[c-nsp] Assigning VLANs on a per-subnet basis

Frank Bulk frnkblk at iname.com
Sat Apr 15 08:50:43 EDT 2006


Our upstream provider's networking guru thought perhaps there was a way to
inspect the traffic at layer 3 but switch and tag the traffic at layer 2,
but if the collective experience of this listserv can't think of a way, then
it's probably not possible. =)

I talked to our upstream provider yesterday and they can't perform Q-in-Q at
this time, so it looks like the layer-3 midpoint is the most effective way.

We already have /30's between each of the ISPs and the upstream provider;
what I'm thinking is that we establish a new stub net between the upstream
provider and the layer-3 midpoint, and just move the existing /30's up from
the upstream provider's core to the new L3 device.

Today:
     provider's core router             
         ========     virtual point-to-point connections
         |   A1 | <===> A2 (Ethernet)
core ==> |   B1 | <===> B2 (DS-3)
         |   C1 | <===> C2 (multiple T1s)
         |   D1 | <===> D2 (multiple T1s)
         ========
Tomorrow:

Upstream     L-3 midpoint                                 Fujitsu    RPR
Ring
Provider     =========                                    ========= A2----B2
             |    A1 |                                    |       |/
\
X <========> | Y  B1 | <===== 802.1Q tagged traffic =====>|       |
C2
             |    C1 |                                    |       |\
/
             |    D1 |                                    |       | ------D2

             =========                                    ========= 

The remaining question in my mind: is it worth the $4K and another point of
management and failure to have any one of the ISPs burst to the maximum
available aggregate bandwidth, as opposed to being rate-limited by our
upstream provider on their individual VLAN?  Remember, our upstream provider
is willing to bill as a group but tag each ISP's traffic, but then each
ISP's tagged traffic would be rate-limited individually as opposed to being
wide open for the maximum purchased speed.

Frank

-----Original Message-----
From: Bruce Pinsky [mailto:bep at whack.org] 
Sent: Saturday, April 15, 2006 12:43 AM
To: Michael K. Smith
Cc: frnkblk at iname.com; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Assigning VLANs on a per-subnet basis

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael K. Smith wrote:
> Hi Frank:
> 
> It seems that the most efficient way to approach the issue given the 
> constraints of your provider and of your RPR config on the back end 
> would be to do the Layer 3 mid point between your provider and each of 
> you.  Make the uplink a /30 and then terminate each of the customer 
> subnets on the device and carry those on individual VLAN's across the
ring.
> 
> I'm thinking you could use a mid-size L3 Switch like a 3650 or 3750 
> with the Enhanced software and have VLAN interfaces for each subnet.
> 

Agreed.  That's what I started to write the first time before I suggested
the simpler "bridge only"/"exchange LAN" topology not knowing the
constraints.

I can't think of any way to put .1Q tags on packets that come in untagged
without directing/switching them onto .1Q VLANs at layer 3.  I don't believe
there is a mechanism at layer 2 to inspect packets and tag them based on
arbitrary criteria (like source or destination address).

At layer 2 only, Q in Q termination would be your best bet but I can't say
if your provider can provide Q in Q tagging and also rate limit on the
aggregate, double-tagged traffic.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEQIfYE1XcgMgrtyYRAqMsAKD9dKpAgm08YVzIC380P8PhGev66ACgrqt2
A9uyvxoUTQz4SW0Uw/BX9Xo=
=S4BD
-----END PGP SIGNATURE-----



More information about the cisco-nsp mailing list