Thank you Rich!  Yes, that link between NetFlow and routing-not-bridging is beginning to sink in for me. 

My reason for bridging is that I do not need VPN or NAT, I just need the subnet (ip) traffic to flow from gi0/1 to gi0/0 and back.  I have been reading and re-reading this article, http://www.netcraftsmen.net/resources/archived-articles/428-integrated-routing-and-bridging.html, and it seems that "concurrent" or "integrated" routing and bridging may be the way to go.

I am concerned that, to the extent that the ip traffic is bridged (not routed), it will be invisible to NetFlow, for exactly the reason that you describe. So even if I set up a CRB or IRB, I might not get useful NetFlow data.

Or maybe there is a way to configure ip routing so that there are hardly any decisions made, rather the subnet goes straight through in both directions.  I fear that is such a simple case that no one makes examples for it.  I have been assigned half of a class C subnet, e.g. 209.201.225.1 through .127.  I am not terribly short on ipv4 numbers so I can use up a number for the gi0/1 and/or gi0/0 and/or BVI interface(s). 

For ~14 years a Cisco 2621 router has been used "here" purely for the purpose of traffic shaping. I recently upgraded to the Cisco 1941 and am keen to take advantage of traffic peak shaping and NetFlow v5 or v9.  I took the config from the 2621 and used it as the basis for my config for the 1941.

I am (obviously) very new to all this and self-taught.  My expert is currently ridiculously overbooked so I am trying to figure it out.  In other words, I will not feel offended if you need to state the "obvious" to steer me in a useful direction.

Ann

Ann

I am glad that you found the article from our website and hope that you find it helpful. What you describe is a very unusual situation and no doubt is difficult to find answers for it. It seems to me that the key thing here is that you have the same subnet configured on both interfaces and therefore need to bridge the IP traffic.

As I explained in my first response NetFlow data is generated as a byproduct of making routing decisions. If you need to bridge this IP traffic then there is no routing and therefore no NetFlow. Implementing Concurrent Routing and Bridging (I think a less good alternative) or Integrated Routing and Bridging (a better alternative but still not a solution for you) will not change the basic fact that you are bridging the IP traffic.

If NetFlow is important to you then you need to find a way to introduce routing. Perhaps it could be possible to divide your subnet in half with a half on each interface. Then the router would have two connected subnets and could route between them (if you enable ip routing and cef). The routing decision would be extremely simple for two connected subnets and would not require any static routes or any dynamic routing protocol. But it would require a different way to organize your network and I do not know how big a challenge that would be.

HTH

Rick

Rick,

I am glad to have CRB and IRB ruled out.

Do you think traffic will flow faster or slower if I change from bridging to routing? I am starting to think it might be much faster since the protocol does not need to change.  That line about the bridge running IEEE means that the data was all changed from ip to ieee and back to ip, right?

On the gigabit 0/1 side, I think I only need one number, 209.201.225.1.  I need the rest of the half subnet on the gigabit 0/0 side.

Netmask:   255.255.255.128 = 25  11111111.11111111.11111111.1 0000000
Wildcard:  0.0.0.127             00000000.00000000.00000000.0 1111111

This is in a datacenter where the 1/2 class c is granted by the ISP and is physically connected via cat-5 (or probably cat-6) to the gigabitethernet0/1 interface, and the 0/1 goes on to a cisco switch that goes to various internet servers.

I know that most people would use NAT for the servers but since all servers need to be publicly accessible, I don't want to put them on 192.168. or 10.x and then have to map ports etc etc.   As long as .2 through .126 come through on the gi0/0 interface, it should be fine.

Can you point me to an example config that accomplishes something similar to this?

Ann

Rick,

If I did change to routing, would I then need to reconfigure the gateway for all the servers?  Currently they all use gateway of .1 which is on the ISP side of the gi0/1 interface. 

Maybe that is what you were thinking when you wrote about reconfiguring my network.  That would be very difficult.

Ann

Ann

Let me start with something that is sort of "obvious"  to those of us with more experience but not to those who are still in the early stages of learning about networking. It has to do with that layered model that many of us struggle with as we are learning about networking. The thing is that Ethernet (and IEEE) are layer 2 constructs while IP is a layer 3 construct. What that really means is that as data flows through your network there is an Ethernet header which carries the layer 2 addressing and there is also an IP header which carries the layer 3 addressing. Where that becomes important is that bridging makes forwarding decisions based on layer 2 addressing while IP routing makes forwarding decisions based on layer 3 addressing.

So if you enable bridging your router is making forwarding decisions based on the Ethernet addresses. If you enable routing your router will make forwarding decisions based on the IP address. It is certainly not a question of IP becomes IEEE becomes IP.

Given what I think I understand about your environment I would suggest that changing to be able to use NetFlow may not be worth it because it would require changing gateways on all the devices.

HTH

Rick

That is the most useful bit of info about layer 2 and layer 3 that I have read in several weeks!  AH HA!

Thank you for the conversation.

Ann

It has indeed been an interesting conversation. And I am glad that my suggestions have been helpful. Thank you for using the rating system to mark this question as answered. That will help to identify to other readers in the forum that there is helpful information here.

HTH

Rick

I just got off the phone with a Cisco expert and that cleared up quite a few things. For the benefit of others who my stumble here later:

1. Most of my config was doing nothing because I was not routing. Not only will NetFlow never work with bridging, the ACL stuff will not do anything either.

2. I need to have my ISP assign 4 ip numbers, usually from another subnet, for use on the 0/1 interface, and then I can route.  The rule about not having the same subnet on two interfaces is a real rule.

3. The gateway .1 number will move from my ISP into my router, therefore I will not need to reconfigure all the servers.

Over & out.