[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Enterprise network as an ISP with a single huge customer
- Subject: Enterprise network as an ISP with a single huge customer
- From: randy at psg.com (Randy Bush)
- Date: Sat, 13 Jun 2015 11:35:22 +0900
- In-reply-to: <CAL9jLabcwTv8HeTjKMA_hE=fuTWcDJBiVRgmhxT794WmEjkfqQ@mail.gmail.com>
- References: <[email protected]> <CAL9jLaYTnbDo8=7HFwsyHuPX4ps7wAt9rvt+dz63V8=fq=Lhmg@mail.gmail.com> <m2r3pgs6sb.wl%[email protected]> <CAL9jLabcwTv8HeTjKMA_hE=fuTWcDJBiVRgmhxT794WmEjkfqQ@mail.gmail.com>
>> i have seen a lot of this done with firewall devices and vlans. with
>> vlans or mpls, you can make spaghetti without wires, one wheat and one
>> semolina.
>
> oh absolutely. you can use many tools to lop off your fingers, my
> point was that things like mpls (or vlans) provide a nice other tool
> to use along with your firewalls and such.
>
> of course you ought not willy-nilly go crazy with this, but... imagine
> if the 'hr department' were in one contiguous 'VRF' which had a
> defined set of 2-3 exit points to control access through... while
> those willy 'engineers' could be stuck in their own ghetto/VRF and
> have a different set of 2-3 exit points to control.
>
> Expand your network over many locations and in large buildings and ...
> it can be attractive to run a 2547 network that the company is a
> 'customer' of, or so I was thinking :)
i have seen people successful with this with mpls and with vlans with
non-mpls tunnel tech (e.g. ipsec for the paranoid). i have seen them
screw the pooch with both.
randy