ISP network re-design feedback requested

Steve Bertrand steve at
Sat Feb 28 20:30:27 UTC 2009

Hi everyone,

Hopefully my question is operational 'enough' to be asked here, as I
don't know of any other place to ask...

Still trying to redesign (as-I-go) our ISP network, I've realized that
we are not large enough to deploy a full three layer approach (core,
dist, acc), so I'm trying to consolidate, with the ability to scale if
necessary. I also want full network reachability if I need to take any
one router off-line for upgrade or replacement purposes.

Given the following diagram (forgive me, it was drafted rather quickly
with Visio, and just dumped onto a web box), I'm hoping for advice on
whether I'm leaning the right way.

What I want:

- ability to take a router off-line for upgrade, and not be concerned
about reachability issues if the lab-tested procedure fails miserably on
production gear
- a relatively easy way to keep traffic control measures at the
access/edge (ACLs, uRPF, RTBH etc)
- the 'core' free of interface ACLs (if possible), only running
filtering ingress to the process-switch environment
- the ability to scale without having to have a full mesh with all PE

What I have:

- numerous CPE routers connected to a CE switch that multi-homes into
two different routers at two different locations in our access layer
- an access layer that has no routers capable of a full BGP table (well,
v4 that is)
- a core layer that can handle full tables
- a network access layer on the north side of the diagram that you can't
see, with the same type of setup, but with full v4 routing tables being
announced in
- the access layer provides def-orig to CPE routers
- the PE protects the CE from becoming transit

What I am thinking

- use the core routers as route-reflectors to the PE access routers,
including a def-orig where it applies (to remain scalable, until PE can
be replaced to hold full routes)
- the PE routers send def-orig on to the CE sites
- stop thinking about every network like it is an 'enterprise' network
- look at most of my ISP environment as 'access clients', instead of
always seeing my ISP as everything in my buildings. See the ISP as a
'network provider', and then realize the rest are just access 'clients':

-- the 'hosting provider'
-- the 'collocation provider'
-- the 'Internet provider'
-- the 'email provider'
-- ect

There is much, much more, but feedback on the above setup will get me
going on the proper path...


More information about the NANOG mailing list