Loopback routing

Answered Question
Aug 28th, 2010
User Badges:

I have a local enclave with a mixture of layer 2 switches and 2 layer 3 switches.  I am required to segregate my management network from my managed traffic, but another of the requirements is that I use Loopback addresses to do any ftp or ssh.  I created a private network management VLAN 10.255.255.0 and the divided it in half.  The network management workstation sits on the lower half and each switch also has an IP address on this subnet, 10.255.255.0/25.  The loopbacks sit on the 10.255.255.128/25 because the switches don't allow a loopback to sit on the same network as one of the interfaces.  This is fine for the 2750 switch that directly connects to the network management workstation, but I can't hit any of the other switches.  How can I route those addresses through my network, or how do I put the management workstation on the loopback network to hit them.  There isn't any other reason for the management address besides ftp, logging, and ssh so if I can do the later it would be perfect.  Thanks for your help.

Correct Answer by Jon Marshall about 6 years 8 months ago

[email protected]


Ok, so since I'm using multiple layer 2 switches (2960Gs) with only 2 layer 3 switches (3750G), then I need to put a static route on both 3750s for each switch that I have a loopback address on, which will be all of them.  Am I correct or did I not understand you?


Yes although i would have thought as the 2960 is only a L2 switch then you may face problems using a loopback and a L3 SVI management vlan as these switches do not route.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Sat, 08/28/2010 - 10:12
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Charles


If the loopbacks are in 10.255.255.128/25 and the management station is in 10.255.255.0.25 then you need a L3 vlan interface for both network ranges so you can route between them. So you need 2 vlans.


Jon

charles.e.davis... Sat, 08/28/2010 - 10:17
User Badges:

Ok, I tried to add a vlan to the Loopback interface but didn't have any success.  I also orginally tried to give the loopback an address with the management network and this was also a bust.  How do I accomplish this?  While the topic heading is Loopback routing, mainly I'm just looking for a way to configure the switches so that a network management workstation can hit loopback interfaces across a network.

Jon Marshall Sat, 08/28/2010 - 10:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

[email protected]


Ok, I tried to add a vlan to the Loopback interface but didn't have any success.  I also orginally tried to give the loopback an address with the management network and this was also a bust.  How do I accomplish this?  While the topic heading is Loopback routing, mainly I'm just looking for a way to configure the switches so that a network management workstation can hit loopback interfaces across a network.


It does depend on how your L3 switches are setup. Are they all routing and are they exchaging routes between each other. Because if they are not then it work. Bear in mind each loopback interface is a L3 interface. So let say your management workstations is connected via a L2 switch to a L3 switch that routes for the 10.255.255.0/25 vlan.


Now for the management workstation to be able to get to any loopback that L3 switch needs a route for each loopback. So all the other L3 switches with loopbacks would need to have advertised their loopback address. Now you can't do this with a vlan as such.


So it really depends on how the switches with loopbacks are advertising that loopback address. It may be that only a pair of your L3 switches are responsible for inter-vlan routing and the rest are connected via L2 trunks in which case you could be looking at a lot of static routes for the loopbacks on the L3 pair that are doing the inter-vlan routing.


It also depends on how the L3 switches are interconnected ie. via L2 trunks or L3 routed links.


Perhaps you could provide some more details on how everything is connected up and how the routing between the L3 switches is setup ?


Jon

charles.e.davis... Sat, 08/28/2010 - 10:41
User Badges:

Currently, we are using the layer 3 switches as the primary and secondary default gateways for inter-vlan routing.  We are running OSPF between the switches to allow for route switching.  The network management ws is directly connected to the primary layer 3 switch.  Considering that the loopback interface is a layer 3 interface, how would you ever route traffic to it across a network since it can't be directly tied to an interface.  Of can I advertise for that network 10.255.255.128/25 so that the loopbacks will respond.  I really appreciate your help on this, I know it is a saturday.

charles.e.davis... Sat, 08/28/2010 - 10:42
User Badges:

I forgot to mention, I do have a management vlan 10.255.255.0/25 that is routed through my trunks.  I had hoped to just put leave the subnet alone orginally, 10.255.255.0/24, and put the loopbacks on that vlan.  But there was no luck with that.

Jon Marshall Sat, 08/28/2010 - 10:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

[email protected]


I forgot to mention, I do have a management vlan 10.255.255.0/25 that is routed through my trunks.  I had hoped to just put leave the subnet alone orginally, 10.255.255.0/24, and put the loopbacks on that vlan.  But there was no luck with that.


That's the problem with using loopbacks when you have L2 trunks connecting your switches.


Lets say you have 5 L3 switches sw1 -> sw5.


sw1 is responsible for inter-vlan routing and has a L3 SVI for the management vlan with an address 10.255.255.1/25.


sw2 -> sw5 each have a L3 SVI for the management vlan and use IPs 10.255.255.2. -> 5 respectively.


If you now want to add a loopback to each switch ie. sw2 -> sw5 using 10.255.255.129 -> 132 you would need to add these static routes to sw1


ip route 10.255.255.129 255.255.255.255 10.255.255.2  <-- sw2

ip route 10.255.255.130 255.255.255.255 10.255.255.3  <-- sw3

etc...


loopbacks work well when each device with a loopback is routing and exchanging routes with all other L3 devices.


Jon

charles.e.davis... Sat, 08/28/2010 - 10:53
User Badges:

Ok, so since I'm using multiple layer 2 switches (2960Gs) with only 2 layer 3 switches (3750G), then I need to put a static route on both 3750s for each switch that I have a loopback address on, which will be all of them.  Am I correct or did I not understand you?

Correct Answer
Jon Marshall Sat, 08/28/2010 - 10:57
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

[email protected]


Ok, so since I'm using multiple layer 2 switches (2960Gs) with only 2 layer 3 switches (3750G), then I need to put a static route on both 3750s for each switch that I have a loopback address on, which will be all of them.  Am I correct or did I not understand you?


Yes although i would have thought as the 2960 is only a L2 switch then you may face problems using a loopback and a L3 SVI management vlan as these switches do not route.


Jon

Actions

This Discussion