Hi Atif,

We are pretty much facing the issue with overlapping address space and more  than likely overlapping VLAN IDs.

We cannot use NAT as we need to have identical IP addressing accross customer sites as application servers are required to keep there IP address if they are to be brough over to our site.

Any ideas?

Regards,

Scott

scott.brien14 wrote:
Hi Atif,
We are pretty much facing the issue with overlapping address space and more  than likely overlapping VLAN IDs.

We cannot use NAT as we need to have identical IP addressing accross customer sites as application servers are required to keep there IP address if they are to be brough over to our site.
Any ideas?

Regards,
Scott

Hello Scott,

Can you please elaborate a little more about your network environment? Are you providing hosted data center services? What do customers access on your network or is it that you are only providing transport/hosted DC services to customers who maintain their own applications / clients?

If this is a hosted data center environment then keeping each customer in a virtualized container (VRF) end to end is probably your best bet. I am guessing FWSM here is being used to provide security services to clients. You will need individual contexts per customer as you had originally thought.

Atif

Hi Atif,

Our network consists of multiple customers which either come in on a layer 2 metro ethernet circuit or a service provider layer 3 connection.

We off many services and as we are expanding and bringing on customers with existing LANs we are running into overlapping address spaces.

This is a hosted data centre however we do desktop management for clients also if they wish to take up that service.

that is correct that we are using for FWSM for security reasons.

Our main goal in a new infrastructure design is to have all of our infrastructure and services to sit in a single VRF as we determine the ip address space for those services and a VRF per customer and we can then do inter VRF routing for each customer and allow them to access services which which they have opted to purchase.

Not really sure how we would do VRF from end to end as we go through an SP from customer LAN to our DC for the layer 3 circuits, we can use a Demark switch for the Layer 2 circuits with a metro 3750 switch as a PE though I presume.

Hope this helps.

Scott

scott.brien14 wrote:
Hi Atif,
Our network consists of multiple customers which either come in on a layer 2 metro ethernet circuit or a service provider layer 3 connection.
We off many services and as we are expanding and bringing on customers with existing LANs we are running into overlapping address spaces.
This is a hosted data centre however we do desktop management for clients also if they wish to take up that service.
that is correct that we are using for FWSM for security reasons.
Our main goal in a new infrastructure design is to have all of our infrastructure and services to sit in a single VRF as we determine the ip address space for those services and a VRF per customer and we can then do inter VRF routing for each customer and allow them to access services which which they have opted to purchase.
Not really sure how we would do VRF from end to end as we go through an SP from customer LAN to our DC for the layer 3 circuits, we can use a Demark switch for the Layer 2 circuits with a metro 3750 switch as a PE though I presume.

Hope this helps.

Scott

Hello Scott,

If you have multiple customers with overlapping address spaces accessing your central services then you will need NAT between customers and your central services VRF. I personally do not see a way around it.

If you are unable to do VRF end to end then I am not sure what you mean by VRF per customer. You need isolation end to end as I doubt any customer will be OK with being in the same logical reachability domain as other customers. How does the SP you are using carry a customer's LAN to your Data Center? Is it over point-to-point pseudowires over MPLS?

Atif

Hi Atif,

Sorry for my delayed response.

We can use NAT between specific services which are able.

There are certain services which are unable to use, but we have figured a way to overcome this now.

We will be using VRF lite and multiple contextrs with the FWSM to address overlapping address spaces and VLAN rewriting techniques to address the overlapping VLAN IDs (do you have any experience or knowledge in how to do this?).

SP is using pseudo-wire EoMPLS to deliver customers to our infrastructure over a trunk port.

These customers will split off into their own VRF and have access to services which we provide them.

Regards,
Scott

scott.brien14 wrote:
Hi Atif,
Sorry for my delayed response.
We can use NAT between specific services which are able.
There are certain services which are unable to use, but we have figured a way to overcome this now.

We will be using VRF lite and multiple contextrs with the FWSM to address overlapping address spaces and VLAN rewriting techniques to address the overlapping VLAN IDs (do you have any experience or knowledge in how to do this?).
SP is using pseudo-wire EoMPLS to deliver customers to our infrastructure over a trunk port.
These customers will split off into their own VRF and have access to services which we provide them.
Regards,
Scott

Hello Scott,

This makes sense now. Regarding overlapping VLANs if I understand your topology correctly then the VLAN overlap is on the customer end and as long as your SP's PE supports VLAN rewrite you should not have to do anything on your side. You just need to ensure you assign a unique VLAN per customer. Another assumption I am making here is that you have a single VLAN per customer for the Layer-2 extensions.

Atif

Hello Scott,

Would you please let us know how did you handle this task?

If it is possible could you please provider your topology as I have same issue.

Best Regards

Tural

Try to research about cisco evn might be useful to you