scheme so we should be able to summarize one IP block from each access switch.
05:52 <****> you aren't going to have HSRP/VRRP/GLBP pairs?
05:54 <****> in server farms yes, our data closets will have two switches but devices are distributed across them (i.e. devices on network a and b). In the case of wireless the APs all get tunneled anyways so they don't care what network they are on.
05:54 <****> tunneled to where
05:54 <****> a common l2 domain?
05:55 <****> LWAPP, WISMs in the distribution blocks
05:55 <****> one hop away (per building)
05:55 <****> ah
05:55 <****> ive never done that
05:55 <****> forgein to me
05:55 <****> <- sticks to MPLS and 6500s these days
05:56 <****> and netscreens, i guess
05:57 <****> LWAPP is pretty cool, basically they boot up find their controllers via DHCP options and create an IP VPN to one of the controllers (can be anywhere on the network), all clients connected to the AP are now tunneled directly to the controller.
05:59 <****> We use mostly 802.11A, so our AP density is high enough where we can lose half of the APs on the floor without a user expereinced hit, so AP's are alternated between the two switches in the data closets.
06:17 <****> slow night
06:20 <****> fast morning here
06:20 <****> already 9 and a deadline is 11 am
06:20 <****> ahhhhhhhhhhhh .... what am i gonna do
06:20 <****> byebye
06:29 <****> hey
06:32 <****> yo
06:34 <****> what's up IPv4Freely
06:34 <****> how's your script-fu ?
06:34 <****> very quiet cristmas night in canada
Total 7 pages. You are browsing page 2/7.
First :: Prev :: [1] [2] [3] [4] [5] [...] :: Next :: Last