[j-nsp] small multitenant datacenter

[Ryan Goldberg]

I don't know that this is specific to juniper, but 90% of my gear is juniper, so I'm throwing out here.

I need to make a little datacenter to house approx 150 customers worth of servers.  Typical customer is 2-6 servers, 75% VM, 25% physical.  I want it to be able to grow to about 1000 similar customer without gutting it.  If the pattern works, I'd just make another of the same.

These servers are typically an SME's AD, exchange, and a vertical app or two.  Access to servers is via RDS/TS if possible.  We also have a small fiber-based ISP, and as such can do L3VPN to customer sites, or we can do a DMVPN style thing, or give SSL vpn where appropriate.  We basically use this as a way of getting SME's to stop buying industrial waste and stuffing it in their broom closets.

So, to the actual questions.  I've got a design that basically does a routing-instance per customer, and stuffs the customers server into one vlan, default GWing to a VRRP address on RVIs handled by a pair of ex4200 virt-chassis, and then uses another vlan/RVI "northbound" on the ex4200 virt-chassis to talk to L3 address on NAT boxes (SRX), DMVPN boxes (cisco x8xx), and MPLS boxes (MX80s).  All those L3 addresses are in customer-specific routing-instance (or, VRF on cisco) and there's a per-customer ospf instance keeping things knitted together.

A diagram is perhaps useful: https://www.dropbox.com/s/69hbtzgqomnre5m/simplified%20flow%20diagram.pdf

I use the second vlan to avoid having multiple points of egress/ingress to a segment that houses servers.  That's a pet peeve of mine.  I also prefer L3 to L2 where I can have it.

I wonder if my plan is just silly or totally wrong-headed in some way.

Also, if this is just a bunch of noise undeserving of j-nsp, let me know and I'll go back to my cave.

Thanks in advance-
Ryan