[112492] in North American Network Operators' Group
ISP network re-design feedback requested
daemon@ATHENA.MIT.EDU (Steve Bertrand)
Sat Feb 28 15:30:46 2009
Date: Sat, 28 Feb 2009 15:30:27 -0500
From: Steve Bertrand <steve@ibctech.ca>
To: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hi everyone,
Hopefully my question is operational 'enough' to be asked here, as I
don't know of any other place to ask...
Still trying to redesign (as-I-go) our ISP network, I've realized that
we are not large enough to deploy a full three layer approach (core,
dist, acc), so I'm trying to consolidate, with the ability to scale if
necessary. I also want full network reachability if I need to take any
one router off-line for upgrade or replacement purposes.
Given the following diagram (forgive me, it was drafted rather quickly
with Visio, and just dumped onto a web box), I'm hoping for advice on
whether I'm leaning the right way.
http://ibctech.ca/p-ce.html
What I want:
- ability to take a router off-line for upgrade, and not be concerned
about reachability issues if the lab-tested procedure fails miserably on
production gear
- a relatively easy way to keep traffic control measures at the
access/edge (ACLs, uRPF, RTBH etc)
- the 'core' free of interface ACLs (if possible), only running
filtering ingress to the process-switch environment
- the ability to scale without having to have a full mesh with all PE
routers
What I have:
- numerous CPE routers connected to a CE switch that multi-homes into
two different routers at two different locations in our access layer
- an access layer that has no routers capable of a full BGP table (well,
v4 that is)
- a core layer that can handle full tables
- a network access layer on the north side of the diagram that you can't
see, with the same type of setup, but with full v4 routing tables being
announced in
- the access layer provides def-orig to CPE routers
- the PE protects the CE from becoming transit
What I am thinking
- use the core routers as route-reflectors to the PE access routers,
including a def-orig where it applies (to remain scalable, until PE can
be replaced to hold full routes)
- the PE routers send def-orig on to the CE sites
- stop thinking about every network like it is an 'enterprise' network
- look at most of my ISP environment as 'access clients', instead of
always seeing my ISP as everything in my buildings. See the ISP as a
'network provider', and then realize the rest are just access 'clients':
-- the 'hosting provider'
-- the 'collocation provider'
-- the 'Internet provider'
-- the 'email provider'
-- ect
There is much, much more, but feedback on the above setup will get me
going on the proper path...
Steve
