Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Question on passing MAC addresses over switched metro ethernet (http://www.velocityreviews.com/forums/t806940-question-on-passing-mac-addresses-over-switched-metro-ethernet.html)

pfisterfarm 12-14-2011 04:06 PM

Question on passing MAC addresses over switched metro ethernet
 
I've got a situation where several remote sites are connected to a
central location using AT&T's Customized Switched Metro Ethernet
(CSME). The core switches at each location are Cisco 4500 series
units.

The problem is this... each remote site has a server assigned to it,
which is being implemented as a virtual machine at the central
location in the vlan belonging to the remote site's core network. The
AT&T network learns the MAC addresses from each remote site, and the
switch at the central location learns them from AT&T. This is working
fine, but AT&T has to learn every MAC addresses from all the remote
sites. This means we need to make sure they're allowing sufficient
addresses to cover all the sites, plus they charge according to how
many they're allowing through.

I'm trying to research alternatives. Is there any way to pass the MAC
addresses from the remote site to the switches connecting the VMWare
servers (6 servers between 2 physical switches) without special setup
on AT&T's part? If it will require additional hardware, that's fine,
just need to look at all the options.

Rob 12-14-2011 05:24 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
pfisterfarm <pfisterfarm@gmail.com> wrote:
> I've got a situation where several remote sites are connected to a
> central location using AT&T's Customized Switched Metro Ethernet
> (CSME). The core switches at each location are Cisco 4500 series
> units.
>
> The problem is this... each remote site has a server assigned to it,
> which is being implemented as a virtual machine at the central
> location in the vlan belonging to the remote site's core network. The
> AT&T network learns the MAC addresses from each remote site, and the
> switch at the central location learns them from AT&T. This is working
> fine, but AT&T has to learn every MAC addresses from all the remote
> sites. This means we need to make sure they're allowing sufficient
> addresses to cover all the sites, plus they charge according to how
> many they're allowing through.
>
> I'm trying to research alternatives. Is there any way to pass the MAC
> addresses from the remote site to the switches connecting the VMWare
> servers (6 servers between 2 physical switches) without special setup
> on AT&T's part? If it will require additional hardware, that's fine,
> just need to look at all the options.


In a situation like that, we created an extra VLAN just for the links
and used IP routing to route the traffic over that VLAN to the remote
sites. Each links sees only the MAC addresses of the switches at each
end.

When you don't want IP routing you can of course use MAC-in-MAC tunneling.

pfisterfarm 12-14-2011 08:02 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
> When you don't want IP routing you can of course use MAC-in-MAC tunneling.

Is this something the service provider needs to make happen, or can I
do something on my end?

Rob 12-14-2011 08:51 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
pfisterfarm <pfisterfarm@gmail.com> wrote:
>> When you don't want IP routing you can of course use MAC-in-MAC tunneling.

>
> Is this something the service provider needs to make happen, or can I
> do something on my end?


I don't know. We use the IP routing, and it can be done with any layer 3
switch. It cleanly solves the problem.

Just create an extra VLAN, assign it a small subnet, put two different
addresses on each end of the link and assign an untagged port for your
link. Put in routes to route your traffic back and forth and go...

pfisterfarm 12-14-2011 09:36 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
On Dec 14, 3:51*pm, Rob <nom...@example.com> wrote:
> Just create an extra VLAN, assign it a small subnet, put two different
> addresses on each end of the link and assign an untagged port for your
> link. *Put in routes to route your traffic back and forth and go...


Actually, that's the way we've got it set up now. Not many remote
sites have "ip routing" enabled in their config, but those that do
still have mac addresses showing up at the central site. Is there some
way to stop that?

Rob 12-14-2011 09:45 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
pfisterfarm <pfisterfarm@gmail.com> wrote:
> On Dec 14, 3:51*pm, Rob <nom...@example.com> wrote:
>> Just create an extra VLAN, assign it a small subnet, put two different
>> addresses on each end of the link and assign an untagged port for your
>> link. *Put in routes to route your traffic back and forth and go...

>
> Actually, that's the way we've got it set up now. Not many remote
> sites have "ip routing" enabled in their config, but those that do
> still have mac addresses showing up at the central site. Is there some
> way to stop that?


Make sure the switchport that is connected to your link is only member
of the link VLAN, not of the default VLAN you use at the remote site.

pfisterfarm 12-15-2011 02:31 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
On Dec 14, 4:45*pm, Rob <nom...@example.com> wrote:
> pfisterfarm <pfisterf...@gmail.com> wrote:
> > On Dec 14, 3:51*pm, Rob <nom...@example.com> wrote:
> >> Just create an extra VLAN, assign it a small subnet, put two different
> >> addresses on each end of the link and assign an untagged port for your
> >> link. *Put in routes to route your traffic back and forth and go...

>
> > Actually, that's the way we've got it set up now. Not many remote
> > sites have "ip routing" enabled in their config, but those that do
> > still have mac addresses showing up at the central site. Is there some
> > way to stop that?

>
> Make sure the switchport that is connected to your link is only member
> of the link VLAN, not of the default VLAN you use at the remote site.


It's set up as a trunk port

Rob 12-15-2011 03:12 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
pfisterfarm <pfisterfarm@gmail.com> wrote:
> On Dec 14, 4:45?pm, Rob <nom...@example.com> wrote:
>> pfisterfarm <pfisterf...@gmail.com> wrote:
>> > On Dec 14, 3:51?pm, Rob <nom...@example.com> wrote:
>> >> Just create an extra VLAN, assign it a small subnet, put two different
>> >> addresses on each end of the link and assign an untagged port for your
>> >> link. ?Put in routes to route your traffic back and forth and go...

>>
>> > Actually, that's the way we've got it set up now. Not many remote
>> > sites have "ip routing" enabled in their config, but those that do
>> > still have mac addresses showing up at the central site. Is there some
>> > way to stop that?

>>
>> Make sure the switchport that is connected to your link is only member
>> of the link VLAN, not of the default VLAN you use at the remote site.

>
> It's set up as a trunk port


That is not a good idea... at least not when this trunk port is also a
member of the default VLAN.

What we use is a port that is only a (tagged) member of the link VLAN.
Untagged could be used as well, but in tagged mode there can be priority
information with each frame.

As soon as you remove the port from the default VLAN, you should no longer
see the MAC addresses of the local devices on the link.

pfisterfarm 12-15-2011 03:45 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
>> As soon as you remove the port from the default VLAN, you should no longer
> see the MAC addresses of the local devices on the link.


So, we need to make it an access port? And this will allow the vlan to
work at both locations?


Rob 12-15-2011 05:07 PM

Re: Question on passing MAC addresses over switched metro ethernet
 
pfisterfarm <pfisterfarm@gmail.com> wrote:
>>> As soon as you remove the port from the default VLAN, you should no longer

>> see the MAC addresses of the local devices on the link.

>
> So, we need to make it an access port? And this will allow the vlan to
> work at both locations?


That is what you can do. Make it an access port for the vlan you use
for the link. Then the traffic will be sent untagged across the link.

It is possible to use a trunk port (tagged traffic) but you need to be
sure that the vlan you use for the local devices is not configured on
that port.

(I use HP Procurve and 3com switches so my terminology may be a bit
different than what you see on Cisco switches)

Of course, you IP addressing plan should be such that this configuration
is possible. I.e. you have some IP subnet at the locations and another
IP subnet at the central site where the server is located, so that you
can configure routing between the server and the site. The default gateway
configured in the server and the clients is the address of the switch at
each end (for the default VLAN). Then you need a third subnet, a /30
at minimum, for the VLAN used for the link between the switches.


All times are GMT. The time now is 07:09 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.