[c-nsp] Assigning VLANs on a per-subnet basis
Michael K. Smith
mksmith at adhost.com
Sat Apr 15 00:36:42 EDT 2006
Hi Frank:
It seems that the most efficient way to approach the issue given the
constraints of your provider and of your RPR config on the back end would be
to do the Layer 3 mid point between your provider and each of you. Make the
uplink a /30 and then terminate each of the customer subnets on the device
and carry those on individual VLAN's across the ring.
I'm thinking you could use a mid-size L3 Switch like a 3650 or 3750 with the
Enhanced software and have VLAN interfaces for each subnet.
Mike
On 4/14/06 6:51 PM, "Frank Bulk" <frnkblk at iname.com> wrote:
> Bruce:
>
> That's how it works now on our existing point-to-point T1, DS-3, or Ethernet
> circuits. But if we want to buy bandwidth in bulk, all of it has to be
> Ethernet, and for us to make most efficient use of our regional transport it
> should be RPR-based Ethernet. And the only way our Fujitsu can do RPR and
> drop off traffic at each individual ISP on the ring is for the traffic to be
> tagged. If we do it the way you suggested, each ISP's edge router would see
> all the unicast traffic, like one big hub.
>
> We could revert to point-to-point links at the regional point of ingress,
> but then we would chew up four Ethernet ports as opposed to one (and it
> already has one of the four points in use) and we would have to size each
> point-to-point link within a separate STS-1 OR STS-3c link (can't bond
> STS-1s). So if each ISP uses less than 45 Mbps we would chew up four
> STS-1s. With the RPR-based Ethernet we can bond multiple STS-1s together,
> such that a shared pipe of 75 Mbps takes up just two STS-1s.
>
> Frank
>
> -----Original Message-----
> From: Bruce Pinsky [mailto:bep at whack.org]
> Sent: Friday, April 14, 2006 4:37 PM
> To: frnkblk at iname.com
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Assigning VLANs on a per-subnet basis
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Frank Bulk wrote:
>> I searched the archives several months back, but I couldn't find any
>> similar situations, so here goes:
>>
>> I'm looking to share an internet pipe with several other regional
>> ISPs. We will be receiving our internet pipe via a Cisco 2950 into
>> our Fujitsu 4500 shelf to transport it around our regional ring. But
>> the way the Fuji equipment drops off each ISP's traffic on this
>> RPR-Ethernet pipe has to be on a per-VLAN basis. So all the traffic *has*
> to be tagged.
>>
>> We can have our upstream provider tag each ISP's traffic with it's own
>> VLAN, but they rate-limit on a per-VLAN basis so we won't be able to
>> individually burst to the whole pipe. For example, if we get a 100
>> Mbps contract each ISP would be assigned a ixed 25 Mbps each and no one
> could burst above 25
>> Mbps. I would rather have our upstream provider rate limit on the
>> aggregate as opposed to the individual, but apparently that's not
> possible.
>>
>> One solution is VLAN stacking and having our upstream provider
>> rate-limit on the outer VLAN 'tunnel', not the inner. We're finding
>> out of they can do this.
>>
>> Another option is for us to use a layer-3 switch between the
>> provider's 2950 and our Fujitsu and create another hop. So each
>> provider's respective next hop would not be our upstream provider's
>> core router, but this layer-3 switch. We would basically be pulling
>> the routing out to the edge. I don't really want to add another routing
> point.
>>
>> The idea I do like is to get the whole 100 Mbps from the provider, and
>> then using a layer-3 switch tag the traffic based on the network it's
>> in using access lists. So if it's 192.168.1.0/24 and in access-list
>> 100 it might be VLAN A, 192.168.2.0/24 in access-list 101 it would be
>> VLAN B, etc. But our regional Cisco SE hasn't come up with a
> box/configuration that can do this.
>> Is this possible?
>>
>
> If the provider is going to tag the traffic, they would need to be able to
> differentiate the destinations via some mechanism in order to properly tag.
> So, why not simply have them route those destinations to the appropriate
> nexthop for each ISP on your ring and not tag the traffic or separate via
> VLAN at all. Your 2950 can be a simple bridge to get from the provider
> connection to your ring.
>
> So on the provider router:
>
> ip route 192.168.1.0 <ISP1 nexthop address> ip route 192.168.2.0 <ISP2
> nexthop address> ip route 192.168.3.0 <ISP3 nexthop address> ....
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFEQBX3E1XcgMgrtyYRAmF1AJ9Iq94YJtzDWZ6F5B9kZseej8Y9vQCghmqk
> nndrG4zMsqjik8CmAdNvCb4=
> =fZQF
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list