[j-nsp] bridge-domains and L2 virtual switches

Ross Vandegrift ross at kallisti.us
Tue Mar 9 10:34:42 EST 2010


On Tue, Mar 09, 2010 at 02:44:06PM +0000, Humair Ali wrote:
> you could use a routing instance , with layer 2 virtual switch, and use
> multiple bridge domain as part of that virtual switch routing instance ,
> with the L3 interface

How many such instances would you expect to work?  With all the config
that entails, I'd rather put every customer into a VPLS instance.  I
know that at least 8000 are supported, so that's better than 4094 and
it at least comes with the benefit that I could turn up VPLS service
for any customer at any time if they happened to want it.  But if I
could support 16k instances via bridge domains, that would definitely
be worth the added complexity.

I'm hoping there's a way that keeps most setups simple, will let me
scale out the number of VLANs I'm serving, and doesn't require me to
sacrifice the ability to sell a customer a VPN.

> If really you need more than 4094 Vlans, you could possibly used PVLAN
> (Private VLAN) it would allegedly split the domain into multiple isolated
> broadcast ?subdomains" without you having to use much of the vlan's ID and
> have STP as well.

It's a good theory, but it doesn't work in practice.  PVLANs come with
far too many limitations on the various platforms we have in
production.  It might be great if the datacenter were for our internal
use, but we're a hosting services provider and customers expect
(fairly!) to have access to the full range of network services on
their installations.

If a PVLAN could be trunked, then it could help me.  But so long as it
requires access ports, it's worthless for me.

-- 
Ross Vandegrift
ross at kallisti.us

"If the fight gets hot, the songs get hotter.  If the going gets tough,
the songs get tougher."
	--Woody Guthrie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20100309/a31ce808/attachment.bin>


More information about the juniper-nsp mailing list