An ISP within an ISP – The Lab – Part 1

by Chris
on February 4, 2019

First in a series of posts about rebuilding an ISP within an ISP.

Premise

This is a lab based on a network I maintained and evolved over a number of years, but sadly no more – but this lab is the redesign I had in mind based on what they needed so is here for a number of reasons:

  • To learn a new routing protocol (IS-IS)
  • To learn a new vendors network gear (JunOS)
  • To play with NXOS and see how inter-op with JunOS fairs
  • Mainly to address some technical debt within my own mind

The Network – Physical Overview

The Endgame is to achieve the network I’ve drawn in the diagram below – 3 primary sites (the lower 3 JunOS Routers, R1, R2, R3) talking to 2 central hubs (R4, R5). From here we’ll hang off 2 NxOS devices (R6, R7).

The NxOS devices will serve as endpoints for a cloud-y infrastructure (some small Linux VMS for this lab) , ideally with dual v4/v6 throughput with the aim of providing redundancy (lets assume there is some VM/HA/replication between the two).

Firewalls will be via a pair of ASA-vs in active/standby and to top things off, we’ll use R4 and R5 to talk to R6 and R7 which are eBGP speakers providing us a default.

The Network – Logical Overview

There’s a few things to add to this to make things slightly more complex, specifically we’ll need 2 sets of L3VPN, keeping the global routing table for ‘Interwebs’.

  • Staff – RFC1918 – 10.1.0.0/16 – which breaks out via the firewalls and is where the Cloud servers will live
  • Tenant – RFC1918 – 172.16.0.0/16 – again, breaks out via the firewalls via seperate interface / dot1q.

We’ll also need some sort of l2/l3 constructs – namely:

  • A way for the firewalls to talk to each other in active/standby (or active/active)
  • The Cloud Servers to be within the same subnet

Will it all work ?

At this point I have no idea whatsoever – I’ve not touched nxOS, JunOS (much in anger) or IS-IS … but there is only one way to find out.

God Loves a Trier…

Mr Thomas, Mortimer Primary School, 1988.

In my leaving book the one I always remembered – unsure if that was about himself, or me, but hey, I’ve been called a trying individual before =o)

Follow this project as we move onto Part 2: The Hardware

Categories:

CiscoJunipernetwork

Tags:

#lab#vmwareciscojuniper

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

Adsense
About This Site

This may be a good place to introduce yourself and your site or include some credits.