[c-nsp] Best Practices for Transporting Layer-2 Services

Tom Hill tom at ninjabadger.net
Fri Jan 13 21:40:01 EST 2023


On 2023-01-12 16:45, Shawn L via cisco-nsp wrote:
> I'm wondering what other providers are doing when they need to 
> transport a
> bunch of third-party layer-2 services?
> 
> For Example -- if another SP wants to hand you 3 vlans (for example
> 10,11,12) and have you transport them to a couple of sites.  Vlan 10 
> (could
> be Q-in-Q or not) needs to go to sites A and B, vlan 11 (again could be
> Q-in-Q) needs to go to sites C and D, etc.
> 
> I'm specifically asking (in a cisco world) what do you do to protect
> yourself from any funny business (spanning tree, whatever) that may 
> happen
> on the other provider's network or on the end-customer's network.

The normal answer in Cisco land, even today, is to use Martini-draft P2P 
pseudowires (either tag or port-based MPLS interconnects) which will use 
tLDP for establishment, and should serve you very well (especially at a 
port-based level) for a P2P service. In theory tLDP could run in concert 
with SR-MPLS, but you might need to think carefully about label 
allocation, or... [read on]

... use BGP EVPN, and pay very careful attention to the port security 
options (e.g. bpduguard, BUM rate-limits) as well as the ARP/ND 
sponging/proxy facilities therein.  For multipoint L2VPN, this should be 
replacing VPLS now.

Realistically though, protection from storms is hardware dependent, and 
making sure that the config is correct is only half of the battle. I 
would consider not building L2VPNs for third parties where you don't 
control the CE, realistically. Do they really need L2?

Tom


More information about the cisco-nsp mailing list