[180980] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Enterprise network as an ISP with a single huge customer

daemon@ATHENA.MIT.EDU (G B)
Fri Jun 12 22:54:39 2015

X-Original-To: nanog@nanog.org
In-Reply-To: <m2pp50s5cl.wl%randy@psg.com>
Date: Fri, 12 Jun 2015 19:54:36 -0700
From: G B <georgeb@gmail.com>
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

What I have done is leverage the production data center redundancy to
provide connectivity services to any nearby offices in the same region,
basically using our colo as the office ISP for internet connectivity but as
far as doing vpls services and the like, it has been so far cheaper to
contract that out as the places where I have worked have had many more
offices than production internet sites with one might call "hardened"
internet services.  It's just cheaper in most cases to go with a third
party vendor to provide a VPLS mesh of all of the offices globally than it
is for us to do it.  Offices move, close, colos change locations.  I can
call a vendor, tell them we are moving an office to a different building,
they worry about moving the circuit.

Trying to mesh everything from Sydney to Bangalore to London to San
Francisco and all the branch offices in between is great if you have a
bunch of people sitting around who are otherwise unoccupied but if you run
a lean headcount anyway, farming this out pays in the long run for the
shops where I have worked.  Not saying this holds true for every scenario,
though.  If we had production PoPs in the cities where we had offices,
yeah, it might make some sense.


On Fri, Jun 12, 2015 at 7:35 PM, Randy Bush <randy@psg.com> wrote:

> >> i have seen a lot of this done with firewall devices and vlans.  with
> >> vlans or mpls, you can make spaghetti without wires, one wheat and one
> >> semolina.
> >
> > oh absolutely. you can use many tools to lop off your fingers, my
> > point was that things like mpls (or vlans) provide a nice other tool
> > to use along with your firewalls and such.
> >
> > of course you ought not willy-nilly go crazy with this, but... imagine
> > if the 'hr department' were in one contiguous 'VRF' which had a
> > defined set of 2-3 exit points to control access through... while
> > those willy 'engineers' could be stuck in their own ghetto/VRF and
> > have a different set of 2-3 exit points to control.
> >
> > Expand your network over many locations and in large buildings and ...
> > it can be attractive to run a 2547 network that the company is a
> > 'customer' of, or so I was thinking :)
>
> i have seen people successful with this with mpls and with vlans with
> non-mpls tunnel tech (e.g. ipsec for the paranoid).  i have seen them
> screw the pooch with both.
>
> randy
>

home help back first fref pref prev next nref lref last post