[c-nsp] Best Practices for Transporting Layer-2 Services
Tom Hill
tom at ninjabadger.net
Fri Jan 13 21:40:01 EST 2023
On 2023-01-12 16:45, Shawn L via cisco-nsp wrote:
> I'm wondering what other providers are doing when they need to
> transport a
> bunch of third-party layer-2 services?
>
> For Example -- if another SP wants to hand you 3 vlans (for example
> 10,11,12) and have you transport them to a couple of sites. Vlan 10
> (could
> be Q-in-Q or not) needs to go to sites A and B, vlan 11 (again could be
> Q-in-Q) needs to go to sites C and D, etc.
>
> I'm specifically asking (in a cisco world) what do you do to protect
> yourself from any funny business (spanning tree, whatever) that may
> happen
> on the other provider's network or on the end-customer's network.
The normal answer in Cisco land, even today, is to use Martini-draft P2P
pseudowires (either tag or port-based MPLS interconnects) which will use
tLDP for establishment, and should serve you very well (especially at a
port-based level) for a P2P service. In theory tLDP could run in concert
with SR-MPLS, but you might need to think carefully about label
allocation, or... [read on]
... use BGP EVPN, and pay very careful attention to the port security
options (e.g. bpduguard, BUM rate-limits) as well as the ARP/ND
sponging/proxy facilities therein. For multipoint L2VPN, this should be
replacing VPLS now.
Realistically though, protection from storms is hardware dependent, and
making sure that the config is correct is only half of the battle. I
would consider not building L2VPNs for third parties where you don't
control the CE, realistically. Do they really need L2?
Tom
More information about the cisco-nsp
mailing list