cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
936
Views
5
Helpful
7
Replies

How to connect different AS for Log analysis

Perfect Storm
Level 1
Level 1

Hello All

We are required to connect to one of our clients network. That is mostly over their L3 switches. The purpose to connect client is for log analysis. Have attached a indicative diagram showing possible connection we have on offer. The client is reluctant to tell us what they have configured at their end. But we know for sure they have MPLS configured at their end (on all routers).

Now, my query is what we can configure at our end possibly to connect the customer ? L2VPNs ? BGP peering ? VPNs are not for high amount of traffic. will BGP peering solve this. Or can this be just extension of their existing LAN infra ? These are server logs, so one can expect traffic in GBps.

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

The diagram not a clear of objective what you looking to do, if your client looking to support, then he needs to provide information, without you can achieve anything after all this is a client network. 

Also is this Log server resides in their network or out of their network? over internet?

we do ship the Logs to the Internet Cloud over secure methods on port 9000 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello Balaji, 

Thank you for responding to my query !

We are treating client as AS-1 and us as AS-2, we don't have a firewall in between both ASs. The logs will be accessed from our AS-2 or shipped to our AS-2 from AS-1. However, customer is not ready to tell us what they have configured at their end or plan about the logs access.

They are asking us to produce similar solution first, which we will implement later-on. But we have no clue what's running on client end except MPLS infra as said earlier.

Unfortunately, you play in the dark, and that does not work in technology without knowing what is configured and cooperation from the client.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes Balaji, understood that. But sometimes you can't argue with clients. 

Can we, kind of give them options of solution in the way which this connectivity can be established and logs will accessed for analysis ? We have BGP peering option, what else can we give ? Please advise !

If the client is not willing to give you / your company any information to help with the design of this solution then they are probably not seriously considering you for the job.  If they are seriously then I would find the lack of willingness to provide any information strange.  

But why do you need them to send the logs to you?  Why not just setup a log collector server in their network and then poll that server from a server in your network?

--
Please remember to select a correct answer and rate helpful posts

Hello Marius

Thank you for your response !

Yes, they have a Log collector server at their end as shown in the diagram attached. But we can't connect Servers in different domains back to back like this? can we ? There had to be some underlaying infra of SW and/Router, right ?

We have L3 switches at both their and our end. Can we just try BGP peering between both L3 SWs and then ask them/client to point their log collector traffic to our Analytical server ?

 

If there is connectivity between your two switches then you can set up BGP peering and have the client point their syslog to your server.  

Or, depending on where your two switches are located physically, you might want to just connect them directly.  But keep in mind the security risks of both of these solution.  If you do not have a firewall between the two networks you are essentially allowing full access between both networks which might not be wanted by either you or the client...or both for that matter.

 

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card