[c-nsp] Placing a server in a PoP

Kim Onnel karim.adel at gmail.com
Tue Oct 4 04:21:45 EDT 2005


Hello,


We're a considerablly big ISP, a customer asked us today to host a server
for him in the same LAN as our sole internet gateway, i need peoples
opinions about how this should be done right,

The idea is that this customers wants to open a chain of internet cafes and
will do scratch cards that are used at all the cafes, but of course he
doesnt have DSLAMs or coverage, so he will terminate his cafes on our
DSLAMs, which termiantes ppp on a juniper ERX box on the same LAN as the
internet gateway which has all the OC3s.


Internet ________
| | Server |
gateway-7600 |_______|
| | | _______
| eth1 | | eth0 | |
------------------------------------------------ | ERX |---(E1s/E3s
aggregator)---< DSLAMs
| |_______|
|
7206 BGP Customers
| |
| |
Multihoming Customers


*if the above is broken, its simply that the ERX and the server and the
Gateway and another router for BGP customers are all on the same LAN.

What the customer wants is to put his own radius on this server and do HTTP
proxy too, to be able to bill and authenticate his internet cafes customers
from their scratch cards, the box has 2 NICs one is supposed to have a
private IP and the other a real one,

and on the ERX we should configure a special profile with its next-hop set
to the private interface on the server, i wonder if that possible?

Because of my lack of experience, when i look at the above, i dont know how
this should be done RIGHT and if it shouldnt be done at all.

Whats the Best Case Practice to route the traffic to the server knowing that
this LAN has the intenet gateway, so maximum security/stability is required.

On the same giga ether. switch of the LAN that has the 7600 gateway and the
server and the ERX, there is another 7206 router that terminates multihoming
customers that peer BGP with us.

The LAN switch that has all these is a Cisco WS-C3508G-XL cascaded with
another WS-C3524-XL, both has very old IOS that doesnt support the neat new
VLAN featues,

WS-C3508G-XL: 12.0(5)XU
WS-C3524-XL: 12.0(5.2)XU

We definitely wouldnt have the server interface with the real IP on the same
subnet with the Giga Int. of the 7600(internet gw) or the ERX.

One idea we have is to put the server on a small 2950 switch and configure
subinterfaces on the Fast Ether. of the 7206 router and 2 VLANs between the
2 switches, each VLAN for each interface on the server and do inter vlan
routing then, thats one suggestion but i welcome all ideas and tips

Thanks


More information about the cisco-nsp mailing list