I have researched this quite a bit and am not able to find the right answer. I know other people are doing this but I might be over thinking it. Please look at my diagram. I am trying to extend a not so safe network across my Qwest MoE out to the internet with their own firewall and internet connection while keeping their traffic away from the corporate traffic.
I originally thought about extending the VLAN but I don't believe that you can or should extend them across routers or layer 3. My QMoE is essentially transparent at this point and will accept trunking if I wanted to do that though. I have several QMoE sites and am told that all traffic will traverse all sites however and that I shouldn't do that. Qwest offers their EVC solution which would set up a point to point link across their QMoE that would probably work but it comes at a cost.
Is there a way I could tunnel the dev traffic across the network or is that not the correct road to go down?
How do other people separate traffic and allow it to traverse private networks separated by routers?
Thanks for your help.
If you don't permit the developer network egress except to the Internet nor allow inbound developer Internet traffic anywhere but to the developer network (i.e. both blocked by ACLs), I believe the risk is very low, just mixing traffic across an L3 transit. Realize, unless you have completely separate network infrastructures, you're already mixing traffic on the same device with VLANs and on the router connected to the two different firewalls. I.e. there's some risk to doing that, but again with proper network device security, generally very low.