Hi fellow networkers, what's your take on the following scenario
We're running our own bgp-routers/as-number with our own IP-space
Requirements
- Customers in our datacenter have their own firewalls and need 1-n public IPs
- Customers may need more public IPs in the future
- Customers may control/configure their own firewalls and change IP-configuration
- Customers are connected directly to our Core-Switches by 1G/10G Ethernet (Access-Port)
- CustomerA should not be able to interfere with CustomerB (e.g. duplicate IP)
- CustomerA should not be able to bring up default-gw and mess with ARP
- Waste as little IPs as possible by subnetting
Idea 1: Create one Subnet/Vlan per Customer
- Pro: Each customer is isolated properly
- Con: Waste IPs by subnetting, does not scale if customer needs more IPs
Idea 2: Create bigger Subnets with multiple Customers
- Pro: Most IPs can be used, less problems if a customer need more IPs
- Con: Multiple customers in same layer2/layer3 network, config-mistakes could impact other customers
Any other Ideas to properly set this up? Port-Security?
No comments:
Post a Comment