[180978] in North American Network Operators' Group
Re: Enterprise network as an ISP with a single huge customer
daemon@ATHENA.MIT.EDU (Randy Bush)
Fri Jun 12 22:35:26 2015
X-Original-To: nanog@nanog.org
Date: Sat, 13 Jun 2015 11:35:22 +0900
From: Randy Bush <randy@psg.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLabcwTv8HeTjKMA_hE=fuTWcDJBiVRgmhxT794WmEjkfqQ@mail.gmail.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
>> i have seen a lot of this done with firewall devices and vlans. with
>> vlans or mpls, you can make spaghetti without wires, one wheat and one
>> semolina.
>
> oh absolutely. you can use many tools to lop off your fingers, my
> point was that things like mpls (or vlans) provide a nice other tool
> to use along with your firewalls and such.
>
> of course you ought not willy-nilly go crazy with this, but... imagine
> if the 'hr department' were in one contiguous 'VRF' which had a
> defined set of 2-3 exit points to control access through... while
> those willy 'engineers' could be stuck in their own ghetto/VRF and
> have a different set of 2-3 exit points to control.
>
> Expand your network over many locations and in large buildings and ...
> it can be attractive to run a 2547 network that the company is a
> 'customer' of, or so I was thinking :)
i have seen people successful with this with mpls and with vlans with
non-mpls tunnel tech (e.g. ipsec for the paranoid). i have seen them
screw the pooch with both.
randy
