Re: [j-nsp] Fwd: Point-to-point Ethernet interfaces

[Florian Weimer]

* Alex Arseniev:

> Perhaps a silly question - are these interfaces on the same router?

They are, sorry for being unclear.

> If yes what you are trying to accomplish is possible with unnumbered
> Ethernet interfaces and forwarding-table-filter to prevent hosts
> talking to each other.

Ah, thanks, I had missed that.

Unfortunately, the combination of the following:

  * VLAN sub-interfaces
  * unnumbered interfaces
  * strict RPF checks

does not work.  ARP ceases to work reliably on the VLAN interface,
RFP-matching matching traffic is not forwarded (or RFP-failing traffic
is forwarded, depending on the order of configuration), and "show
route hostB" caused the router to hang (but this was not
reproducible).

We've disabled RPF checks for the interface and will stateless filters
to emulate them.  Hopefully, this resolves the issue.

But it seems that unnumbered interfaces are the way to go.  Thanks.

-- 
Florian Weimer<[EMAIL PROTECTED]>
BFK edv-consulting GmbH   http://www.bfk.de/
Kriegsstraße 100  tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Fwd: Point-to-point Ethernet interfaces

[Alex Arseniev]

 Florian,
Perhaps a silly question - are these interfaces on the same router?
If yes what you are trying to accomplish is possible with unnumbered
Ethernet interfaces and forwarding-table-filter to prevent hosts talking to
each other.
Start here 
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-network-interfaces/id-10413973.html#id-10413973
 and please read the restrictions
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-network-interfaces/jN212B7.html#jN212B7

Forwarding table filter
http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-policy/id-10824476.html#id-10824476

Rgds
Alex

 On 15/11/2007, Florian Weimer <[EMAIL PROTECTED]> wrote:
>
> Is it possible to put an Ethernet interface into point-to-point with
> JUNOS 8.4?
>
> Basically, the setup I want is:
>
> ge-0/0/0 (172.16.1.1) -> hostA (172.16.1.2)
>
> ge-0/0/1 (172.16.1.1) -> hostB ( 172.16.1.3, 172.16.1.4)
>
> ge-0/0/2.102 (172.16.1.1, 802.1q tagged) -> hostC (172.16.1.5)
>
> The router uses ARP to obtain MAC addresses for the host IP addresses,
> and answers ARP requests for the 172.16.1.1 address.  Proper
> interface/VLAN separation must be maintained.
>
> The rationale is address space conservation and easier documentation.
> /30 routes don't work in hostB's case, where more than one address is
> required.  (So we need something between 4 and 6 as much IP addresses
> as strictly necessary.)  I haven't checked if /31 interfaces work, but
> in any case, they require host-specific default gateways, making
> documentation slightly more difficult.
>
> Any suggestions?  I know that the desired setup isn't strictly allowed
> by the standards, but it works quite well with various systems, and
> the address space savings are quite nice.
>
> --
> Florian Weimer<[EMAIL PROTECTED]>
> BFK edv-consulting GmbH   http://www.bfk.de/
> Kriegsstraße 100  tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp