[c-nsp] Tracking usage on L3 VPN with Internet

will at loopfree.net will at loopfree.net
Tue Apr 3 14:53:29 EDT 2007


I have a situation where I need to provide a customer with an L3 MPLS
VPN (2 sites) and Internet access at each location. I need separate
(SNMP) counters for the Internet access from the VPN so as to be able to
bill for usage differently for VPN usage than for Internet. I want to
hand off ethernet to the customer and avoid the need for a CE router.

If I do the standard 1-ethernet handoff in the VRF + route leaking
for Internet access, I only have one interface's worth of counters to
look at -- no good (and I don't see the presence or lack of a CE router
changing this).

If I hand the customer separate ethernet cables, 1 for the VRF and one
for "regular" Internet, I end up requiring that the customer use 2
separate IP subnets at each site -- one from the VPN handoff and one for
the Internet handoff. Then the customer has to dual-IP every server and
deal with the static routes on every server. This does however solve my
billing problem, since I get to have two router interfaces and thus 2
sets of counters.

What I'd really like is to handoff the customer 1 ethernet, with 2
gateway IPs on it -- tell them to use, say, .1 for Internet, .2 for VPN. 
They need static routes in their servers, but no additional IPs. I can
probably do this with 2 router .1q interfaces (VPN, Internet) to a
switch and then handoff the combined vlan to the customer, but then I
have to make sure my 2 router interfaces with those 2 IPs have are fed
from physically different ports in order to avoid MAC ambiguities. I
can't find a way to set a separate MAC for a .1q subint in IOS.

If I give in on the CE router part, I can make it all work. But then I 
need to spend a bunch of $ on a router to handle traffic bursts 
(50-80Mbit) just to do handle a couple really simple static routes at 
each site.

Is there some solution I'm missing that might easily handle this?

-- 
-Will Orton :: http://www.loopfree.net/


More information about the cisco-nsp mailing list