Rick Kunkel wrote:
Hello all...
The connection between the two location is ethnernet, and the hardware
is (well, will be as soon as we upgrade out of a 7200) a 6509 on either
side, and I think it'd be pretty cool to run an 802.1q trunk between
them using 6509 switchports instead of routed ports. However, I've got
some problems, or at least I'm having trouble wrapping my brain around
some things...
1. In the interests of keeping things simple, is it a "bad" idea to use
an 802.1q trunk for backbone connectivity?
One thing to consider is contention for the link among the VLANs.
You'll want some form of QoS and/or rate limiting to ensure that a
particular VLAN can't choke the link.
2. I'd normally set up this kind of point-to-point link using a /30,
using interfaces in "routed" mode, and assigning the addresses to the
interfaces on each end of the link. If using and 802.1q trunk with
interafaces in "switchport" mode, would it be advisable to use loopback
interfaces for these addresses instead?
3. I'm used to having the customer's gateway set on that Gigabit
subinterface, as above. But if I want this customer to have their stuff
on the same VLAN in both locations, AFAIK, I should set switchport
access VLAN 80 on both their access ports. I'm then stuck figuring out
where to put the gateway address for their IP space. Again, would
loopback interfaces be good candidates for this? Or perhaps a VLAN
interface, as weird as that seems to me?
A VLAN interface is what I would use here. You're providing a layer 2
connection between the two customer locations so their IP-layer
addresses won't show up in your routing table at all. The VLAN
interface is needed as the gateway, with whatever subnet mask is
appropriate for the customer's network needs. See below for why this
may not be a good idea.
4. My motivation for doing any of this in the first place, as opposed
to a simple /30 point-to-point interface, is to allow customers to have
access to layer 2 across our network, whether it be for internal use or
for purchasing third-party connectivity. Is it "acceptable" to use our
single point-to-point ethernet for this, or should I be using a separate
network for this entirely?
As a rule, a hybrid solution with layer 2 across the customer endpoints
with a layer 3 gateway to the Internet on a VLAN interface doesn't scale
very well. If the customer wants their own firewall there are issues.
It isn't unusual for them to have a lot of internal traffic (file
server, etc.) with lower Internet needs. Metering this for billing can
be an issue.
What we usually do in this scenario is to provide a layer 2 VLAN bridge
on one VLAN for the customer's internal network. Then, on a separate
VLAN, provide Internet access to one location. The customer can then
put their own NAT firewall between the two VLANs.
For scaling among more than two customer locations and cutting down
broadcast noise, consider MPLS with a VRF per customer and offer them a
private routed layer 3 network.
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
