I'm trying to implement VLANs on my network and can't get connectivity to host servers. Here's how the network is configured. Pardon the bad ascii diagram.
In this example my upstream is providing two subnets:
111.111.111.16/28 (I'm using an IP from this subnet to manage the 3550)
222.222.222.16/29
I am attempting subdivide the /29 into two /30's in order to place a server into it's own /30 subnet & VLAN ............
how to add different IPs in different VLANs
My customer requests different IPs in different class C, that are belong to different VLANs in the switch. Let's say
- they have 1.1.1.10 already on their server with gateway value is 1.1.1.1
- now they want to have 1.1.2.10 too.
I have no trouble to provide them a new IP, but wonder how to setup on server now? Different range will use different gateways.
Is there a VPS provider that will sell me a VM , and put it up somewhere, and can make me another VM in the future, on the same VLAN as the original VM ?
For example, pretend VM #1 has a NIC at 10.0.0.100
in the future, I want another VM with a nic at 10.0.0.101
I was looking at Go-Grid , but I'm not sure how their pricing works.
I need a basic L3 switch for maybe 25 mbps that will do hopefully up to 50 VLANs and which will not require me to hire someone to configure it.
As much as I like Cisco, that rules them out.
The reason I'd like a Layer 3 switch is so that I can run my backups and inter-server transfers without adding to my bandwidth bill. Also, VLANS are a critical requirement as i have a lot of customers with root on their managed servers.
So i am looking at HP [gasp] switches. How "easy" is the web-based configuration widget? [I'm an advanced unix admin but networking is a mystery to me.]
This is a starter switch and once i have a full cab of servers I'll be able to spend $7K on a pair of 3560s and hire someone to configure them for me ... but until then what can i get to meet my requirements?
My switch 3COM 4500 (Layer3) ;
I want port 1 of switch work in all VLANS!
I created vlan2, vlan3 and add this trunk/hybrid port in all vlans and ping no work por port1.
I orded today new switch 3COM (48 port + 2giga + 2 fiber).
In WebPanel i created:
vlan2: port1 - port 20
vlan3: port21 - port40
I want configure switch for port 41-48 access all ports;
What solution for this cenary?
What's the benefits of these private VLANs I've seen advertised around? Anyone have a good understanding?
I've read a few things about them but have yet to fully grasp the concept.
I'm not sure exactly how to phrase the question. But, I'm researching how to PXE boot a server without having a DHCP/PXE server in each vlan.
Scenario: Datacenter with dozens of servers. 1 VLAN per server. Cisco switches and routers. Each server has a serial console available for remote management (OS and BIOS are configured for serial console). If an admin wants to re-install OS, they should be able to reboot the server and tell the BIOS to initiate a PXE boot request. A central install server is available to provide the DHCP and PXE boot images.
Has anyone tried this? I have been reading about the 'ip helper-address' for Cisco to relay DHCP requests. Interested in hearing about real-world setups. Or is there a better way to accomplish remote OS installs?
I have two servers both in a same vlan. Both may access Internet and be acceessed from Internet I setup db server and web server internal IP each as follows:
step 1: on web server:
vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
add following:
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.1.255
IPADDR=192.168.1.5
NETMASK=255.255.255.248
NETWORK=192.168.1.0/24
ONBOOT=yes
TYPE=Ethernet
save and /etc/init.d/network restart
step 2: on db server:
vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
add following:
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.1.255
IPADDR=192.168.1.10
NETMASK=255.255.255.248
NETWORK=192.168.1.0/24
ONBOOT=yes
TYPE=Ethernet
save and /etc/init.d/network restart
I used ifconfig to check both status, both of them are up. both of them may ping google, but when I try to ping their each other through internal IP, nothing returns.
I used command tracert to follow, found all packages were sent to Internet rather than an internal IP.
My host tells me to do it by making NAT, I have no idea on it. Anyone may help me out on how to do with NAT?
we are looking for a provider that provides public ip vlans' with dedicated server purchases,
so far,,
we have found few companies that offer this at no extra charge or minimal extra charge
1) softlayer (best choice)
2) singlehop
3) nocster/burst.net (not a good provider for business hosting / not reliable / no phone support)
does anyone know of any other dedicated server providers that offer public ip vlans for no extra charge or minimal extra charge?
I'm looking for a solution that I can place a firewall between 2 vlans on
a BigIron router with L3 enabled.
For this moment there is one big vlan2 with a ip-route 0.0.0.0 0.0.0.0
123.123.123.123 and a router-interface ve2 with the IP of the router, the
address I use as gateway on the machines behind it.
The WAN port has the IP address to communicate with to the GW of the
carrier-router (123.123.123.122)
Because I want to let the BigIron the routing I was thinking of 2 vlans,
one for the lan-vlan and one for the wan-vlan, but this will be a problem
because I only have one IP-block what I can use.
So the sitiuation must be as follow on the BigIron:
WAN => vlan2 => firewall => vlan3(lan)
Because of the fact that the firewall will be transparent, this should be
no problem to place it between the vlans. The actual problem is how to
manage this. In simple words, I should be able to replace the firewall
with a cross-cable and it should still work.
Cisco for an example has a SVI solution for this, but I can't find such
thing for a Foundry router.
Having a slight problem working with one of our Extreme Summit 48 (ugh) switches - I've figured out most of the basics, but I can't seem to find any way to add a secondary IP address to a VLAN! This, I would have thought, would be a pretty basic feature to have. Typing "config vlan [vlanname] ipaddress 1.2.3.4/24" works for setting the primary IP, but I can't figure out how to add any more - and doing the command again just overwrites the first one.
So... does anyone have any tricks up their sleeve, or is this something that Extreme neglected to add to this model switch?
We offer colocation & dedicated servers as well as shared & reseller hosting services.
Our colocation customers and dedicated server customers are definitely on their own VLANs for obvious reasons.
Up until now, we have been using separate VLANS and ip allocations for each of the servers in our shared & reseller server fleet. I'm starting to question this policy for many reasons:
1) We directly manage all of the servers and it is very rare that any servers are compromised to the point where they can steal an IP address.
2) We are wasting IP addresses - network, broadcast and gateway addresses are required for each vlan. Additionally, if a server needs 1 more IP address, we need to add a whole new block.
If all of the servers are under our direct management, does it make sense for us to use any vlans at all? It seems that it only serves to complicate things, waste ips and add management overhead.
I've read that all ethernet switches in a MST Region need the same Name, Revision number, and list of member vlans for each Instance. So what happens when you need to change the range of VLANs in a MSTI ? Let's say that you need to add a range of vlans to an instance that spans 20 switches? How would you do that?
View 1 Replies View RelatedCan you make a recommendation for a switch-based L3 router which can
- hold a moderate number of routes (interface routes, a few hundred statics + default)
- OSPF and BGP
- MST
- 1024 layer-3 dot1q subinterfaces (or maybe VLAN interfaces)
with
+ traffic policing in and out per subinterface/vlan
+ VRRP/HSRP/NSRP
- IPv4 & IPv6 native
- 2x GigE ports
- Not tip-over under 1gbps DDoS towards a VLAN interface.
I've been using 3560Gs, but they seem to lack the output traffic policing. I'd prefer to have subinterfaces which don't run spanning-tree, versus Vlan Interfaces to a trunk interface which runs spanning-tree. These switches sit at the L3 boundary between two L2 networks.
Cost is a big factor; but I also must carry vendor licenses & support contract, if the vendor asserts that not doing so is illegal in US.
if there is any way to forward an external IP to an internal subnet without NAT.
I have a server that is configured with a 10.0.100.101 IP and the L3 switch doesn't support NAT, so I can't get on it right now without manually changing the IP on the NIC to a public IP address.
I have a linux router with 2 external and 2 internal ports.
Each port needs to route traffic to one of the internal ports, and the internal traffic between the 2 internal ports should not go out the external ports.
The IPS on the internal networks are global. ie. no NAT required.
I think what I need is this..
$ext_net1 = external nework IP/MASK 1
$EXT_IP1 = ip of external interface 1
$ext_net2 = external nework IP/MASK 2
$EXT_IP2 = ip of external interface 2
$int_net1 = internal network IP/MASK 1
$int_net2 = internal network IP/MASK 2
ip route add $ext_net1 dev eth0 src $EXT_IP1 table 1
ip route add default via $ext1_gw table 1
ip route add $int_net1 dev eth1
ip route add $ext_net2 dev eth2 src $EXT_IP2 table 2
ip route add default via $ext2_gw table 2
ip route add $int_net1 dev eth3
ip rule add from $int_net1 table 1
ip rule add from $int_net2 table 2
I have a Webmux load balancer and behind that a Cisco Pix. Behind that I have several servers. The Webmux and Cisco Pix do double NAT so his servers have public IPs.
The problem is that I've added a 4th server, I added it to the Webmux and it's get NATted to an 192.168.x.x IP. Now I just need to add it to the Cisco Pix, natting it back to the real IP BUT the Pix can only have one IP on its inside interface and the Server IP is not on the same subnet as that IP.
So when I try to add the real IP it asks me how to route it....
I have a server that has multiple IPs, one of which I'm using for a VM that is bridged.
The issue is, internally, that IP is trying to point to itself rather then the bridged nic (which is technically a whole other server plugged into the same switch, logically).
I think I know why, I just don't know how to fix it. This is the config file for the ranges:
Quote:
# Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
DEVICE=eth1
BOOTPROTO=static
DHCPCLASS=
HWADDR=....
ONBOOT=yes
IPADDR_START=....243
IPADDR_END=....254
CLONENUM_START=0
GATEWAY=....241
NETMASK=255.255.255.240
NO_ALIASROUTING=yes
(edited a few things out just in case)
Basically, there's a start and an end, is there a way to exclude an IP?
to expand our existing DNS setup with nodes in North America and Asia.
Therefore, we are searching ISPs that can provide dedicated servers and route an existing (RIPE PI) IP range to that server which will be anycastet for DNS service?
What company would be able to provide that service?
I put together a router running Zebra(yes, I know, should have used Quagga) with a few public ip addresses taking in a full BGP table.
There is a Win2k3 server behind the router running routing and remote access for VPN clients to connect to. Our team's project was to get the win2k3 server VPN clients out onto the public internet with public IP addresses.
I installed another NIC card onto the Win2k3 server and connected it with the router, and assigned the router and the server a private IP address. Both are pingable from both devices.
I then had a VPN client connect in, RRAS assigned the client a public IP address, the router was able to ping the VPN client and so was the Win2k3 server.
I tried pinging the VPN client from another machine on the network with a default gateway pointed toward the router, and there is no response.
Is there something I don't know about with Zebra and Redhat?
I'm experiencing some odd issues, I have a cpanel setup, however on port 2086 the server is currently listening however on port 80 it fails to listen. Apache is running and no errors appear in the errors log.
Running ifconfig shows that there are errors and dropped packets.
I was changing ip routes earlier that day however all seems fine...
Oddly I can ping internally on the network and noticed a number of other servers in the broadcast range. These respond fine, however pinging google or outside the data center fails.
ping google.com
ping: unknown host google.com
HTML Code:
eth0 Link encap:Ethernet HWaddr 00:14:85:3D:A2:20
inet addr:122.252.4.* Bcast:122.252.4.255 Mask:255.255.255.0
inet6 addr: fe80::214:85ff:fe3d:a220/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:289198921 errors:4 dropped:182 overruns:0 frame:3
TX packets:230175646 errors:19 dropped:0 overruns:0 carrier:19
collisions:8927682 txqueuelen:10
RX bytes:3521641159 (3.2 GiB) TX bytes:2563591520 (2.3 GiB)
Base address:0x2400 Memory:dd100000-dd120000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:127443475 errors:0 dropped:0 overruns:0 frame:0
TX packets:127443475 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1102069037 (1.0 GiB) TX bytes:1102069037 (1.0 GiB)
I have the following problem with a CentOS server:
The main IP of the server is yyy.zzz.www.qqq
We've just purchased 3 additional IPs: aaa.bbb.ccc.100, aaa.bbb.ccc.101, aaa.bbb.ccc.102.
First, all outgoing traffic used aaa.bbb.ccc.100, but after deleting the gateways from the additional IPs it seemed to work fine, until we found out the following:
Now all traffic to aaa.bbb.ccc.XXX uses aaa.bbb.ccc.100 as outgoing IP.
What command would change this to use our main IP?
I am setting up a small ccna lab and i have RIP working and i can ping my lan from both routers, but only certain hosts on the lan from the one router the setup is
LAN (192.168.1.0/255.255.255.0)
|
/
router 1 E0 192.168.1.45
Serial0 10.10.10.1
|
/
Serial0 10.10.10.2 (of router2)
|
/
E0 192.168.3.250
E1 192.168.2.250
Lo 192.168.5.4
I can ping 192.168.1.102 from router 2 and 192.168.1.45 but no not 192.168.1.201 ... or 192.168.1.1
also i can ping 192.168.5.4 from 192.168.1.102 which is a linux box and an ip route to tell it that 192.168.5.0 can be gotten from 192.168.1.45
Can someone recommend me good (and cheapest) routing or switching gear for the following scenario?
Multiple 1Gbit links, possibility to have a single 10GE link
Sustained 2Gbps of traffic, 4Gbps of peak traffic (streaming media)
I've been doing some traceroutes between Chicago and Dallas. Tracing from Chicago -> Dallas, I go through Denver almost 100% of the time. Tracing from Dallas -> Chicago, I go through Denver or Atlanta before routing to Chicago.
Is this normal? Looking at the Level 3 network map there seems to be several, much shorter routes.
I run a game server on The Planet, and lot of people have huge routing issues where their route randomly changes, and when it does, they'll get horrible packet loss and lag. It's totally random, one day it may happen to me, while it's not happening to someone else, then it will switch. But it's definately the host and not our home connections as it affects about half the server at any given time, it just picks different people.
Just wondering if anyone who uses The Planet has had issues like this? I pretty much debugged everything and tried everything to no avail and of course their support just said it's not at their end (all isps of any type say that regardless of the situation).
This is how a typical trace route would look like:
Code:
3 9 ms 9 ms 19 ms GE-2-1-ur01.N3Alpharetta.ga.atlanta.comcast.net
[68.86.110.17]
4 8 ms 12 ms 7 ms 68.86.106.133
5 8 ms 14 ms 13 ms 68.86.106.129
6 9 ms 8 ms 19 ms 68.86.106.125
7 9 ms 7 ms 8 ms 68.86.106.13
8 22 ms 7 ms 8 ms 68.86.106.9
9 11 ms 11 ms 8 ms 68.86.90.121
10 29 ms 21 ms 39 ms te-0-7-0-0-cr01.nashville.tn.ibone.comcast.net [
68.86.84.65]
11 31 ms 66 ms 30 ms te-0-0-0-4-cr01.chicago.il.ibone.comcast.net [68
.86.84.77]
12 50 ms 41 ms 56 ms 68.86.84.17
13 44 ms 45 ms 53 ms 68.86.85.38
14 53 ms 49 ms 50 ms 68.86.85.45
15 49 ms 51 ms 59 ms te-7-3.car1.Washington1.Level3.net [63.210.62.57
]
16 57 ms 53 ms 54 ms ae-32-52.ebr2.Washington1.Level3.net [4.68.121.6
2]
17 79 ms 93 ms 86 ms ae-2.ebr2.Chicago1.Level3.net [4.69.132.69]
18 * * 103 ms ae-1-100.ebr1.Chicago1.Level3.net [4.69.132.41]
19 115 ms 110 ms 126 ms ae-3.ebr2.Denver1.Level3.net [4.69.132.61]
20 125 ms 178 ms 126 ms ae-1-100.ebr1.Denver1.Level3.net [4.69.132.37]
21 132 ms 128 ms * ae-2.ebr1.Dallas1.Level3.net [4.69.132.106]
22 141 ms 130 ms 131 ms ae-14-55.car4.Dallas1.Level3.net [4.68.122.144]
23 130 ms 140 ms 129 ms THE-PLANET.car4.Dallas1.Level3.net [4.71.122.2]
24 130 ms 141 ms 130 ms te7-2.dsr02.dllstx3.theplanet.com [70.87.253.26]
25 * 130 ms 134 ms vl42.dsr02.dllstx4.theplanet.com [70.85.127.91]
26 135 ms 138 ms * gi1-0-1.car11.dllstx4.theplanet.com [67.19.255.4
2]
27 127 ms 135 ms 133 ms a.c4.1343.static.theplanet.com [67.19.196.10]
Another:
Code:
4 209.226.50.77 (209.226.50.77) 49.145 ms 46.724 ms 47.563 ms
5 142.46.7.1 (142.46.7.1) 55.852 ms 56.377 ms 55.110 ms
6 142.46.128.53 (142.46.128.53) 59.420 ms 56.865 ms 59.141 ms
7 142.46.128.5 (142.46.128.5) 59.277 ms 61.681 ms 59.702 ms
8 ge-1-1-0.ar1.YYZ1.gblx.net (64.212.16.81) 59.951 ms 58.555 ms 58.397 ms
9 por4-0-0-10G.ar2.DAL2.gblx.net (67.17.105.38) 95.604 ms 98.524 ms 97.206 ms
10 The-Planet.GigabitEthernet7-3.ar2.DAL2.gblx.net (64.208.170.198) 252.656 ms 251.881 ms 251.271 ms
11 te7-2.dsr01.dllstx3.theplanet.com (70.87.253.10) 253.416 ms te9-2.dsr02.dllstx3.theplanet.com (70.87.253.30) 252.040 ms te7-2.dsr02.dllstx3.theplanet.com (70.87.253.26) 251.873 ms
12 vl41.dsr01.dllstx4.theplanet.com (70.85.127.83) 255.683 ms vl42.dsr02.dllstx4.theplanet.com (70.85.127.91) 257.144 ms vl41.dsr01.dllstx4.theplanet.com (70.85.127.83) 263.597 ms
13 gi1-0-1.car11.dllstx4.theplanet.com (67.19.255.42) 259.076 ms gi1-0-2.car11.dllstx4.theplanet.com (67.19.255.170) 262.143 ms gi1-0-1.car11.dllstx4.theplanet.com (67.19.255.42) 263.775 ms
14 a.c4.1343.static.theplanet.com (67.19.196.10) 264.516 ms 265.046 ms 264.407 ms
-bash-3.1$
Actually if anyone is interested in looking this more I posted a thread here. But not needed. Just want to know if anyone else has had issues like this with The Planet. The only thing I can think of right now is switching hosts, but thats an expensive process as for the transition time I'll be paying for two hosts.
Our colo has two carriers, call them A and B. I have discovered the colo provider is round-robining traffic out it's two carriers on a per-packet basis, not per flow.
Assume we want to reach destination IP a.b.c.d.
%> traceroute -q5 a.b.c.d
Results show that at the hop leaving the colo's border router, some packets transit Carrier A and some Carrier B, to the same destination IP, during the same traceroute.
Is this a routing Best Practice, or am I correct in thinking this is the Lazy Man's way of load balancing across multiple circuits, multiple carriers? BGP route selection does not seem to apply here (i.e., either Carrier A or Carrier B but not both at the same time).
if using the Internap FCP technology to optimize the routing. I want a feedback on it, since I want to deploy this solution for have a better traffict routing.
Also, is anyone using avaya? i have looked in their website, but I have no information about their routing optimizer. Basically I want to go beyond of normal BGP since I will be deploying VoIP services soon.
We have a weird CentOS routing problem:
We need traffic to a certain subnet to go out via a second interface IP, rather than the main IP.
I.E, eth0 has IP x.x.x.x and eth0:1 has IP x.x.x.y (on the same subnet). I want traffic to z.z.z.z to go with a source of x.x.x.y rather than x.x.x.x like all the other traffic.
However I add the route and specifiy the device eth0:1 it accepts it but it goes into the routing table as eth0, whether I do it through network-scripts/route-eth0:1 or route add -host z.z.z.z gw a.b.c.d dev eth0:1.
When I ping with the -I command for eth0:1 it works, so the idea works fine, I just don't want to have to specify the interface in the application, but to do it within the routing table.
This is on CentOS 5 under Xen but I've tested on CentOS 4 under Virtuozzo too and it's the same.
I have an exchange server with the webmin interface activated. I have port 80 forwarded on the router to this server for the webmin. Management wants to upgrade data service and move website server in-house.
So this is how I'll need to set up 2 websites on two servers for the same IP.
Server 1: Windows. accepts domain mail.domain.com
Server 2: Linux. accepts www.domain.com
I'm figuring I'll need to make changes at the router level, and I have a decent cisco router. What do I need to do? Point me in the right direction for googling.
Would it be easier to use 2 IPs? Both would come over the same line, how would I handle that on the router level?