Tuesday, October 27, 2020

L2 architecture - Vlan issue

Hello,

I require your help as I'm desperate for a solution on this.

First, here's the imgur link for the images used in this post with description:

Schemes

I'm building an ISP architecture since last year with Nexus 9K3 and I'm trying to keep it as simple as possible by mainly using L2 (some people will call me demon).

Everything works very well with vlan so far ; and I provide different services like :

- Dedicated fiber for direct customers

- Dedicated fiber for customers attached by another cable-operator

- Dedicated Multisite interconnection & internet access

Those are brought up to a Datacenter firewall to access internet with BGP peering ; using Fortigate VDOMs to segregate WAN from customers from multisites customers.

(See Current-situation.png)

But this week, I'm facing a thing that forces me to think more than usual.

I'm speaking of Transit link.

Another service provider wants to use our fiber network to connect his own customers (because he's not able to buy and put in operation hundred of km of fiber like us) ; and wants us to give him back his own customers.

This is common in our country where we distinguish "service provider" (provides L3/internet services) of "link provider" (that provides the fiber)

I thought "great, I'm going to use Q-in-Q to give him his customers and avoid consumming my own vlan Ids!"

His customers will start at vlan 201, vlan 202 for customer 2 etc... But these vlan will be transparent to me as I'll just have "vlan 3499" named after my transit peer.

(See Lab1-QinQ.png)

But here's the issue. Q-in-Q works only with tagged vlan. That means he have to put the vlan ID on his customer's router ; which is not a very nice thing to say to them.

I even tried mapping vlan, but same issue ; mapping native vlan is not allowed.

(See Issue.png)

I can still consume my own vlan ids to give him his customers, but that's not a long term solution.

I was thinking of using VXlan vni, but I can't apply it directly on the interface...

I Had another idea like in (Lab1-reducingvlan.png) but I don't know how to achieve this.

I'm lost in what technology should I use. I focus my work on 1 equipment , a single N9K3 at this moment.

(Sorry for my English)

*Edit : added the imgur link



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)