Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
0
Helpful
2
Replies

Differences between connections to IX PoP

Alexander Demin
Level 1
Level 1

‎07-14-2011 12:12 AM - edited ‎03-04-2019 12:59 PM

Hello.

Assume our router has a connection to some Intenet Exchange PoP (DE-CIX, NetNod or smth.).

This physical connection utilizes one gig port on our router. Two peering vlans are coming from PoP to our router through this port.

Question is: what will be the best variant for terminating these peering vlans on a router?

There are two variants:

1) subinterfaces on a gig port as termination points

2) svi for each peering vlan as termination points, gig port in trunk mode.

What could be the +/- of both variants, assuming that port-security and storm-control should also be applied to this connection.

Tnx, Alex.

DAO21-RIPE
Labels:
0 Helpful
2 Replies 2

p.mcgowan
Level 3
Level 3

‎07-14-2011 01:12 AM

I would recommend that you use SVI interface for each peerig VLAN.

You will create a single point of failure if you create sub-interfaces on a gig port, if someone disconnects the cable from gig port then ALL sub-interfaces go down. This will not happen if you create SVI interfaces.

Port security and storm control can be applied to the interfaces which need access to the relevant SVI interface.

0 Helpful

Alexander Demin
Level 1
Level 1
In response to p.mcgowan

‎07-14-2011 11:04 PM

I meant that I use one single gig port for that connection in both cases. It is a design condition.

So, first case: One gig port as trunk with 2 vlans allowed on it + 2 SVIs as termination point for bgp sessions.

Second case: One gig port configured with subinterfaces for each vlan. So these subs become termpoints for sessions.

The problem aroused when using case 1 configuration. Storm-control and port-security features seemed to work applied to the whole interface, I mean, treshholds that were set worked upon the interface despite vlans.

I mean, for example, if we have:

storm-control broadcast level bps 1m

storm-control multicast level bps 1m

storm-control action shutdown

and this conf is applied to a trunk with a single vlan on it (that is terminated on a SVI) - it's Ok.

If we add another vlan on a that trunk (terminated on another SVI) we get often action traps.

So we had to raise bcast and mcast levels to 3 m.

DAO21-RIPE
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card