cisco router/swtich recomendation ?

Walter Roberson
raptor <(E-Mail Removed)> wrote:
:Hmm.. in this case what i really need is probably to route not
:nececary by incoming interface but in this case by the vlan
:from which the packet is comming..
:I can do this by normal access-list but the networks
:that i want to describe will grow, currently ~30
:That is why I'm searching for solution not based on the
:source ip-address but incoming vlan and/or interface

You can apply the same ACL to multiple policy route-map's.

I am not at all certain why you want to use different gateways
for different VLANs -- I'm not certain what you
are trying to accomplish.

If what you are trying to accomplish is to sort of segment the
3750 (or whatever other device ends up chosen) so that different
groups of vlans will route within themselves but will not route
between the different groups, then that is something that the
3750 can handle. It's a facility called 'vrf', Virtual Router
Facility, and distinct routing tables are used for each vrf.

It sort of sounds, though, like you are not so much trying to
prevent different vlans from talking to other sets of vlans, as you
are trying to do a sort of elementary load balancing -- I'm getting
the hint that the two special gateways you mention are equipped with
much the same facilities, but that you have two for performance
reasons [expecting one might bottleneck]. Possibly it might be
important that the same source always go to the same destination
gateway for your purposes, but as I am speculating it could be more
complicated than that. Important perhaps that all of one flow
goes to a consistant gateways but perhaps that a different flow
from the same source to a different destination might to to the
other gateway?

One thing I would worry about in the setup you are constructing
is the possibility that one of the two gateways would go down: do
you want to lose up to half of your traffic in that situation?

If my speculation is leading towards the right line, then I would
suggest that what you want to impliment is not fixed gateways via
ACLs, but rather that both gateways are marked as potential
equal-cost output links for the inputs, with per-destination
or else (source xor destination) load-sharing between the links.
With the xor option, the same source/destination pair would always
use a consistant output link, as long as all the output links
stay up. When an output link went down [in a detectable way!]
then the device would automatically take that into account in
determining the output link. The xor balancing algorithms work
"fairly" if the number of active links is a power of 2, but it
uses binary counting rather than binary division so if you do not
have a power of 2 active then some of the links would end up
with different numbers of flows assigned than others.
i'm continuing to learn a new things for cisco :") thanx..
will check this vrf stuff...
what i prepare to do is the following not final design yet :

vlan OUT : shaper and upstrean providers are here
vlan CPE's : here a hundered or thousand of pc-s
vlan SERVICES : boxes to which i need to have high troughput
and several other vlan's for other stuff..

Now default GW for CPE's traffic must be one of the shaper interfaces,
from shaper it goes to upstream providers.
Then I need to have high speed to SERVICES (which is why I asked
in the beginging for routing at wire speed)
Later I can split CPE's vlan into several when possible (cpe's have
ip's for different class C networks, that is why their vlan will have
many secondary IP's)

Now what I may do additionaly is to bypass the "shaper" from some
traffic, voip comes here for example..

so overal this is what I want to accomplish.. not nececary final

