dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
693
share rss forum feed


USG50

@sbcglobal.net

What is the point of Virtual Interfaces?

I have a USG50 and USG20, and I love them both. Lot's of capabilities for their price. I've spent a fair amount of time learning them, and feel confident about understanding most of the features. However, I'm really confused about virtual interfaces and why I would need to use one. Can someone give me some scenarios where virtual interfaces make sense.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11

1 recommendation

One example would be if you have multiple WAN IP addresses and you need to have them on single physical interface.
On LAN side for a testing perhaps.

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..

1 recommendation

reply to USG50
If by virtual interfaces you include VLANs, then I use one for my printers to separately control their access to/from the world, and expect sooner or later to establish one for the rare guest.

One could argue that using VLANs in a single-family residential setting is the poster child of over-kill, (after all the other LAN interfaces could connect to separate cheap switches and be similarly regulated), but at a minimum the exercise is educational.

Also, the managed switch that is needed to use VLANs provides other features that may be useful.

kirby


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to USG50
I use VLANs for ISP fibreop access (internet side expects VLAN XX).


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11

1 edit
Sorry Kirby and Alex, you're mixing VLANs with Virtual Interfaces. ... not the same.
Virtual Interface is more like IP Alias. It allows you to configure multiple IP addresses onto same physical interface.
VLAN is layer 2 phenomenon.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Tx for the clarification but I knew that and was just backing up kirbykins on use of vlans.

zyxel_user

join:2013-06-20

1 recommendation

reply to Brano
Brano, thank you for the response. I had not thought about using virtual interfaces for multiple ISP IP's. From the reading I've done on this forum, and from the documentation, I thought that Policy Routes were the preferred ways for implementing multiple IP's.

Kirby/Anav, thank you for your posts, but I've quite aware of VLAN's and how/why to use them. It was the Virtual Interfaces that was throwing me off.

BTW, I am the original poster (USG50). I finally registered for an account.

FirebirdTN

join:2012-12-13
Brighton, TN
kudos:1
Reviews:
·Comcast

1 edit
reply to USG50
Thanks for bringing this thread back up. It helps me with a little project of mine:

I have a block of IPs. My ZyXel is only using one of them. I have several publicly accessible servers ahead of the USG [I have a switch between USG WAN1 and ISP].

The setup works, but all the bandwidth management and QoS settings in the world on the USG won't do a darn thing if the servers ahead of it saturate the bandwidth from our ISP.

I have been considering exactly how to move those "public" devices *behind* the USG, yet keep them accessible via their original public IPs.

From my very limited understanding, virtual interfaces are the key. If I am not mistaken policy routes just dictate which route [public IP] those "public" servers will use when sending traffic. I don't believe policy routes themselves define the additional IPs on an interface. (I hope I got this right-I haven't actually tried setting this up *yet*).

-Alan


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to Brano
said by Brano:

One example would be if you have multiple WAN IP addresses and you need to have them on single physical interface.

Can you expand on this please, why would I want to use virtual interfaces when I could simply use one to one or many to one mapping?

Further on page 113 of the latest UG why does it suggest using policy routes for multiple WANIPs?
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..
reply to USG50
"Virtual Interface ... allows you to configure multiple IP addresses onto same physical interface."

So, Brano, does that mean that the physical interface is acting like a VLAN trunk, except doing so at layer 3 instead of layer 2? That is, the IP addresses flow through it together, in a sense, and can be used individually somewhere downstream?

kirbykins


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
Virtual interface is simply a way how to assign a single physical interface multiple IP addresses. BTW this was known as IP alias in ZyNOS series.

A side note. I know for a fact that current FW has a bug in virtual interfaces where the interface is responding with ARP requests only for the primary IP rendering the feature pretty much useless for the time being. ZyXel is aware, not sure though if fix will be in next release.