[c-nsp] Assigning VLANs on a per-subnet basis

Bruce Pinsky bep at whack.org
Fri Apr 14 17:36:55 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Bulk wrote:
> I searched the archives several months back, but I couldn't find any similar
> situations, so here goes:
> 
> I'm looking to share an internet pipe with several other regional ISPs.  We
> will be receiving our internet pipe via a Cisco 2950 into our Fujitsu 4500
> shelf to transport it around our regional ring.  But the way the Fuji
> equipment drops off each ISP's traffic on this RPR-Ethernet pipe has to be
> on a per-VLAN basis.  So all the traffic *has* to be tagged.
> 
> We can have our upstream provider tag each ISP's traffic with it's own VLAN,
> but they rate-limit on a per-VLAN basis so we won't be able to individually
> burst to the whole pipe.  For example, if we get a 100 Mbps contract each
> ISP would be assigned a fixed 25 Mbps each and no one could burst above 25
> Mbps.   I would rather have our upstream provider rate limit on the
> aggregate as opposed to the individual, but apparently that's not possible.
> 
> One solution is VLAN stacking and having our upstream provider rate-limit on
> the outer VLAN 'tunnel', not the inner.  We're finding out of they can do
> this.
> 
> Another option is for us to use a layer-3 switch between the provider's 2950
> and our Fujitsu and create another hop.  So each provider's respective next
> hop would not be our upstream provider's core router, but this layer-3
> switch.  We would basically be pulling the routing out to the edge.  I don't
> really want to add another routing point.
> 
> The idea I do like is to get the whole 100 Mbps from the provider, and then
> using a layer-3 switch tag the traffic based on the network it's in using
> access lists. So if it's 192.168.1.0/24 and in access-list 100 it might be
> VLAN A, 192.168.2.0/24 in access-list 101 it would be VLAN B, etc.  But our
> regional Cisco SE hasn't come up with a box/configuration that can do this.
> Is this possible?
> 

If the provider is going to tag the traffic, they would need to be able to
differentiate the destinations via some mechanism in order to properly tag.
 So, why not simply have them route those destinations to the appropriate
nexthop for each ISP on your ring and not tag the traffic or separate via
VLAN at all.  Your 2950 can be a simple bridge to get from the provider
connection to your ring.

So on the provider router:

ip route 192.168.1.0 <ISP1 nexthop address>
ip route 192.168.2.0 <ISP2 nexthop address>
ip route 192.168.3.0 <ISP3 nexthop address>
....

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEQBX3E1XcgMgrtyYRAmF1AJ9Iq94YJtzDWZ6F5B9kZseej8Y9vQCghmqk
nndrG4zMsqjik8CmAdNvCb4=
=fZQF
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list