NETWizz
Well-Known Member
- Reaction score
- 1,973
Well, I have got a lovely little nightmare at work right now. You might appreciate this... We merged with another smaller organization and inherited 13 VPLS circuits.
Yes… VPLS, as in the “congratulations, here’s a giant Layer-2 broadcast domain stretched across the state” type of WAN connectivity. Pure Layer-2 junk where I now have to do all of the heavy-lifting. Would much rather throw in our Meraki MX SD-WAN solution if these sites had Internet... at least the infrastructure is ready for that.
Delivered by Lumen, of course who is a massive teir-1 global provider... fantastic at global routing, but apparently very enthusiastic about handing out Layer-2 circuits that basically dump you into a flat point-to-point Ethernet cloud. So instead of clean routed mesh handoff, I get two dumb endpoints per site and zero of the structure I normally rely bringing these into my WAN VRF via my existing peering with my WAN providers. (i.e. I usually have to do almost nothing but announce the prefixes I want at the remote site into the proper VRF and route distinguisher).
Under normal circumstances I just do BGP at every MPLS Layer-3 location, but with VPLS... Nope. I have to build my own routing edge from scratch in a damned datacenter.
I am literally adding a dedicated Cisco 9500 chassis, putting it in its own private AS, and peering that directly to the Palo Alto Virtual Router that lives inside our WAN VRF and WAN Vsys.
And since I’m stuck with Layer-2 anyway, I am going to carve out my own point-to-point /30 on each VPLS circuit, and for the sake of consistency and sanity, I am going to establish a separate eBGP peering for each site from that Cisco 9500. At least it keeps everything uniform and segmented.
In essence my 9500 becomes a Private ASN WAN provider... just what I wanted... to be stuck optimizing BGP import and export rules.
Yes… VPLS, as in the “congratulations, here’s a giant Layer-2 broadcast domain stretched across the state” type of WAN connectivity. Pure Layer-2 junk where I now have to do all of the heavy-lifting. Would much rather throw in our Meraki MX SD-WAN solution if these sites had Internet... at least the infrastructure is ready for that.
Delivered by Lumen, of course who is a massive teir-1 global provider... fantastic at global routing, but apparently very enthusiastic about handing out Layer-2 circuits that basically dump you into a flat point-to-point Ethernet cloud. So instead of clean routed mesh handoff, I get two dumb endpoints per site and zero of the structure I normally rely bringing these into my WAN VRF via my existing peering with my WAN providers. (i.e. I usually have to do almost nothing but announce the prefixes I want at the remote site into the proper VRF and route distinguisher).
Under normal circumstances I just do BGP at every MPLS Layer-3 location, but with VPLS... Nope. I have to build my own routing edge from scratch in a damned datacenter.
I am literally adding a dedicated Cisco 9500 chassis, putting it in its own private AS, and peering that directly to the Palo Alto Virtual Router that lives inside our WAN VRF and WAN Vsys.
And since I’m stuck with Layer-2 anyway, I am going to carve out my own point-to-point /30 on each VPLS circuit, and for the sake of consistency and sanity, I am going to establish a separate eBGP peering for each site from that Cisco 9500. At least it keeps everything uniform and segmented.
In essence my 9500 becomes a Private ASN WAN provider... just what I wanted... to be stuck optimizing BGP import and export rules.
