Hello. We are currently using one company as our ISP provider via OC3/ATM, and another company for our MOE provider. We are not happy with our ISP provider, so our MOE provider has offered us an ethernet internet connection that is very attractive as far as pricing and capacity is concerned.
Our current network is typical:
ISP <==> FW <==> CoreSwitch <==> MOE
We are given two options for connectivity under the new proposal from our MOE provider.
The first is to add a separate ethernet connection for the internet, basically just replacing the OC3/ATM internet connection we have. This connection would terminate on the outside of our network to our firewall, just like the ATM does now. However, this adds a lot of cost to our NRC and MRC structure.
The second is to utilize our existing MOE ethernet connection and have the existing MOE connection and the
proposed internet connection ride over the same ethernet connection, separated by VLANs.
I am at a loss how to design this second scenario. Should I add a switch between our core switch and the demarc to separate the two VLANs, directing internet traffic to the firewall and MOE traffic to the core switch? Another suggestion I have received but I am very reluctant to embrace is to maintain the ethernet connection into our core switch, peal off the internet traffic out another port to the firewall, then
bring the internet traffic back in another core switch port - this seems crazy to me though.
Can someone please advise me how to engineer the second scenario, with maximum security and minimal complexity? We will also be adding a second ISP for multi-homing in the near future.
Many thanks, Patrick