Hi
I currently attempting to design a network core in GNS3 for one of my clients : https://gyazo.com/f42db69543cdf21cdfa9857beb58bbfe
The client receives customer connections forwarded to him by his telco partners on the TELCOS router. He also receives VPN connections (L2TP) via the VPN router
Customer connections have three destinations :
- access to their servers (data & apps) VMs via FIREWALL router
- access to the Internet via BGP router
- inter-site access - TELCOS router
The one exception is the CLIENT router and SrvClt : which belongs to one specific customer but are housed in my client’s datacenter.
I Installed OSPF PtP neighborship links between the routers and enabled LDP MPLS between them. All routers can reach the Internet via the BGP router
I created a VPLS tunnel between VPN and TELCOS routers to transfer L2TP connections directly to the TELCOS router in order to provide remote access to VMs/SrvClt or to a customer’s site.
I configured a VLAN per customer/company through the VPLS trunk and addressed both ends of the VLAN tunnel so as to route the incoming L2TP connections to the other side of the VPLS tunnel. This might not be the recommended approach but it seems to work as expected. Is there a simpler or more advisable approach to transferring the L2TP connections to TELCOS ?
I will bridge the VLAN ends on the TELCOS router to either ethe6 or ether7 to transfer these connections to the desired destination (SrvClnt/VMs)
Since the TELCOS router will be handling incoming traffic from customers sites I figure that it can handle the VPN connections too. I also figured that I could maybe enable some traffic engineering within the MPLS core to optimise and secure the traffic redistribution/flow
At present the L2TP customers can reach the TELCOS router and any resources accessible from this router; I will leave the firewalling rules for last.
I’m not sure however on how to handle the incoming customers traffic delivered by the telco links
I believe that this traffic will be delivered in sets of VLANs therefore I could simply trunk the VLANs toward whichever router will handle their requests: BGP for Internet, FIREWALL/CLIENTS for server access, and TELCOS for inter-site traffic; maybe using here too VPLS trunks
This is my first core network design attempt so I’m not totally confident that my approach and wonder whether there might be a simpler more efficient, and economical, way of designing it ?
Thanks
yann