[j-nsp] VLAN tagging across multiple physical interfaces?
Jonathan Brashear
jbrashear at hq.speakeasy.net
Wed Jan 16 11:59:14 EST 2008
The context: We have a pair of M7s that are the main connection to the
outside world for our data center. The DC is segmented into 2
spaces(one space being brand new), each space having a connection to a
1xgig-e PIC on the M7s. We have a shared firewall in the old space(I'll
call it PIC 1), but a customer in the new space(PIC 2) who wants to use
this shared firewall. As is stands now we set a default-route to the
shared FW in the old space and are done with it, but that won't get
traffic from the old space(PIC 1) to the new space(PIC 2). Here are the
two most likely solutions I've come up with, and would like some
feedback on the plausibility/scalability of the 2nd solution.
1) Run xconns from the 'core' switches in the old space to the core
switches in the new space and plumb the VLANs across the xconns. I'd
rather not do this as it defeats the purpose of segmenting the
spaces(disaster mitigation, to name one).
2) Setup the VLAN to run across the M7 PICs, possibly via a filter/hack
using the vlan-id. I'm not sure how to even get around the default
route having higher priority, but I thought I'd send this out to see if
anyone's dealt with this limitation and come up with a decent
workaround.
Network Engineer
> 214-981-1954 (office)
> 214-642-4075 (cell)
> jbrashear at hq.speakeasy.net
http://www.speakeasy.net
More information about the juniper-nsp
mailing list