<div dir="ltr">Hi Harald,<div><br></div><div>Thanks again for the input.</div><div><br></div><div><i style="color:rgb(0,0,255)">"You basically have to ask your provider whether they can send traffic for @relamA and @relamB to different LNS IP-addresses.</i><br><i style="color:rgb(0,0,255)">If they can, you could use @realmA customers to be terminated at some cheapo-LNS-device - they only get internet-access - end of story." </i><font color="#000000"><<< I am grasping the idea of SP sending requests to us to multiple 7204vxr but what do you mean by @realmA to be terminated to some cheapo LNS device and only internet access? I thought if we have two realms like </font><b><font color="#ff0000">john</font><font color="#000000">@<a href="http://mytelecom-a.com">mytelecom-a.com</a></font></b><font color="#000000"> would need the same support as a user we sign up like </font><b><font color="#ff0000">sally</font></b><b style="color:rgb(0,0,0)">@<a href="http://mytelecom-b.com">mytelecom-b.com</a></b><font color="#000000"> </font><br></div><div><br></div><div><font color="#0000ff" style="font-style:italic">"And then you could use @realmB customers to be directed to some cisco/juniper/.. box where you can then add VRF and other options." </font><font color="#000000"><<< I thought VRF is needed regardless (on both realmA or realmB) to keep customer public IPs on separate virtual routes so they can't sniff each other packets etc...which means we have to do this regardless. Isn't that so? is there another solution as well?</font><br></div><div><i><font color="#0000ff"><br></font></i></div><div><font color="#0000ff" style="font-style:italic">"if your vrf customers get IPs from local cisco ip-pools you might even be able to get vrf2vrf-connectivity by using static routes" </font><font color="#000000"><<< We are getting multiple /24 blocks from our IP Transit provider (which might also be our same DSLAM service provider) and I thought we talked that those will be in Radius server and passed on to SP to assign to customer. I am not clear on this part at all yet.</font><i><font color="#0000ff"><br></font></i></div><div><font color="#000000"><br></font></div><div><font color="#0000ff" style="font-style:italic">" I'd suggest in anyway to get two boxes, just in case one breaks or better have them both terminate your sessions and be redundant always" </font><font color="#000000"><<< We definitely have the budget for two or three boxes of these. Is there any way to create a HA redundancy using multiple boxes?</font><font color="#000000"><br></font></div><div><font color="#000000"><br></font></div><div><font color="#000000">Cheers,</font></div><div><font color="#000000"><br></font></div><div><font color="#000000"><br></font></div><div><i><font color="#0000ff"><br></font></i></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 11, 2017 at 8:20 PM, Harald Kapper <span dir="ltr"><<a href="mailto:hk@kapper.net" target="_blank">hk@kapper.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi<br>
Actually a „7204vxr“ is just a chassis, the NPE-G2 is what makes things work this is basically the cpu + 3xGig-Ethernet + 100Meg-management-port.<br>
The G2 is the limiting factor, also there is no better NPE available for 72xx routers anyways.<br>
<br>
You can of course use a switch with a SFP module to terminate your fiber access and you very much so should.<br>
<br>
The support for multiple router would be needed from your broadband-service because:<br>
They decide which connection they send to your LNS or your multitple LNS boxes, at least they should support terminating at two different IPs on your end, but maybe they even support more than two l2tp-endpoints, but if they support only one IP then you have no way to move sessions from one 72xx to another. The more l2tp-endpoint-IPs they support the more LNS devices you can run on your end and scale by adding hardware.<br>
<br>
Ad) mikrotik - this is simply a box to terminate sessions and hand out IPs, vrf is not supported (you could do some hacks, but don't).<br>
Ubiquiti doesn't do plain l2tp-lns as you mentioned yourself, don't do it :).<br>
<span class="gmail-"><br>
>> 4- I am not exactly sure what you mean here:<br>
"If you can get multiple endpoints for different realms from your broadband-service you might even consider to have one realm to terminate internet-traffic only using a cheap mikrotik and use another realm to terminate at one or more 72xx for vrf-use." Can you please explain? Our provider does allow us to have multiple realms but I am not sure if they send this to multiple devices or not. They will give us a 6 strand fiber but maybe they will use one strand to terminate AHHSPI.<br>
<br>
</span>You basically have to ask your provider whether they can send traffic for @relamA and @relamB to different LNS IP-addresses.<br>
If they can, you could use @realmA customers to be terminated at some cheapo-LNS-device - they only get internet-access - end of story.<br>
And then you could use @realmB customers to be directed to some cisco/juniper/.. box where you can then add VRF and other options.<br>
If your broadband-provider sends @realmB sessions to more than one LNS IP-address, you might consider some sane cisco-to-cisco setup to keep the vrf users in sync, this can either be achieved by using ospf in each vrf between the ciscos or by using bgp-vpnv4 (if you're not fluent in mpls this might give you more headache than it's worth for starters), if your vrf customers get IPs from local cisco ip-pools you might even be able to get vrf2vrf-connectivity by using static routes, but I guess you get the point.<br>
<br>
Anyway, for a 100meg starter plan I'd suggest get some NPE-G1 or NPE-G2 boxes (better G2) and if you're not cisco aware, do lots of reading, you can easily feature-overload one box, but if you do well you can scale up to several hundreds of users and deliver roughly 500 mbit/s per box without lots of worries. I'd suggest in anyway to get two boxes, just in case one breaks or better have them both terminate your sessions and be redundant always, this way if you have to reboot one box, only roughly 50% of your users get disconnected.<br>
<br>
If you have no budget, you could even get started using some C2851 boxes, but they will be easily maxed out at some 100+ Mbit/s traffic, but you can buy them for virtually no money.<br>
<br>
Regards<br>
<span class="gmail-HOEnZb"><font color="#888888">hk<br>
<br>
<br>
<br>
<br>
</font></span></blockquote></div><br></div></div>