[nsp] Colo DC setup

[Sven Huster]

Hello

I'm trying to design a new network for our colo/dedicated server customers.
What we are going to get will be most propably 2x 6500s for the core/distribution and 2950s for the access layer. So the customers servers will be connected to the 2950s which got 1 uplink to each of the 6500s running HSRP.
The 6500s will also be connected to our upstream ISPs as well as peers running BGP.
Guess the 6500s will run native IOS and the 2950 the EI.

We got a /19 which is split into /24s where the customers servers are on.

What I wanted to do then is to isolated the customers servers as much as possible with the option to enable communication were necessary.

I read about PVLAN and protected ports but can really fit this together 100%.

Can someone outline how-to configure the 6500s and the 2950s to work in the described setup, please?

I guess I create a primary VLAN e.g. for the subnet 10.1.1.0/24 (pvlan-10-1-1) and assign a secondary VLAN (svlan-10-1-1) to it and use VLAN-ACLs to deny traffic between the servers.
Do I need to create only one secondary for all the machines in the primary or do i need to break it down more then that?

Also as far as i understand I configure the server ports on the 2950s as protected and the trunks not. 

But how to I configure the VLAN membership on the 2950s. Primary or secondary VLAN?

How will the traffic flow? Will it be part of the primary VLAN once it left the 2950 or will it be carried on the secondary?

How will broadcast traffic being handled?

Many thanks
Kind regards
--
Sven