[c-nsp] Assigning VLANs on a per-subnet basis

[Frank Bulk]

Bruce:

That's how it works now on our existing point-to-point T1, DS-3, or Ethernet
circuits.  But if we want to buy bandwidth in bulk, all of it has to be
Ethernet, and for us to make most efficient use of our regional transport it
should be RPR-based Ethernet.  And the only way our Fujitsu can do RPR and
drop off traffic at each individual ISP on the ring is for the traffic to be
tagged.  If we do it the way you suggested, each ISP's edge router would see
all the unicast traffic, like one big hub.

We could revert to point-to-point links at the regional point of ingress,
but then we would chew up four Ethernet ports as opposed to one (and it
already has one of the four points in use) and we would have to size each
point-to-point link within a separate STS-1 OR STS-3c link (can't bond
STS-1s).  So if each ISP uses less than 45 Mbps we would chew up four
STS-1s.  With the RPR-based Ethernet we can bond multiple STS-1s together,
such that a shared pipe of 75 Mbps takes up just two STS-1s.

Frank

-----Original Message-----
From: Bruce Pinsky [mailto:bep at whack.org] 
Sent: Friday, April 14, 2006 4:37 PM
To: frnkblk at iname.com
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Assigning VLANs on a per-subnet basis

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Bulk wrote:
> I searched the archives several months back, but I couldn't find any 
> similar situations, so here goes:
> 
> I'm looking to share an internet pipe with several other regional 
> ISPs.  We will be receiving our internet pipe via a Cisco 2950 into 
> our Fujitsu 4500 shelf to transport it around our regional ring.  But 
> the way the Fuji equipment drops off each ISP's traffic on this 
> RPR-Ethernet pipe has to be on a per-VLAN basis.  So all the traffic *has*
to be tagged.
> 
> We can have our upstream provider tag each ISP's traffic with it's own 
> VLAN, but they rate-limit on a per-VLAN basis so we won't be able to 
> individually burst to the whole pipe.  For example, if we get a 100 
> Mbps contract each ISP would be assigned a ixed 25 Mbps each and no one
could burst above 25
> Mbps.   I would rather have our upstream provider rate limit on the
> aggregate as opposed to the individual, but apparently that's not
possible.
> 
> One solution is VLAN stacking and having our upstream provider 
> rate-limit on the outer VLAN 'tunnel', not the inner.  We're finding 
> out of they can do this.
> 
> Another option is for us to use a layer-3 switch between the 
> provider's 2950 and our Fujitsu and create another hop.  So each 
> provider's respective next hop would not be our upstream provider's 
> core router, but this layer-3 switch.  We would basically be pulling 
> the routing out to the edge.  I don't really want to add another routing
point.
> 
> The idea I do like is to get the whole 100 Mbps from the provider, and 
> then using a layer-3 switch tag the traffic based on the network it's 
> in using access lists. So if it's 192.168.1.0/24 and in access-list 
> 100 it might be VLAN A, 192.168.2.0/24 in access-list 101 it would be 
> VLAN B, etc.  But our regional Cisco SE hasn't come up with a
box/configuration that can do this.
> Is this possible?
> 

If the provider is going to tag the traffic, they would need to be able to
differentiate the destinations via some mechanism in order to properly tag.
 So, why not simply have them route those destinations to the appropriate
nexthop for each ISP on your ring and not tag the traffic or separate via
VLAN at all.  Your 2950 can be a simple bridge to get from the provider
connection to your ring.

So on the provider router:

ip route 192.168.1.0 <ISP1 nexthop address> ip route 192.168.2.0 <ISP2
nexthop address> ip route 192.168.3.0 <ISP3 nexthop address> ....

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEQBX3E1XcgMgrtyYRAmF1AJ9Iq94YJtzDWZ6F5B9kZseej8Y9vQCghmqk
nndrG4zMsqjik8CmAdNvCb4=
=fZQF
-----END PGP SIGNATURE-----