Virtualized DC and Service Policy

jtadamofod81 · ‎12-31-2012

Hello all,

I'm currently in the process of building a virtualized infrastructure and have a few questions on design.

I'm creating an environment where we will allocate a VLAN per customer. In doing so, each customer will have a virtual environment with 10Gb capabilities within their own subnet. These segregated environments will have access to the internet. I want to throttle ingress/egress traffic to the internet via a service-policy but I don't want to have this applied at the local level within the customers VLAN. Can anyone provide a simple solution to do this?

Marwan ALshawi · ‎01-01-2013

first of all what is the network infrastructure you are going to use e.g Cisco nexus, ASRs !!

for the logical design best way to get this done in a scalable and secure way is to use L2 VLANs combined with L3 VRF per customer

if you have an internet lin per customer you can have the virtulized path end to end

if you are using a shared Internet link for all the customers then you need to use some polices on the Internet edge router

check out the below links which will guide to the best way to design you virtualized network

http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/ServEdge.html

by the way if you are going to have multiple L3 Internet edge devices you may need to consider using MPLS with VPNv4 ( like ISP network design model )

hope this help