On 6/14/23 21:16, Joe Freeman wrote:
I think you’re probably overthinking this a bit.
Why do you need to extend your vxlan/evpn to the customer premise?
There are a number of 1G/10G even 100G CPE demarc devices out there
that push/pop tags, even q-in-q, or 802.1ad. Assuming you have some
type of aggregation node you bring these back to, tie those tags to
the appropriate EVPN instance at the aggregation point. Don’t extend
anything but a management tag and an S-tag essentially to the device
at the customer premise.
You can even put that management tagged vlan in it’s own L3 segment,
or a larger L3 network and impose security. This way you’re not
exposing your whole service infrastructure to a bad actor that might
unplug your cpe device and plug into your network directly.
The reason customers ask that their site be part of the customer's
Metro-E backbone is so that they can enjoy link redundancy without
paying for it.
Operators will generally have east and west links coming out of a
Metro-E site. Customers who single-home into this device only have their
last mile as the risk. But if the operator drops a Metro-E node into the
customer's site, and cables it per standard, the customer has the
benefit of last mile redundancy, because the internal fibre/copper patch
to the operator's Metro-E switch does not really count as a (risky) last
mile.
Sales people like to do this to engender themselves with the customer.
Customers like to do this to get a free meal.
Don't do it, because customer's always assume that that Metro-E node
that is in their building "belongs to them".
Mark.
