[c-nsp] Best practices for Colo LAN infrastructure?

Thu Nov 11 08:29:40 EST 2004

Morning all,

We are a small but growing Co-location provider based in Tulsa, OK.  We have
grown to the point that I think it is time we moved from our legacy flat network
(two VLANs - a public VLAN that all of our Co-lo customers reside on and a
private VLAN that our servers reside on) to a per-customer private VLAN model.
I have several ideas on how this can be done, but I thought I would get the
lists advice on how best to go about migrating/implementing this.  Our current
setup is as follows:

- Cisco 7204VXR core router with 2 DS-3s for transit connectivity
- Cisco 7204VXR router terminating our T-1 and xDSL customers
- 4 x HP ProCurve 2650 48-port 10/100 L2 switches that connect directly to the
Co-lo customers
- 1 x HP ProCurve 2824 24-port Gig-E L2 switch for aggregation of the 2650s (all
connect back to the 2824 via a x-over cable on the gig-E ports).  The Cisco's
connect here too.
- A ETINC bandwidth management appliance that sits in between the FE int on the
Cisco router and the 2824 switch for bandwidth accounting/shaping purposes

Right now, we have two /24s (nearly full) assigned to the Co-lo LAN via
secondary interface assignments on the core 7204 which is how the Co-lo
customers get out to the 'net.  We have been simply handing out /32 IPs to
customers as needed, although some customers do have larger blocks that are
within traditional subnet limits.

My idea is to move to a private VLAN model using 802.1Q VLAN tagging/trunking.
The ProCurve's should support this without a problem from what I've read.  The
questions I have are:

- Should I implement a "VLAN aggregation" L3 device/switch?  If so, any
recommendations on make/model?
- If no to the above, is it feasible to terminate the dot1q subints on my 7204VXR?
- I've read up a bit on the Cisco 3550's and note that they have the capability
of using SVI's which seem like they would be appropriate to use in this
situation.  Can anyone give an example of how they are using SVIs for their
customers?
- Am I required to use subnets to do this, or can I somehow route /32s to the
private VLANs when needed to avoid renumbering existing customers?  What I'm
looking for is something like what Cisco does with RBE when it comes to DSL agg
(we use RBE for our DSL customers, and route /32s to the ATM subints, and have
secondary /24s on the loopback interface).  I would like to prevent IP theft as
well, which RBE does nicely for us in regards to xDSL agg.
- Are the HP ProCurves up to the task?  We had a few Cisco 3350-48's a few
months back, but I sold them and replaced them with ProCurves.  I'm now
wondering if that was the right move as the 3550s seem to have better L3
capabilities
- We do tape backups for many of our Co-lo customers.  Right now, the backup
tape machine never passes through the router to run backups over IP as it has
Ethernet interfaces on both /24s.  In the new private VLAN model, is there a
practical way to avoid having the backup traffic go through the router?

Thanks for advice anyone can offer.

-- 

-----------------------------------------
Mike Bacher / isp-list at tulsaconnect.com
TCIS - TulsaConnect Internet Services
Phone: 918-584-1100x110 Fax: 918-582-5776
-----------------------------------------