Re: understanding Routing Cisco vs. Linux
Thedore Knab schrieb: After reading more on this issue, I have decided that I have 2 choices. Use FreeBSD for a Bridging Bandwidth Shaper/ Firewall or use Linux as a Routing/ Bandwidth Shaping firewall. The later seems to be the best idea since I know more about Linux. I found that Linux does provide Bridging support, but the bridging support in 2.4.x Kernels is not tied into any firewall support. FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if people want to use Linux as a bandwidth shaping/ firewall bridge they will have to wait for the 2.6.x kernel. Linux seems fairly simple to setup as a router. From there the firewall, and Bandwidth shaping parts can be built on the fly. In some cases you can do pseudo bridging with ProxyARP. I use that for firewalling and shaping in a wireless lan and it works fine. (Please excuse my broken english)
Re: understanding Routing Cisco vs. Linux
Thedore Knab schrieb: After reading more on this issue, I have decided that I have 2 choices. Use FreeBSD for a Bridging Bandwidth Shaper/ Firewall or use Linux as a Routing/ Bandwidth Shaping firewall. The later seems to be the best idea since I know more about Linux. I found that Linux does provide Bridging support, but the bridging support in 2.4.x Kernels is not tied into any firewall support. FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if people want to use Linux as a bandwidth shaping/ firewall bridge they will have to wait for the 2.6.x kernel. Linux seems fairly simple to setup as a router. From there the firewall, and Bandwidth shaping parts can be built on the fly. In some cases you can do pseudo bridging with ProxyARP. I use that for firewalling and shaping in a wireless lan and it works fine. (Please excuse my broken english) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
> I found that Linux does provide Bridging support, but the bridging > support in 2.4.x Kernels is not tied into any firewall support. > FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if > people want to use Linux as a bandwidth shaping/ firewall bridge they > will have to wait for the 2.6.x kernel. You can patch the kernel using the files on http://bridge.sourceforge.net/ to get firewall bridging in 2.4 Matt.
Re: understanding Routing Cisco vs. Linux
> I found that Linux does provide Bridging support, but the bridging > support in 2.4.x Kernels is not tied into any firewall support. > FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if > people want to use Linux as a bandwidth shaping/ firewall bridge they > will have to wait for the 2.6.x kernel. You can patch the kernel using the files on http://bridge.sourceforge.net/ to get firewall bridging in 2.4 Matt. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
After reading more on this issue, I have decided that I have 2 choices. Use FreeBSD for a Bridging Bandwidth Shaper/ Firewall or use Linux as a Routing/ Bandwidth Shaping firewall. The later seems to be the best idea since I know more about Linux. I found that Linux does provide Bridging support, but the bridging support in 2.4.x Kernels is not tied into any firewall support. FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if people want to use Linux as a bandwidth shaping/ firewall bridge they will have to wait for the 2.6.x kernel. Linux seems fairly simple to setup as a router. From there the firewall, and Bandwidth shaping parts can be built on the fly.
Re: understanding Routing Cisco vs. Linux
After reading more on this issue, I have decided that I have 2 choices. Use FreeBSD for a Bridging Bandwidth Shaper/ Firewall or use Linux as a Routing/ Bandwidth Shaping firewall. The later seems to be the best idea since I know more about Linux. I found that Linux does provide Bridging support, but the bridging support in 2.4.x Kernels is not tied into any firewall support. FreeBSD does have this, so does the 2.5.x Linux kernel. I guess if people want to use Linux as a bandwidth shaping/ firewall bridge they will have to wait for the 2.6.x kernel. Linux seems fairly simple to setup as a router. From there the firewall, and Bandwidth shaping parts can be built on the fly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
After reading the lot (not the configs: not accessibles) if you say that there is a trunk between the 7200 (which does not looks from the route definition you have), and is properly configured (sub interfaces on the 7200 and same definition on the cat 5K RSM (if you have one which i suppose as you say that you route trough the CAT)), then you dont have any problems. (does't look properly coonfigured if the 7200 send the traffic to the same interface). There must be a proxy arp magic happening somewhere if you have another router in the picture (please confirm that you have an RSM (route switch module) in the cat or an attached router). I'd configure it that way: configure a VLAN on the RSM with a /30 network to connect to the 7200. Make the 7200 route the network trough your address. Manage you network per vlans ( and sub interfaces in your RSM config). This idea to use a Linux box is interesting, but i dont think you'll get better performances than trough the RSM + Layer3 swithing (which i suppose is enabled), nor beeing easy to properly split your networks (as you have to separate them to route trough your thing... Another point could be to bridge and firewall, but i dunno if it is possible ..). JeF
Re: understanding Routing Cisco vs. Linux
yep, but you potentially need a patch for your nic driver to accept bigger max packet size. On Thu, Sep 26, 2002 at 08:21:56PM +0200, Marc Haber wrote: > On Thu, 26 Sep 2002 11:47:34 +0300, Hasso Tepper <[EMAIL PROTECTED]> > wrote: > >Yes, it supports 802.1q. No ISL AFAIK. > > > >http://www.candelatech.com/~greear/vlan.html > > No need for the patch. It's in the mainstream kernel since 2.4.16. > > Greetings > Marc > > -- > -- !! No courtesy copies, please !! - > Marc Haber | " Questions are the | Mailadresse im Header > Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 > Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot
Re: understanding Routing Cisco vs. Linux
After reading the lot (not the configs: not accessibles) if you say that there is a trunk between the 7200 (which does not looks from the route definition you have), and is properly configured (sub interfaces on the 7200 and same definition on the cat 5K RSM (if you have one which i suppose as you say that you route trough the CAT)), then you dont have any problems. (does't look properly coonfigured if the 7200 send the traffic to the same interface). There must be a proxy arp magic happening somewhere if you have another router in the picture (please confirm that you have an RSM (route switch module) in the cat or an attached router). I'd configure it that way: configure a VLAN on the RSM with a /30 network to connect to the 7200. Make the 7200 route the network trough your address. Manage you network per vlans ( and sub interfaces in your RSM config). This idea to use a Linux box is interesting, but i dont think you'll get better performances than trough the RSM + Layer3 swithing (which i suppose is enabled), nor beeing easy to properly split your networks (as you have to separate them to route trough your thing... Another point could be to bridge and firewall, but i dunno if it is possible ..). JeF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
yep, but you potentially need a patch for your nic driver to accept bigger max packet size. On Thu, Sep 26, 2002 at 08:21:56PM +0200, Marc Haber wrote: > On Thu, 26 Sep 2002 11:47:34 +0300, Hasso Tepper <[EMAIL PROTECTED]> > wrote: > >Yes, it supports 802.1q. No ISL AFAIK. > > > >http://www.candelatech.com/~greear/vlan.html > > No need for the patch. It's in the mainstream kernel since 2.4.16. > > Greetings > Marc > > -- > -- !! No courtesy copies, please !! - > Marc Haber | " Questions are the | Mailadresse im Header > Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 > Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- -> Jean-Francois Dive --> [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
* Cuenta la leyenda que Thedore Knab ([EMAIL PROTECTED]) escribió: > (I hope he ISNT annoucing them as /24s! into the BGP). Maybe announing them as /24 makes sense if he is doing some "balancing" through different connections... -- Saludos, Germán O. Gutiérrez Departamento Operaciones Desarrollos Digitales S.A.
Re: understanding Routing Cisco vs. Linux
* Cuenta la leyenda que Thedore Knab ([EMAIL PROTECTED]) escribió: > (I hope he ISNT annoucing them as /24s! into the BGP). Maybe announing them as /24 makes sense if he is doing some "balancing" through different connections... -- Saludos, Germán O. Gutiérrez Departamento Operaciones Desarrollos Digitales S.A. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
On Thu, 26 Sep 2002 11:47:34 +0300, Hasso Tepper <[EMAIL PROTECTED]> wrote: >Yes, it supports 802.1q. No ISL AFAIK. > >http://www.candelatech.com/~greear/vlan.html No need for the patch. It's in the mainstream kernel since 2.4.16. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Re: understanding Routing Cisco vs. Linux
I put both the router config file and catalyst config file here. I did not create either of them. The only Cisco devices I have setup where Cisco Local Directors. http://albert.washcoll.edu/~tknab2/debian_isp/ If you want to look at it. user: debian pass: debian
Re: understanding Routing Cisco vs. Linux
On Thu, 26 Sep 2002 11:47:34 +0300, Hasso Tepper <[EMAIL PROTECTED]> wrote: >Yes, it supports 802.1q. No ISL AFAIK. > >http://www.candelatech.com/~greear/vlan.html No need for the patch. It's in the mainstream kernel since 2.4.16. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
I put both the router config file and catalyst config file here. I did not create either of them. The only Cisco devices I have setup where Cisco Local Directors. http://albert.washcoll.edu/~tknab2/debian_isp/ If you want to look at it. user: debian pass: debian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
Forwarded email. --- Begin Message --- Hi Thedore On Thu, Sep 26, 2002 at 09:08:26AM -0400, Thedore Knab wrote: > I am trying to reduce latency, reduce peer to peer bandwidth > hogs, and do some stateful firewalling while I am at it. > Here is the part I am need to worry about. > > ip classless > ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ... > ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 Your provider probably should have done some supernetting rather than listing all these /24s.. but that is a nicety (I hope he ISNT annoucing them as /24s! into the BGP). By the looks of it you aren't using ANY vlans.. as the router is dumping all the packets onto the local fast ethernet. (the config on the 5500 would interest me). What you might want to try and do is setup 802.1Q between the Cat 5500 and your linux box. You will then need a transfer network between the linux box and the cisco. The Linux box interface connected to the Cat 5500 should look like multiple 'sub interfaces' (havent used the 802.1q on linux so dont know exactly how its implemented). This will effectively turn your box into a router with 'X' interfaces (one into each vlan on the switch), and all traffic between ports will go over the linux box. (to be honest, it would probably be easier taking control of the 7200 and not botherring with the linux box). A sample config with a linux box Internet | | C7200 192.168.0.1/28 (you should probably use NON RFC addresses here) | | 192.168.0.2/28 Linux Vlan 1 x.x.x.1/24 Vlan 2 x.x.y.1/24 Vlan 3 x.x.z.1/24 | | Trunk C5500 | |---Server in Vlan1 | |---Server in VLan2 and on the cisco 7200 route your networks to 192.168.0.2... and the servers in Vlan one use the default route of x.x.x.1, vlan 2x.x.y.1, etc but as I said, consider using the 7200 to do this. Andrew --- End Message ---
Re: understanding Routing Cisco vs. Linux
also sprach [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2002.09.26.1546 +0200]: > at least his upstream seems to be doing the right thing his "thing" ain't wrong, and with <20 routing entries, it really doesn't matter. but this is what supernetting is for... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] if billy gates had a penny for every time, a windoze box crashed... oh, wait a minute -- he already does. pgpwTpXKjUYA7.pgp Description: PGP signature
Re: understanding Routing Cisco vs. Linux
Hi Martin, at least his upstream seems to be doing the right thing Show Level 3 (San Jose, CA) BGP routes for 209.243.46.0 BGP routing table entry for 209.243.32.0/20 Paths: (9 available, best #1, table Default-IP-Routing-Table) 209 1785 21767, (aggregated by 21767 209.243.32.1) AS-path translation: { ASN-QWEST APPLIED WASHINGTON-COLLEGE } core2.SanJose1 (metric 41) from core2.SanJose1 (core2.SanJose1) Origin IGP, metric 10, localpref 86, valid, internal, atomic-aggregate, best Community: North_America NA_Lclprf_86 United_States NA_Peer NA_Dedicated_Facility NA_MEDs_Ignored San_Jose 7018 21767 21767, (aggregated by 21767 209.243.32.1) AS-path translation: { ATT-INTERNET4 WASHINGTON-COLLEGE WASHINGTON-COLLEGE } core1.Dallas1 (metric 3788) from core1.Dallas1 (core1.Dallas1) Origin IGP, metric 10, localpref 86, valid, internal, atomic-aggregate Community: North_America NA_Lclprf_86 United_States NA_Peer NA_Dedicated_Facility NA_MEDs_Ignored Dallas . On Thu, Sep 26, 2002 at 03:18:30PM +0200, martin f krafft wrote: > also sprach Thedore Knab <[EMAIL PROTECTED]> [2002.09.26.1508 +0200]: > > ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 > > ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 . > > ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 > > ip route 209.243.32.0 255.255.255.0 > ip route 209.243.32.0 255.255.240.0 FastEthernet0/0 >
Re: understanding Routing Cisco vs. Linux
also sprach Thedore Knab <[EMAIL PROTECTED]> [2002.09.26.1508 +0200]: > ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.36.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.37.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.38.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.39.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.40.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.41.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.42.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.43.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.44.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.45.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.46.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 ip route 209.243.32.0 255.255.255.0 ip route 209.243.32.0 255.255.240.0 FastEthernet0/0 does the same, and faster. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] unix, because rebooting is for adding new hardware. pgpaKQj4NWOkY.pgp Description: PGP signature
Re: understanding Routing Cisco vs. Linux
> what exactly is that you are trying to do... I am trying to reduce latency, reduce peer to peer bandwidth hogs, and do some stateful firewalling while I am at it. I want to drop in one Debian Linux box running the 2.4.19 Kernel between the router and the switch. The Linux box has 2 interfaces. It will be routing and inspecting packets. I understand the first thing I need to do is get packets to route. This is the hard part for me. I have used IP-tables with one network and nat, but I have never routed multiple networks. We have 6 T-1 with 16 class C networks coming into a Cisco 7200 VXR. The router is managed by Fast-net, our upstream provider. They were kind enough to give the router config file. ;-) Here is the part I am need to worry about. ip classless ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 ip route 209.243.36.0 255.255.255.0 FastEthernet0/0 ip route 209.243.37.0 255.255.255.0 FastEthernet0/0 ip route 209.243.38.0 255.255.255.0 FastEthernet0/0 ip route 209.243.39.0 255.255.255.0 FastEthernet0/0 ip route 209.243.40.0 255.255.255.0 FastEthernet0/0 ip route 209.243.41.0 255.255.255.0 FastEthernet0/0 ip route 209.243.42.0 255.255.255.0 FastEthernet0/0 ip route 209.243.43.0 255.255.255.0 FastEthernet0/0 ip route 209.243.44.0 255.255.255.0 FastEthernet0/0 ip route 209.243.45.0 255.255.255.0 FastEthernet0/0 ip route 209.243.46.0 255.255.255.0 FastEthernet0/0 ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 We manage the Catalyst 5500 switch. I am not sure how the Linux box functioning as a Router/firewall/shaper will fit in the network. Should I ask Fast-net to reconfigure their router so that their router passes all packets to the new Linux router ? Or, do I need simply to connect 2 cross over cables and drop in the Linux router and reconfigure the switch to point to the new router ? Things I am looking at: http://linux.oreillynet.com/pub/a/linux/2000/08/24/LinuxAdmin.html http://www.linuxpowered.com/archive/howto/Adv-Routing-HOWTO-12.html http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.ultimate-tc.html Don't think I will be making it a bridge http://mailman.ds9a.nl/pipermail/lartc/2001q3/001424.html
Re: understanding Routing Cisco vs. Linux
Forwarded email. --- Begin Message --- Hi Thedore On Thu, Sep 26, 2002 at 09:08:26AM -0400, Thedore Knab wrote: > I am trying to reduce latency, reduce peer to peer bandwidth > hogs, and do some stateful firewalling while I am at it. > Here is the part I am need to worry about. > > ip classless > ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ... > ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 Your provider probably should have done some supernetting rather than listing all these /24s.. but that is a nicety (I hope he ISNT annoucing them as /24s! into the BGP). By the looks of it you aren't using ANY vlans.. as the router is dumping all the packets onto the local fast ethernet. (the config on the 5500 would interest me). What you might want to try and do is setup 802.1Q between the Cat 5500 and your linux box. You will then need a transfer network between the linux box and the cisco. The Linux box interface connected to the Cat 5500 should look like multiple 'sub interfaces' (havent used the 802.1q on linux so dont know exactly how its implemented). This will effectively turn your box into a router with 'X' interfaces (one into each vlan on the switch), and all traffic between ports will go over the linux box. (to be honest, it would probably be easier taking control of the 7200 and not botherring with the linux box). A sample config with a linux box Internet | | C7200 192.168.0.1/28 (you should probably use NON RFC addresses here) | | 192.168.0.2/28 Linux Vlan 1 x.x.x.1/24 Vlan 2 x.x.y.1/24 Vlan 3 x.x.z.1/24 | | Trunk C5500 | |---Server in Vlan1 | |---Server in VLan2 and on the cisco 7200 route your networks to 192.168.0.2... and the servers in Vlan one use the default route of x.x.x.1, vlan 2x.x.y.1, etc but as I said, consider using the 7200 to do this. Andrew --- End Message ---
Re: understanding Routing Cisco vs. Linux
also sprach [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2002.09.26.1546 +0200]: > at least his upstream seems to be doing the right thing his "thing" ain't wrong, and with <20 routing entries, it really doesn't matter. but this is what supernetting is for... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck if billy gates had a penny for every time, a windoze box crashed... oh, wait a minute -- he already does. msg06859/pgp0.pgp Description: PGP signature
Re: understanding Routing Cisco vs. Linux
Hi Martin, at least his upstream seems to be doing the right thing Show Level 3 (San Jose, CA) BGP routes for 209.243.46.0 BGP routing table entry for 209.243.32.0/20 Paths: (9 available, best #1, table Default-IP-Routing-Table) 209 1785 21767, (aggregated by 21767 209.243.32.1) AS-path translation: { ASN-QWEST APPLIED WASHINGTON-COLLEGE } core2.SanJose1 (metric 41) from core2.SanJose1 (core2.SanJose1) Origin IGP, metric 10, localpref 86, valid, internal, atomic-aggregate, best Community: North_America NA_Lclprf_86 United_States NA_Peer NA_Dedicated_Facility NA_MEDs_Ignored San_Jose 7018 21767 21767, (aggregated by 21767 209.243.32.1) AS-path translation: { ATT-INTERNET4 WASHINGTON-COLLEGE WASHINGTON-COLLEGE } core1.Dallas1 (metric 3788) from core1.Dallas1 (core1.Dallas1) Origin IGP, metric 10, localpref 86, valid, internal, atomic-aggregate Community: North_America NA_Lclprf_86 United_States NA_Peer NA_Dedicated_Facility NA_MEDs_Ignored Dallas . On Thu, Sep 26, 2002 at 03:18:30PM +0200, martin f krafft wrote: > also sprach Thedore Knab <[EMAIL PROTECTED]> [2002.09.26.1508 +0200]: > > ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 > > ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 . > > ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 > > ip route 209.243.32.0 255.255.255.0 > ip route 209.243.32.0 255.255.240.0 FastEthernet0/0 > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
also sprach Thedore Knab <[EMAIL PROTECTED]> [2002.09.26.1508 +0200]: > ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.36.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.37.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.38.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.39.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.40.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.41.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.42.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.43.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.44.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.45.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.46.0 255.255.255.0 FastEthernet0/0 > ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 ip route 209.243.32.0 255.255.255.0 ip route 209.243.32.0 255.255.240.0 FastEthernet0/0 does the same, and faster. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck unix, because rebooting is for adding new hardware. msg06855/pgp0.pgp Description: PGP signature
Re: understanding Routing Cisco vs. Linux
> what exactly is that you are trying to do... I am trying to reduce latency, reduce peer to peer bandwidth hogs, and do some stateful firewalling while I am at it. I want to drop in one Debian Linux box running the 2.4.19 Kernel between the router and the switch. The Linux box has 2 interfaces. It will be routing and inspecting packets. I understand the first thing I need to do is get packets to route. This is the hard part for me. I have used IP-tables with one network and nat, but I have never routed multiple networks. We have 6 T-1 with 16 class C networks coming into a Cisco 7200 VXR. The router is managed by Fast-net, our upstream provider. They were kind enough to give the router config file. ;-) Here is the part I am need to worry about. ip classless ip route 192.146.226.0 255.255.255.0 FastEthernet0/0 ip route 209.243.33.0 255.255.255.0 FastEthernet0/0 ip route 209.243.34.0 255.255.255.0 FastEthernet0/0 ip route 209.243.35.0 255.255.255.0 FastEthernet0/0 ip route 209.243.36.0 255.255.255.0 FastEthernet0/0 ip route 209.243.37.0 255.255.255.0 FastEthernet0/0 ip route 209.243.38.0 255.255.255.0 FastEthernet0/0 ip route 209.243.39.0 255.255.255.0 FastEthernet0/0 ip route 209.243.40.0 255.255.255.0 FastEthernet0/0 ip route 209.243.41.0 255.255.255.0 FastEthernet0/0 ip route 209.243.42.0 255.255.255.0 FastEthernet0/0 ip route 209.243.43.0 255.255.255.0 FastEthernet0/0 ip route 209.243.44.0 255.255.255.0 FastEthernet0/0 ip route 209.243.45.0 255.255.255.0 FastEthernet0/0 ip route 209.243.46.0 255.255.255.0 FastEthernet0/0 ip route 209.243.47.0 255.255.255.0 FastEthernet0/0 We manage the Catalyst 5500 switch. I am not sure how the Linux box functioning as a Router/firewall/shaper will fit in the network. Should I ask Fast-net to reconfigure their router so that their router passes all packets to the new Linux router ? Or, do I need simply to connect 2 cross over cables and drop in the Linux router and reconfigure the switch to point to the new router ? Things I am looking at: http://linux.oreillynet.com/pub/a/linux/2000/08/24/LinuxAdmin.html http://www.linuxpowered.com/archive/howto/Adv-Routing-HOWTO-12.html http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.ultimate-tc.html Don't think I will be making it a bridge http://mailman.ds9a.nl/pipermail/lartc/2001q3/001424.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
[EMAIL PROTECTED] wrote: > Hi Thedore! > > what exactly is that you are trying to do... Same question :) > Does linux support 802.1Q trunking yet? or ISL? Yes, it supports 802.1q. No ISL AFAIK. http://www.candelatech.com/~greear/vlan.html -- Hasso Tepper
Re: understanding Routing Cisco vs. Linux
Hi Thedore! what exactly is that you are trying to do... Does linux support 802.1Q trunking yet? or ISL? because, by the looks of it, this is what you REALLY want to do... otherwise? why are you putting the linux box in there? what benifit does it bring? Andrew On Wed, Sep 25, 2002 at 06:16:58PM -0400, Thedore Knab wrote: > Currently, I am creating a simple Linux Router with CQB and Iptables. > > The machine I have only has 2 interfaces. > > We have the following devices on our network: > > 1 Cisco Catalyst connecting 16 Class C Networks > 1 Cisco Router Routing packets to the inside > > The Catalyst uses VLans for our entire network. > > It appears that the Catalyst is doing routing for the virtual networks > as it should. But, I am scratching my head over how the Catalyst > handles incoming and outgoing connections. > > Traffic seems to flow differently depending on > its direction.
Re: understanding Routing Cisco vs. Linux
[EMAIL PROTECTED] wrote: > Hi Thedore! > > what exactly is that you are trying to do... Same question :) > Does linux support 802.1Q trunking yet? or ISL? Yes, it supports 802.1q. No ISL AFAIK. http://www.candelatech.com/~greear/vlan.html -- Hasso Tepper -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: understanding Routing Cisco vs. Linux
Hi Thedore! what exactly is that you are trying to do... Does linux support 802.1Q trunking yet? or ISL? because, by the looks of it, this is what you REALLY want to do... otherwise? why are you putting the linux box in there? what benifit does it bring? Andrew On Wed, Sep 25, 2002 at 06:16:58PM -0400, Thedore Knab wrote: > Currently, I am creating a simple Linux Router with CQB and Iptables. > > The machine I have only has 2 interfaces. > > We have the following devices on our network: > > 1 Cisco Catalyst connecting 16 Class C Networks > 1 Cisco Router Routing packets to the inside > > The Catalyst uses VLans for our entire network. > > It appears that the Catalyst is doing routing for the virtual networks > as it should. But, I am scratching my head over how the Catalyst > handles incoming and outgoing connections. > > Traffic seems to flow differently depending on > its direction. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]