Help with multi-tenant environments

Hey r/networking,

I'm a fairly experienced network engineer when it comes to enterprise level environments - but something that I've never touched is ISP type networks, with high multi-tenant traffic/structure. That changed today. My manager sat me down and wants to add another branch to our datacenter, with multi-tenant capabilities.

I come to you seeking all of the knowledge from those here who are familiar with multi-tenant environments. I tried looking online for some basic diagrams, but everything I look at is like CCIE-level drawings, and it makes my head hurt. Plus, we aren't going to need something THAT complicated.

From what I know so far about what we want to do:

We will be hosting a 'services' network, which will be a simple /24 public IP space. Each of our client's will drop a single mode fiber cross-connect in our cage. This 'Services' network is the unique network that we will be advertising to them via BGP.

As far as client connectivity, each of their cross-connects will be a /30 network, which is provided by us. Then, from my experience, we also give them another internal range, like a /28 or something. This is the range that they will source NAT their internal range(s) to. Then, this /28 range will be advertised by them back to us.

Am I on right track with that so far? Can someone help me out with where or IF VRFs will need to be implemented? I understand the whole keeping the clients separate, but couldn't I just ensure that by filtering the BGP routes I send to each client? This way the clients would ONLY be advertised the 'services' route, not other client networks.

Can someone with experience in this give me a general idea of what the topology would look like? I assume that a massive layer three switch(s) would do the trick?

Any help at all is so appreciated. Especially any diagram mock ups or hell, even some configs (Cisco). I'm kind of over my head with this.