We need some expert advice on how to manage + setup the IP's and vlans for our dedicated server customers.
We have 2 /22 IP range to provide all our dedicated server clients. We are in the business of dedicated server rental.
Currently we setup 1 vlan per switch (24 or 48 ports) but it allows client to steal IP from other client and it is hard to manage when a client needs new IP's and we do not have any more empty IP in the same range of the VLAN. We usually manually route IP to the vlan but now it has given us a big routing table with xxx.xxx.xxx.xxx 255.255.255.255 entry
So our routing table is full of single IP routing to Vlans for the customers and it has become more of a hassle to manage than anything else.
We are not sure how the "GOOD" way to do it is. There are a lot of dedicated server hosting companies out there and we are very much interested to know how they manage that in their switches.
I assume you are using layer 3 VPN, i.e. inteface VLAN and configure the IP in this interface. Each server or customer use separated VLAN, i.e. each customer has their IP segment.
If this is the case, you can use dynamic routing protocl then redistribute the connected interface (interface VLAN w/ IP) to the dynamic routing protocol. You will have a routing table w/ all VLAN. If the VLAN or interface which should not be included in the routing protocol, you can use"passive interface" to let those interface not be included in the routing protocol.
Or you can consider to use private VLAN to let each private VLAN not able to talk to each other but able to talk to common VLAN.
First as a correction to Jack's post, passive interface is not used to advertise or not advertise an interface subnet. Passive interface in EIGRP and OSPF means do not form any neighbor adjacency on this interface as for RIP it means do not send RIP updates but the interface will keep receiveing RIP updates. Therefore, passive interface is not used to set which network to advertise.
Using Private VLANs is a solution to have all users on same subnet but they can communicate with only one gateway. On the other hand, this does not prevent one of your clients changing his IP address and using any IP address range he would require. You don't want this to happen in your scenario.
I suggest the below:
- Divide the /22 subnets into smaller subnets and assign each customer a subnet based on his requirements.
- Create a VLAN on per subnet basis => on per client basis.
- IF you are using L3 switch it will do inter VLAN routing where all clients will be able to communicate to each others. If you don't want them to communicate with each others you filter traffic using a VLAN Access List and allow this client to communicate to his server on the same subnet and nothing else.
- If you are using L2 switches, then you creak a trunk to a router and create sub-interfaces on the router. This is called Router on a stick. Also, filter traffic between interfaces using ACLs.
I don't know if the above is clear enough but if you need further clarification let me know,
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...