Restrictions on Ethernet L2 circuits?

Endresen Even Even.Endresen at bkk.no
Thu Dec 31 02:40:42 CST 2009


Hello,

Anyone with opinions on what restrictions a service provider should and
should not impose on Ethernet L2 circuits provided to business customers
wanting to connect several offices?

The service provider's MPLS core network doesn't mind what traffic flows
through the EoMPLS tunnel, but the L2 access network do mind and can be
vulnerable to several layer 2 issues. Broadcast storm control and BPDU
filter will protect the access network to a certain degree, but there
are still potential layer 2 problems that can affect the switches, for
example MAC address spoofing/flooding. Not to mention potentially
difficult troubleshooting if a business customer connects two large LANs
through the ISP's Ethernet layer 2 circuit, and then experience some
occult layer 2 problem.

Should business customers expect to be able to connect several LANs
through an Ethernet L2 ciruit and build a layer 2 network spanning
several locations? Or should the service provider implement port
security and limit the number of MAC addresses on the access ports,
forcing the customer to connect a router in both ends and segment their
network? Also, do you see a demand for multi-point layer 2 networks
(requiring VPLS), or are point-to-point layer 2 circuits sufficient to
meet market demand?

The most important argument for customers that choose Ethernet L2 over
MPLS IP-VPN is that they want full control over their routing, they
don't want the involvement from the service provider. Some customers
also argue that a flat layer 2 network spanning several locations is a
simpler and better design for them, and they don't want the "hassle"
with routers and network segmentation. But IMO the customer (and the
service provider) is far better off by segmenting their network in the
vast majority of cases. What do you think?

Regards,
Even




___________________________________________________
This message and any attachment is intended for the person(s) 
named above only. It may contain information that is confidential 
or legally privileged. If you have received this communication in 
error, please erase all copies of the message and its 
attachments and notify us immediately. Thank You.

 
This footnote confirms that the email and attachment(s) has 
been swept by our anti-virus solution for the presence of known 
computer viruses.



More information about the NANOG mailing list