This is a fairly complex one, at least for me. I am looking to design a network as follows:
- A customer is connected to a port of a layer3 switch.
- On ingress, frames from the customer are assigned a VLAN tag based on the port. (Simple so far)
- A RADIUS (or similar database driven) server is then consulted, and the traffic is encapsulated into a L2VPN (ie MPLS) tunnel. Critically the identifier of this tunnel is determined by RADIUS according to the VLAN tag, allowing the customer to be dynamically bridged to one of several endpoints.
- Elsewhere on the MPLS network, the customer frame is retrieved and sent out to the chosen endpoint (in this case a retail ISP who is renting the customer's line to sell a layer 3 service to them).
Given that a layer3 switch likely does not have this functionality, an alternative version of this might look like the following:
- A customer is connected to a port of a layer3 switch.
- On ingress, frames from the customer are assigned a VLAN tag based on the port (as above).
- The tagged packets are then encapsulated in a L2 overlay protocol (ie VXLAN) and transmitted to a metro sized router (ie Juniper MX204)
- The router, retrieves the tagged packets from the VXLAN encapsulation, consults RADIUS using the VLAN tag, and re-encapsulates them to be sent over MPLS as above.
Does this make any kind of sense? Is it sane? Will a Juniper MX do everything required (VXLAN->RADIUS->MPLS)?
My question is inspired by a desire to automate the provisioning of customer ports in a wholesale environment, and this presentation, which looks great but which I don't yet fully understand the implementation of: https://www.ausnog.net/sites/default/files/ausnog-03/presentations/ausnog03-nagy-layer2_wholesale_nbn.pdf
Thanks!
No comments:
Post a Comment