Interesting Edge deployment scenario, looking for suggestions on equipment.
I am working on a proposal for a project. It is for a multi-tenant facility, 60-70 business/offices. The owner of the property wants to bring in internet and include it as part of the lease. I have no issues with the VLAN on the switches and getting data around, but I'm hung up on the edge device. We have certain criteria to meet which I'll list below:
1: Fully manageable and monitor-able (we have software to pull SNMP and get alerts, any cisco device can do this)
2: Bandwidth metering/policing/throttling: They want to say you can pay for 5/5 or 10/10 and that is the max you get. The assumption here is most places won't use more than an average of 1 anyway, but if someone tries to download the internet, they don't fill the pipe. (this is also easy enough with simple service policies and either policing or QoS bandwidth limiting)
3: Security: different compliances will be needed to be met, but with either a firewall or zonebased firewall in IOS, you can segment the VLANs so they can't talk to each other, so this is also (while the configs can get LOOOONG) fairly easy to do.
4: Be able to provide a "managed firewall service" for the tenant (we do their firewall and natting) or just provide them with their own public IP and they can do their own firewalling. This is the kicker. I'm not sure how I can pass a public IP with out having to subnet a whole class C of routable IPs to meet the needs. Assuming half and half want their own IP/hosted firewall at 70 clients, that's 35 users that I need to subnet, with the smallest subnet being a /30 (network, usable, gw, broadcast) that is 4 IPs used, 35*4 is 140, add in the other 35 and you are at 175 IPs needed, going over 128, which mean a full class C.
5: The property owner isn't looking to spend an arm and a leg for simple internet access, nexus and other high-end stuff is probably out of the question. I have been looking at 5512x, or an ISR router with security.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...