From: Johnson, Chad (CJohnson4@tiaa-cref.org)
Date: Tue Jan 15 2008 - 12:22:30 EST
I have a server (Solaris 9) which has two network cards installed. Each
card sits in a separate network, for discussion we will say that ce0 is
10.175.1.10 and qfe0 is 192.168.2.10. The qfe interface sits in a
private VLAN which is one flat network with no switching or routing.
The ce0 interface is in our corporate routed and switched network.
>From time to time we must move a system (logical VLAN move) from the
corporate network into the private VLAN. The server described above is
an administrative server with visibility into both the switched and
routed corporate network as well as the private VLAN. This server is
used to access the systems once they have been placed into the private
VLAN as there is no access to this VLAN from the remainder of the
switched network. Once the target system has been moved to the private
VLAN it must have its IP address changed to match the subnet of the qfe
card (192.168.2.0) before it can be accessed.
What I have done is to create a virtual interface on the qfe (which only
talks to the private VLAN) for every subnet in use in the switched
corporate network. This works for every subnet except the 10.175.1.0 as
it is the subnet used for the ce0 interface. Any system moved into the
private VLAN which uses this subnet cannot be reached as all outbound
network attempts default to the ce0 interface and not the virtual
interface on the qfe card.
I obviously cannot remove / change the route for the ce0 card as the
system will no longer be accessible via the switched corporate network.
One solution I have proposed to the networking team is to create another
network segment using a subnet which is not used anywhere else in the
company and place the ce0 interface on that subnet. Doing so will
prevent the problem described above but the networking team may not 'go
for it'.
Are there any other solutions the group can provide which may solve this
problem?
TIA,
Chad Johnson
Please send all replies to cjohnson4@tiaa-cref.org
*****************************************************************************
***************
This message, including any attachments, contains confidential information
intended
for a specific individual and purpose, and is protected by law. If you are not
the intended
recipient, please contact the sender immediately by reply e-mail and destroy
all copies.
You are hereby notified that any disclosure, copying, or distribution of this
message, or
the taking of any action based on it, is strictly prohibited.
TIAA-CREF
*****************************************************************************
***************
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:40 EDT