Wednesday, July 17, 2019

Preferential treatment for a single L3VPN in an MPLS network

Within the UK and Europe we operate an MPLS network between data centres, all of our customers have an L3VPN, and we also have a corporate vrf and a production (audio) vrf.

We are looking at extending this network over to a couple of data centres in the USA, but obviously bandwidth costs over the Atlantic aren't as cheap as fibres/waves between UK/euro data centres. For example we have 10gb between all our DC's in the UK, but our transatlantic links are going to be 200mb.

The only traffic that will be traversing these links are going to be corporate and production, so 2 L3VPN's will have a PE in USA.

Now, my concern is that with corp traffic traversing the same links as prod it is not beyond imagination that a developer in one continent could do something that sucks up the majority of that bandwidth, leaving our production vrf which carries audio in the shitter.

We do have QOS in place. Traffic is marked/classified on ingress, put into queues according to marks, and then when it hits mpls links we tag the encapsulated packet and put it in a queue of the correct type.

Prod traffic is marked correctly to match our QOS schema.

Apart from this how can I gaurantee that someone in an office, or even corp backups don't smash these links and ruin our production audio quality?



No comments:

Post a Comment