Design Question

Unanswered Question
Dec 21st, 2005
User Badges:

We have a private WAN network infrastructure with many circuits all across the country. There is one company that has a lot of sites co-located with us, but they have their own private WAN network. However, they can save money by using our private WAN network. So, essentially I will become their service provider. How do I separate their traffic from our traffic? My idea is to use DMVPN for their sites. Do I need to configure my routers to do the routing for them? What kind of solution or options do I have? Can I use MPLS VPN as one solution? How do I carve out a portion of bandwidth and just dedicated to them? Thank you so much in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mheusinger Wed, 12/21/2005 - 15:52
User Badges:
  • Green, 3000 points or more

Hi,


with DMVPN you need to route the VPN gateway addresss but not the other companies internal networks. Those would be withing the tunnels.

You could also go for MPLS VPN ... given the proper hardware and software supporting this AND you knowing what you are doing. Don´t underestimate the complexity. It´s not rocket science, but needs proper thoughtful design and understanding of the features and knobs.


Bandwidth "carving" is a QoS related question. Today DiffServ is used and you could use shaping and CBWFQ to give some guarantees. Be aware however that this is not a strict guarantee like a T1, which gives you always exact the same.


Hope this helps


Martin


P.S.: Be extremely careful when defining your SLAs ... customers have a tendency to push the SP to the limit of their contract (which you can only find out by trying to push OVER the limit ;-)

Ok. Just kidding. Good Luck!

kevin.hu Thu, 12/22/2005 - 07:41
User Badges:

Thank you very much Martin to give me some idea. This brings another question. What advantages do MPLS VPN give me over IPsec VPN? We are not going to become a service provider and start taking in customers. Therefore if we go for MPLS, that means expensive hardware upgrade and lenthy network design.

mheusinger Thu, 12/22/2005 - 07:48
User Badges:
  • Green, 3000 points or more

Hi,


MPLS VPNs have many nice features for a SP taking many customers. In your case I would say you just might have a look at "Multi-VRF" (aka vrf-lite) feature. No MPLS, no expensive hardware and no performance degrading encryption needed, but "clean" separation of IP routing domains.


Hope this helps


Martin

Actions

This Discussion