Router Tweaked
- From: Jon Otterholm <jon.otterholm@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 30 Aug 2006 13:11:35 +0200
Hi.
I have a problem, or maybe I should see it as a challenge.
We offer broadband services and we buy the connection to our customers from another company with an infrastructure built on Cisco technology.
Our customers are delivered to us on a unique VLAN/customer. In their core-net they use a technology called QinQ - a bunch of VLAN's with an extra VID to be able to scale the network easier. For example all customers from one DLSAM have a their unique VID but from that site and through the rest of the network they all belong to the same QinQ-VID.
The downside to using this technology (QinQ) is that we loose some of the virtual functions of the VLAN's. For example the MAC-tables are not separated any longer - we have one table for each QinQ VLAN and not one for each VLAN. This means that we as ISP cannot use if_bridge to bridge a bunch of VLAN's together because this will mess upp FDB in the Cisco switches - one MAC-address will belong to more than one port in a switch in the same FDB. This wouldn't be a problem if they was'nt using QinQ - because then each VLAN would have their own FDB in each switch.
My goal is to build a Router based on *BSD (preferably FreeBSD) with a VLAN-IF for each customer linked to a bridge so that I could use one (1) IP per customer and not waste 3 IP's on net-, Gateway- and boradcast-addresses on each customer if I would route each customer in a normal fashion.
_____________________
___________ | |
Customer1; VID 100---\ | | |/em0.100--\ |
|> QinQ VID 1----P1|CiscoSwitch|P2---VID 100,200----em0| FreeBSD |>-bridge0|
Customer2; VID 200---/ |___________| |\em0.200--/ |
|_____________________|
The solution above are non-working out of the box because of the QinQ. One solutions is to put a ARP-Proxy (net.link.ether.inet.proxyall ?) that would spoof all the IP's connected to the client IF's. Or maybe PF/IPFW have some magic I could use to redirect Client-To-Client traffic via Loopback.
Of course Cisco has a solution to this (since they invented the "problem" :-)) based on IP-less IF (for the customer), a local Loopback IF acting as gateway and ARP-Proxy for communications between customers.
I have put this out there before with no good results. Is there anyone out there with any good thoughts on this that may help me on the way?
Additionally I want to be able to trace my customers if back to their VLAN if someone give me a time and a IP-address.
Any thoughts or hints are appreciated.
/Jon
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: OT: Looking for Bandwidth Manager Appliance or Bandwidth Manager Softwatre
- Next by Date: EA Game Support Message [Incident:]
- Previous by thread: OT: Looking for Bandwidth Manager Appliance or Bandwidth Manager Softwatre
- Next by thread: EA Game Support Message [Incident:]
- Index(es):
Relevant Pages
|
|
