[j-nsp] Separate internet transit network versus converged
mark.tinka at seacom.mu
Mon Mar 28 07:03:27 EDT 2016
On 28/Mar/16 12:32, Adam Vitkovsky wrote:
> Although I agree with all points made I'm missing one very important factor which in my opinion shapes the decision whether to go with a converged network significantly and its also pertinent to the "Core network design for an ISP" thread and the discussion bout separating core and edge in an effort to increase availability.
> Since the discussion is about converging network carrying Internet traffic with network carrying traffic of various services I think we all agree that in such networks the customers' VPN/Services' VPN traffic is more important than Internet traffic (after all QOS usually reflect these preferences)
> Public means exposed to whims of the wild Internet, that is in both data rates (DDoS) and updates (Malformed BGP updates) something you can't control.
> Private means very good control over traffic rates and control plane (number of updates,...)
> If you plan on building a converged network you should be absolutely sure that Internet can't interfere with Customer/Services VPN data/control-pane under any circumstances.
> If you're not sure whether you can protect private traffic from public you should rather consider an appropriate level of separation of public and private control/data-plane. (there are several levels of separations one can consider - data-plane MIC/FPC/Chassis/network-plane/network or control-plane e.g. common RR plane vs RR plane per service)
Given our current network architecture, we have not found a significant
technical or commercial reason to separate VPN traffic from Internet
traffic as a function of what that will cost us in money and human terms.
More information about the juniper-nsp