On 28/Mar/16 12:32, Adam Vitkovsky wrote:
> Although I agree with all points made I'm missing one very important factor > which in my opinion shapes the decision whether to go with a converged > network significantly and its also pertinent to the "Core network design for > an ISP" thread and the discussion bout separating core and edge in an effort > to increase availability. > Since the discussion is about converging network carrying Internet traffic > with network carrying traffic of various services I think we all agree that > in such networks the customers' VPN/Services' VPN traffic is more important > than Internet traffic (after all QOS usually reflect these preferences) > > Public means exposed to whims of the wild Internet, that is in both data > rates (DDoS) and updates (Malformed BGP updates) something you can't control. > Private means very good control over traffic rates and control plane (number > of updates,...) > If you plan on building a converged network you should be absolutely sure > that Internet can't interfere with Customer/Services VPN data/control-pane > under any circumstances. > If you're not sure whether you can protect private traffic from public you > should rather consider an appropriate level of separation of public and > private control/data-plane. (there are several levels of separations one can > consider - data-plane MIC/FPC/Chassis/network-plane/network or control-plane > e.g. common RR plane vs RR plane per service) Given our current network architecture, we have not found a significant technical or commercial reason to separate VPN traffic from Internet traffic as a function of what that will cost us in money and human terms. Mark. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp