[180977] in North American Network Operators' Group
Re: Enterprise network as an ISP with a single huge customer
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Jun 12 22:23:57 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <m2r3pgs6sb.wl%randy@psg.com>
Date: Fri, 12 Jun 2015 22:23:53 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, Jun 12, 2015 at 10:04 PM, Randy Bush <randy@psg.com> wrote:
>> it's nice to have the tools to segregate traffic/users/things...
>> mpls/etc is one method to do that... I don't know that many
>> enterprises pursue this path though :( which is sad (I think).
>
> i have seen a lot of this done with firewall devices and vlans. with
> vlans or mpls, you can make spaghetti without wires, one wheat and one
> semolina.
oh absolutely. you can use many tools to lop off your fingers, my
point was that things like mpls (or vlans) provide a nice other tool
to use along with your firewalls and such.
of course you ought not willy-nilly go crazy with this, but... imagine
if the 'hr department' were in one contiguous 'VRF' which had a
defined set of 2-3 exit points to control access through... while
those willy 'engineers' could be stuck in their own ghetto/VRF and
have a different set of 2-3 exit points to control.
Expand your network over many locations and in large buildings and ...
it can be attractive to run a 2547 network that the company is a
'customer' of, or so I was thinking :)
