[180981] in North American Network Operators' Group
Re: Enterprise network as an ISP with a single huge customer
daemon@ATHENA.MIT.EDU (Tim Raphael)
Fri Jun 12 23:00:27 2015
X-Original-To: nanog@nanog.org
From: Tim Raphael <raphael.timothy@gmail.com>
In-Reply-To: <557B99F8.5090605@megagroup.ru>
Date: Sat, 13 Jun 2015 11:00:19 +0800
To: Stepan Kucherenko <twh@megagroup.ru>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
It will also depend greatly on the knowledge of the design team / person and=
the operations team. If the designer is ex-SP or has a strong knowledge of b=
oth SP and Enterprise then yes, a good design may result.
There are plenty of people out there that will use MPLS / multiple tables fo=
r the wrong reasons just so they can say that's what they're doing.
Regards,
Tim Raphael
> On 13 Jun 2015, at 10:48 am, Stepan Kucherenko <twh@megagroup.ru> wrote:
>=20
> 13.06.2015 05:35, Randy Bush wrote:
>>>> i have seen a lot of this done with firewall devices and vlans. with
>>>> vlans or mpls, you can make spaghetti without wires, one wheat and one
>>>> semolina.
>>>=20
>>> oh absolutely. you can use many tools to lop off your fingers, my
>>> point was that things like mpls (or vlans) provide a nice other tool
>>> to use along with your firewalls and such.
>>>=20
>>> of course you ought not willy-nilly go crazy with this, but... imagine
>>> if the 'hr department' were in one contiguous 'VRF' which had a
>>> defined set of 2-3 exit points to control access through... while
>>> those willy 'engineers' could be stuck in their own ghetto/VRF and
>>> have a different set of 2-3 exit points to control.
>>>=20
>>> Expand your network over many locations and in large buildings and ...
>>> it can be attractive to run a 2547 network that the company is a
>>> 'customer' of, or so I was thinking :)
>>=20
>> i have seen people successful with this with mpls and with vlans with
>> non-mpls tunnel tech (e.g. ipsec for the paranoid). i have seen them
>> screw the pooch with both.
>>=20
>> randy
>=20
> You can compartmentalize your network in lots of ways. What I'd like to kn=
ow is what ways failed harder in other peoples experience (or at least faste=
r).
>=20
> I'm not sure doing it ISP style is better, but I think it has some benefit=
s. Then again, the opposite is true as well, less complexity means more stab=
ility. Usually.
