[j-nsp] small multitenant datacenter

[Ryan Goldberg]

Thanks Benny.

> > DMVPN boxes (cisco x8xx), and MPLS boxes (MX80s). All those L3
> > addresses are in customer-specific routing-instance (or, VRF on cisco)
> > and there's a per-customer ospf instance keeping things knitted
> > together.

> That design is somewhat similar to one that I am familiar with; it all looks
> sane.

Do you see an issue with blowing up ex4200s with all this ospf and vrrp?  I'm labbing tomorrow and will try to get the boxes to thrash.  From a routing table size POV I'm not worried (many customers having no extra routes, lots have 4-6, a handful having as many as 30 or 40), I'm a little concerned all those processes might upset the RE if things get flappy.  I can handle a little bump but if they just freak out that wouldn't be good.

> Will your design hit any problems if a customer already uses 10.144.x?

Yeah.  I'd have to pick some other subnet for that customer, which would break the tidiness of everything, but so be it.

> In a green-field deployment today I would move all the "special" traffic to
> IPv6 and only care about public IP addresses in IPv4. The MPLS would still
> move customer traffic with IPv4 private IPs and the hosted servers and
> firewalls would still have private IPv4 addresses, but all monitoring traffic
> would be IPv6.

Good thought.

> One thing was different in the design: The equivalents of your VLANs
> 2000-2999 and 3000-3999 are carried inside q-in-q, to make it possible to
> eventually grow beyond 4000 customers and to ensure that overlap between
> customer VLANs and other VLANs would not cause problems.

Good thought.  Can you hook up L3 addresses to the inner tags on EX boxes?  I'll have to play with that.

Ryan