[c-nsp] ISP LAN Design
Andre Beck
cisco-nsp at ibh.net
Wed May 25 12:09:23 EDT 2005
On Wed, May 25, 2005 at 01:06:54PM +0100, Mark Tohill wrote:
>
> Our problem at the moment is that we have entirely L2 to the edge.
> No VLAN's at all either L2/L3.
Again, you might have a look into the "HA Campus" papers offered at
www.cisco.com/go/srnd - they are more centered to enterprise topologies,
but still give you a lot of reasoning away from L2 and to L3 for ISP
networks. IMO some of the best meta-documentation you find @Cisco.
> With respect to protecting hosts etc., it's hard work with ACL
> maintainence etc.
Of course.
> Was hoping to introduce a few 'borders' where traffic can be controlled
> and standardized. i.e. similar hosts/applications are routed/protected
> in a similar manner.
That kind of border is usually the distribution layer, at least in
enterprise centric designs. However, the policy stuff tends to move
to the access layer. For ISPs, it has always been like that - but
they change to enterprise structures as well, with all that hosting
and Ethernet mass customer fanout of today.
BTW, please don't respond to a digest *and* fullquote it at the bottom.
Reverse quoting alone is evil enough.
HTH,
Andre.
--
The _S_anta _C_laus _O_peration
or "how to turn a complete illusion into a neverending money source"
-> Andre Beck +++ ABP-RIPE +++ IBH Prof. Dr. Horn GmbH, Dresden <-
More information about the cisco-nsp
mailing list