Can a router have 2 of its interfaces on the same subnet?

JoeBirds · April 2013

Picture a simple LAN with a 2 switches and a few PCs on each switch. Can a router have each of its interfaces connecting to each switch? I know it would definitely work for the LAN only traffic as the router wouldn't even come into play and the switches would simply forward the traffic directly to the destination. I still can't see how it wouldn't work but then when I google it, most people say it wouldn't. I know this would mess up the routing table, but I simply don't see how traffic wouldn't traverse.

Thanks in advanced.

networker050184 · April 2013

So if you have the same subnet on two interfaces how does the router know where to send the traffic?

JoeBirds · April 2013

networker050184 wrote: »

So if you have the same subnet on two interfaces how does the router know where to send the traffic?

A WAN link could certainly be used to forward the traffic. The router doesn't HAVE to use only 2 interfaces. Don't get me wrong, I know this would be completely impractical, but for a router with only one LAN connected to it, I don't see how it could not forward traffic out it's WAN interfaces.

deth1k · April 2013

not sure about routers but you can with L3 switch using "ip unnumbered" on SVIs

Met44 · April 2013

Go back to the first example with the two switches... if the router attempts to ping a PC on the LAN, which interface does it choose to send the packet out of? What happens if the PC was connected to the other interface? The situation is the same if the router attempts to route packets between the LAN segments.

pogue · April 2013

From the host perspective, you're right, the host will forward out their ethernet ports so long as the default gateway is set to be in the same network it's IP address is in.

Now, if you could somehow configure two different "routed" (this is the key) ports for the same network, as met44 has stated, how would the router know which port to send it out of? The router does not know whether or not all the hosts are connected off both router ports. So, what does it do? "Load-balance"? If so, a single host connected off of one single router port will only receive half of it's packets.

No bueno.

Does it send it out of "both" ports??

Router don't do that. It's hard to come up with a single example, as your hypothetical situation goes against every concept of what routers do, but I can easily imagine a network topology that would generate a broadcast storm if a router routed the same packet to two different ports. This could easily take down a switched network connected to this hypothetical router.

Hopefully this clears things up a bit.

Russ

JoshyJ · April 2013

Yes you can. The two switches need to be stacked and the two ports will be setup with etherchannel.

pogue · April 2013

JoshyJ wrote: »

Yes you can. The two switches need to be stacked and the two ports will be setup with etherchannel.

Well, yes.... But this is not technically what the OP was referring to. He was talking about configuring two different routed ports with two different IPs in the same subnet.

An etherchannel basically "smooshes" two ethernet ports together and makes them act as one, with a single IP address. (Unless doing inter-VLAN routing..)

Russ

xXErebuS · April 2013

If you use IRB you can... but then the interfaces are not technically "routed" interfaces as I believe pogue was hinting at.

JoeBirds · April 2013

pogue wrote: »

From the host perspective, you're right, the host will forward out their ethernet ports so long as the default gateway is set to be in the same network it's IP address is in.

Now, if you could somehow configure two different "routed" (this is the key) ports for the same network, as met44 has stated, how would the router know which port to send it out of? The router does not know whether or not all the hosts are connected off both router ports. So, what does it do? "Load-balance"? If so, a single host connected off of one single router port will only receive half of it's packets.

No bueno.

Does it send it out of "both" ports??

Router don't do that. It's hard to come up with a single example, as your hypothetical situation goes against every concept of what routers do, but I can easily imagine a network topology that would generate a broadcast storm if a router routed the same packet to two different ports. This could easily take down a switched network connected to this hypothetical router.

Hopefully this clears things up a bit.

Russ

I guess I'm just imagining the routing table listing the LAN (192.168.3.0/24, let's use) out both of those interfaces. When you said that the host will only get half of the packets if the router "load balanced", why would that be? The packets would have the same destination MAC address, they are just going out two ports. The switch would still forward each packet to the host as they all have the same desination MAC, they are just coming from 2 different router ports. I don't see why the half the packets would be dropped. The switch would forward each packet based on it's destination MAC, as it would stay the same even though the router is "load-balancing" out both of it's Fa ports.

Sorry if I'm being an annoyance, I just can't wrap my head around it. Lab time.

karthik537 · May 2013

Hi pogue,

Please find the hypothetical topology above.

In the figure lets say the Router R2 is having two different ip addresses of same subnet prefix on two ports.

Lets say the ip addresses of these 2 ports as 192.168.1.1 and 192.168.1.2 and the ip address of outside port of R2 as 213.10.25.1 (global unique address).

and the ip addresses of PC7 is 192.168.1.7
the ip addresses of PC5 is 192.168.1.5
the ip addresses of PC8 is 192.168.1.8
the ip addresses of PC9 is 192.168.1.9
the ip addresses of PC6 is 192.168.1.6
the ip addresses of PC10 is 192.168.1.10

and lets say we have dynamic NAT in R2 and the the traffic from all the above PC's will be mapped to 213.10.25.1 with different ports for every PC.

So, now if PC7 has requested http traffic, then in the way of receiving the response, when the traffic for PC7 comes from R1 to R2, lets say with the dynamic NAT, the destination address resoluted as 192.168.1.7:80. So, now here is the confusion on which port to go. Here at this point, why can't we have a mechanism like for a group of addresses in the subnet, the traffic has to go on a particular ip address. Like, the traffic for the ip addresses 192.168.1.7, 192.168.1.5 and 192.168.1.8 has to go on the port having the ip address 192.168.1.1 of Router R2. And the traffic for the ip addresses 192.168.1.9, 192.168.1.6 and 192.168.1.10 has to go on the port having the ip address 192.168.1.2 of Router R2.

wrwarwick · May 2013

karthik537 wrote: »

Hi pogue,

Please find the hypothetical topology above.

In the figure lets say the Router R2 is having two different ip addresses of same subnet prefix on two ports.

Lets say the ip addresses of these 2 ports as 192.168.1.1 and 192.168.1.2 and the ip address of outside port of R2 as 213.10.25.1 (global unique address).

and the ip addresses of PC7 is 192.168.1.7
the ip addresses of PC5 is 192.168.1.5
the ip addresses of PC8 is 192.168.1.8
the ip addresses of PC9 is 192.168.1.9
the ip addresses of PC6 is 192.168.1.6
the ip addresses of PC10 is 192.168.1.10

and lets say we have dynamic NAT in R2 and the the traffic from all the above PC's will be mapped to 213.10.25.1 with different ports for every PC.

So, now if PC7 has requested http traffic, then in the way of receiving the response, when the traffic for PC7 comes from R1 to R2, lets say with the dynamic NAT, the destination address resoluted as 192.168.1.7:80. So, now here is the confusion on which port to go. Here at this point, why can't we have a mechanism like for a group of addresses in the subnet, the traffic has to go on a particular ip address. Like, the traffic for the ip addresses 192.168.1.7, 192.168.1.5 and 192.168.1.8 has to go on the port having the ip address 192.168.1.1 of Router R2. And the traffic for the ip addresses 192.168.1.9, 192.168.1.6 and 192.168.1.10 has to go on the port having the ip address 192.168.1.2 of Router R2.

In the above case you wouldn't have a router in R2's place - it would be a switch. The function of a router is to route between two networks; you would never need to route between the same subnet. Remember the OSI model: routing operates at layer 3, and switching at layer 2. All of the PCs in your local LAN in the example would not need a router to talk to each other because of this.

As for your confusion, just remember the OSI model. You don't use a router to segment layer 2 domains. A router is just not used for the purpose that you are indicating.

instant000 · May 2013

I couldn't even make a router take this misconfiguration. You get a warning message that the interface is misconfigured.

if the interface is already up, it just won't take the IP.
if the interface is down, it'll let you input the bad IP, but it'll stay ADMINISTRATIVELY down.

*Mar  1 00:00:09.599: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Mar  1 00:00:09.599: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar  1 00:00:09.759: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 17-Aug-10 12:08 by prod_rel_team
*Mar  1 00:00:09.779: %SNMP-5-COLDSTART: SNMP agent on host R1 is undergoing a cold start
*Mar  1 00:00:09.839: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Mar  1 00:00:09.839: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Mar  1 00:00:10.599: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Mar  1 00:00:10.599: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R1#
R1#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down
FastEthernet0/1            unassigned      YES unset  administratively down down
R1#config t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int range f0/0 - 1
R1(config-if-range)#no shut
R1(config-if-range)#int f0/0
R1(config-if)#
*Mar  1 00:00:43.575: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 00:00:43.595: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar  1 00:00:44.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#ip
*Mar  1 00:00:44.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#int f0/1
R1(config-if)#do sho ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1     YES manual up                    up
FastEthernet0/1            unassigned      YES unset  up                    up
R1(config-if)#ip address 192.168.1.2 255.255.255.0
% 192.168.1.0 overlaps with FastEthernet0/0
R1(config-if)#do sho ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1     YES manual up                    up
FastEthernet0/1            unassigned      YES unset  up                    up
R1(config-if)#shut
R1(config-if)#do sh
*Mar  1 00:01:36.923: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Mar  1 00:01:37.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
R1(config-if)#do sho ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1     YES manual up                    up
FastEthernet0/1            unassigned      YES unset  administratively down down
R1(config-if)#ip address 192.168.1.2 255.255.255.0
% 192.168.1.0 overlaps with FastEthernet0/0
R1(config-if)#no shut
% 192.168.1.0 overlaps with FastEthernet0/0
FastEthernet0/1: incorrect IP address assignment
R1(config-if)#do sho ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1     YES manual up                    up
FastEthernet0/1            192.168.1.2     YES manual administratively down down
R1(config-if)#end
R1#
*Mar  1 00:02:01.899: %SYS-5-CONFIG_I: Configured from console by console
R1#

PCHoldmann · May 2013

IRB is the only way to make this work.

Here's my lab config:
######################
bridge irb
!
interface FastEthernet1/0
no ip address
speed auto
duplex auto
bridge-group 1
!
interface FastEthernet1/1
no ip address
speed auto
duplex auto
bridge-group 1
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
!
bridge 1 protocol ieee
bridge 1 route ip
######################

The BVI interface is basically the same thing as an SVI (VLAN) interface on a layer 3 switch. Any IP configuration would be done here.

Priston · May 2013

I've never heard of BVI, could it be used like Etherchannel. Using 2 links between a 2811 and a gateway.

networker050184 · May 2013

Why not just actually use an actual etherchannel in that scenario? BVI for sutff like this is just adding unneeded complexity. Design it right and don't hack L2 networks together.

Priston · May 2013

At first I didn't realize 2811s supported Etherchannel but I guess they do.

wintermute000 · May 2013

THe standard answer is that a router cannot. Not sure re: the 'hacks' described above.
However interestingly many appliances can do this e.g. most linux based implementations, they can assign as many floating IPs in the same interface as you want. Ditto with firewalls presenting virtual IPs or an ASA NATting multiple IPs in the same subnet.
You can also use secondary IPs on a router interface but there are strong caveats to doing this.

The 'correct' way of doing what you want is to use multilayer switching and have two interfaces on the same VLAN, then the IP is on the SVI or BVI. You can do this with a 'true' multilayer switch or a switch card in a router.

PCHoldmann · May 2013

You would only be able to do etherchannel to a single switch or a stack, not two standalone switches.

Whether this "should" be done or not would depend on your design goals.

xXErebuS · May 2013

EDIT: didn't see Priston's post

Can a router have 2 of its interfaces on the same subnet?

Comments