[j-nsp] Separate internet transit network versus converged

Tarko Tikan tarko at lanparty.ee
Mon Mar 28 07:36:02 EDT 2016


> Given our current network architecture, we have not found a significant
> technical or commercial reason to separate VPN traffic from Internet
> traffic as a function of what that will cost us in money and human terms.

Every network is different and YMMV.

In our case, we run BGP-free MPLS aggregation and BGP-free core. All IP 
services, be L3VPN or inet, are terminated in separate edge boxes. Edge 
boxes are only connected to core and are not in traffic path for other 
traffic (typical aggregation-edge-core is not the case for us). Traffic 
from aggregation to edge are transported in PW.

We are major provider for Estonia and Estonian government, banks etc. 
Almost all of the GOV services, banking etc. depends on our network and 
lives in L3VPN. So it's not really a capex/opex issue but more of a PR one.


More information about the juniper-nsp mailing list