On 2023-01-12 16:45, Shawn L via cisco-nsp wrote:
I'm wondering what other providers are doing when they need to
transport a
bunch of third-party layer-2 services?
For Example -- if another SP wants to hand you 3 vlans (for example
10,11,12) and have you transport them to a couple of sites. Vlan 10
(could
be Q-in-Q or not) needs to go to sites A and B, vlan 11 (again could be
Q-in-Q) needs to go to sites C and D, etc.
I'm specifically asking (in a cisco world) what do you do to protect
yourself from any funny business (spanning tree, whatever) that may
happen
on the other provider's network or on the end-customer's network.
The normal answer in Cisco land, even today, is to use Martini-draft P2P
pseudowires (either tag or port-based MPLS interconnects) which will use
tLDP for establishment, and should serve you very well (especially at a
port-based level) for a P2P service. In theory tLDP could run in concert
with SR-MPLS, but you might need to think carefully about label
allocation, or... [read on]
... use BGP EVPN, and pay very careful attention to the port security
options (e.g. bpduguard, BUM rate-limits) as well as the ARP/ND
sponging/proxy facilities therein. For multipoint L2VPN, this should be
replacing VPLS now.
Realistically though, protection from storms is hardware dependent, and
making sure that the config is correct is only half of the battle. I
would consider not building L2VPNs for third parties where you don't
control the CE, realistically. Do they really need L2?
Tom
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
