We have three VLANs that need to be bridged, and about 20 that we can route across this link.

It is currently being done this way with DS3s.

It is cheaper to have a single EVPL 100 connection, but we need to do the same thing with the Layer 2 connection now.

We have a QoS policy for voice traffic to come across the WAN if we loose a Voice circuit in our HQ side.

I like the idea of using the switches end to end, but in the event that we do want to encrypt some of the data, I would like to be able to do that. We currently are not encrypting anything, but we have some customer data that will go across this link.

But, it seems that the switches would be a more efficient connection rather than going to the routers than the switches.

Also,

One scenario we may encounter is we have a voice subnet (VLAN A) that is bridged across that WAN at the moment and described above.

We have a voice gateway in a different subnet (VLAN B) that in the event of a router failure in the HQ side, routes voice traffic from VLAN B, across the WAN to servers in VLAN A.

If we trunk both of these VLANs, could we utilize COS to to ensure the voice traffic is prioritized from VLAN B to VLAN A, even though the traffic is going across the EVPL?

I hope this makes sense, thanks for your reply.

Richard,

I highly suggest you bring someone onsite and go over your requirements and the options you may have based on those requirements.

I would hate giving you an incorrect design advise based on few paragraphs on an internet post.

A design like this, requires a lot of planning and onsite assistance.

I will try to address some of your questions, but please take into consideration bringing someone in....

If we trunk both of these VLANs, could we utilize COS to to ensure the voice traffic is prioritized from VLAN B to VLAN A, even though the traffic is going across the EVPL?

If you classify packets at ingress, this marking will be preserved end-to-end in your L2 domain and voice traffic will be placed in the egress PQ on switches that have MLS QoS enabled.

___

Edison.

Thanks Edison, I appreciate your input.

I think it may sound a lot more complicated from my description, than it really is.

Basically, we will be doing the same thing now, but in reverse.

We are bridging the subnets and routing the rest on a layer 3 link.

Now we need to trunk the same subnets and route the rest across layer 2.

We will have the time to test everything to make sure it is going to work before removing the DS3s.

I usually can pull these things off without disaster, thanks to you guys.

I didn't imply that it was complicated, I implied that we may miss some of the requirements or limitation in the hardware that we select for this implementation.

I've done designs such as the one you are facing but requires a lot of planning and coordination from different entities within that organization.

You may think the change is simple - just do the reverse - but you are adding new requirements such as: L2 end-to-end QoS (I'm sure you aren't doing that now with your current DS3 design), L2/L3 encryption to be readily available (new requirement).

Your WAN media is a regular ethernet handoff, how would do such design if you had 2 floors in a building that need to communicate with each other?

___

Edison.

Edison,

"If you classify packets at ingress, this marking will be preserved end-to-end in your L2 domain and voice traffic will be placed in the egress PQ on switches that have MLS QoS enabled."

Does the above hold true with a bridged connection (existing), or will the layer 2 markings get lost like with STP?

Does the above hold true with a bridged connection (existing), or will the layer 2 markings get lost like with STP?

Yes, a bridge configuration won't remark a packet. A packet may be remarked if you enable 'mls qos' on a switch without trusting the switchport or if you deliberately remark the packet with MQC.

__

Edison.

Edison,

"You don't necessarily need to lose this feature. You can configure L2TPv3 on the routers (xconnect) and the switches will be able to see each other as they were directly connected. With this design, all L2 protocols will work and the routers will be transparent on this connection."

From your previous post, is the above considered pseudowire?

This is what my provider is offering (pseudowire).

If so, can I create trunk port via either a router or switch and trunk vlans across this, with the PE devices being transparent to what I am doing?

From your previous post, is the above considered pseudowire?

Yes.

If so, can I create trunk port via either a router or switch and trunk vlans across this, with the PE devices being transparent to what I am doing?

Yes.

Thanks Edison,

As always, you have been a great help.