[c-nsp] Assigning VLANs on a per-subnet basis
Frank Bulk
frnkblk at iname.com
Sat Apr 15 08:50:43 EDT 2006
Our upstream provider's networking guru thought perhaps there was a way to
inspect the traffic at layer 3 but switch and tag the traffic at layer 2,
but if the collective experience of this listserv can't think of a way, then
it's probably not possible. =)
I talked to our upstream provider yesterday and they can't perform Q-in-Q at
this time, so it looks like the layer-3 midpoint is the most effective way.
We already have /30's between each of the ISPs and the upstream provider;
what I'm thinking is that we establish a new stub net between the upstream
provider and the layer-3 midpoint, and just move the existing /30's up from
the upstream provider's core to the new L3 device.
Today:
provider's core router
======== virtual point-to-point connections
| A1 | <===> A2 (Ethernet)
core ==> | B1 | <===> B2 (DS-3)
| C1 | <===> C2 (multiple T1s)
| D1 | <===> D2 (multiple T1s)
========
Tomorrow:
Upstream L-3 midpoint Fujitsu RPR
Ring
Provider ========= ========= A2----B2
| A1 | | |/
\
X <========> | Y B1 | <===== 802.1Q tagged traffic =====>| |
C2
| C1 | | |\
/
| D1 | | | ------D2
========= =========
The remaining question in my mind: is it worth the $4K and another point of
management and failure to have any one of the ISPs burst to the maximum
available aggregate bandwidth, as opposed to being rate-limited by our
upstream provider on their individual VLAN? Remember, our upstream provider
is willing to bill as a group but tag each ISP's traffic, but then each
ISP's tagged traffic would be rate-limited individually as opposed to being
wide open for the maximum purchased speed.
Frank
-----Original Message-----
From: Bruce Pinsky [mailto:bep at whack.org]
Sent: Saturday, April 15, 2006 12:43 AM
To: Michael K. Smith
Cc: frnkblk at iname.com; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Assigning VLANs on a per-subnet basis
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael K. Smith wrote:
> Hi Frank:
>
> It seems that the most efficient way to approach the issue given the
> constraints of your provider and of your RPR config on the back end
> would be to do the Layer 3 mid point between your provider and each of
> you. Make the uplink a /30 and then terminate each of the customer
> subnets on the device and carry those on individual VLAN's across the
ring.
>
> I'm thinking you could use a mid-size L3 Switch like a 3650 or 3750
> with the Enhanced software and have VLAN interfaces for each subnet.
>
Agreed. That's what I started to write the first time before I suggested
the simpler "bridge only"/"exchange LAN" topology not knowing the
constraints.
I can't think of any way to put .1Q tags on packets that come in untagged
without directing/switching them onto .1Q VLANs at layer 3. I don't believe
there is a mechanism at layer 2 to inspect packets and tag them based on
arbitrary criteria (like source or destination address).
At layer 2 only, Q in Q termination would be your best bet but I can't say
if your provider can provide Q in Q tagging and also rate limit on the
aggregate, double-tagged traffic.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEQIfYE1XcgMgrtyYRAqMsAKD9dKpAgm08YVzIC380P8PhGev66ACgrqt2
A9uyvxoUTQz4SW0Uw/BX9Xo=
=S4BD
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list