steve at ibctech
Aug 20, 2008, 10:48 PM
Post #1 of 3
(1367 views)
Permalink
|
|
L2 VLANs, intermediate network and L3 management (LONG)
|
|
Hi all,
It seems as of the last couple of months or so that I've been nearly the
only one to ask questions on this list, so I hope I'm breaking the
silence with a very winded but reasonable, and hopefully simple question.
Please bear with me if you will, with the understanding that I've read,
numerous times, and understand the RFC4861 and RFC4862 specifications,
but have never had the need to use them with any implementation as of yet.
I'm now in a position where I *think* I'd like to, but to me, it's a new
territory.
---
Scenario (IN == Intermediary Network that does not allow q-in-q and
provides a tagged VLAN for each CP):
vlan 501 -- CPE 1
/
/
CO -- IN -- vlan 502 -- CPE 2
\
\
vlan 503 -- CPE 3
CO is a Catalyst switch that has a Cisco .1q trunk port that carries all
VLANs via a single fibre converter from the intermediary network (PUC).
Another port on the switch then trunks to a single Cisco router
interface, where each VLAN has its own sub-int. My network is small, but
I would classify this router to be in the 'access layer'.
For political and logistical purposes, the 'default-gateway' of most
client device that connects to this portion of our network is the router
at the CO side as mentioned above. Each CPE has its own prefix which has
its own sub int on the router.
---
Problem:
The Cat switch is in place so that we can administratively put one of
the ports into 'sw ac vlan xxx' to trace problems.
That said, if we need to reach portions of the client network via Layer
3, we need to manually configure an IP address within their VLANs scope
in order to do anything useful. I don't want to do this.
--
Question:
With a very good understanding of the specifications, but with no
experience whatsoever, could anyone provide pros/cons and/or
configuration examples on what I'm thinking?
I was thinking that I could almost leave all the v4 info statically
set/routed and left alone, so I don't have to ask the client for (or
reserve) addresses for management purposes. (A couple of clients are
Layer-2 with 1918 in-and-out, and a couple others I have eBGP with
private ASs as they connect to multiple physical ingress methods to our
network).
In this regard, with the lack of CPE that our (and I believe most other
SP) clients have that comply with 4861 and 4862 (or IPv6 in general),
I'm thinking I could use this to my advantage.
Perhaps I can tune the router to provide us with dynamic management
layer-3 info without any manual configuration, and without the IPv4
space the client has been assigned interfered with.
--
Thoughts:
- set each VLAN sub-int on the router a EUI-64 address
- inform the router that each sub-int needs to perform on-link prefix
advertisement
- I enable VLAN access on a switchport, plug in a laptop, and
immediately am on link with CO and CP ends, L2 *and* L3 (we have
equipment at the client prem for this purpose, another Cisco switch)
--
Summary:
Will this work?
Will using IPv6 as a dynamic management 'hack' work in this regard?
Can someone introduce to me a config from a Cisco that displays portions
of the 4861 and 4862 specs?
If you've read this far, I appreciate it. Honestly, I'm typing with a
high fever and without having slept properly for a few days due to being
very ill.
Without being able to sleep, I really have nothing better to do at this
time than to poke the people who breath IPv6 for information ;)
Thanks all,
Steve
|
