[afnog] Bridged Access Network

Wed Oct 9 12:42:59 UTC 2013

Hi Seun,

We used have DHCP on the network which we disable a few months back. What
we have now is clients been assigned static IPs from a big pool /24 and if
they connect anything to the cable they can sniff other customer traffic.

Thanks

./Vinny

On Wed, Oct 9, 2013 at 11:39 AM, Seun Ojedeji <seun.ojedeji at gmail.com>wrote:

> Okay Vin,
>
> On Wed, Oct 9, 2013 at 10:11 AM, Vincent Mwamba <davince01 at gmail.com>wrote:
>
>> Hi Seun,
>>
>> We have Layer 3 devices at each customer premises with static IPs from a
>> pool assigned to a service e.g a /24 static pool. But we do get customers
>> who plug their links into a switch at their end.
>>
>> Hmm....so if i get this correctly, you assign say 192.168.4.0/24 to a
> customer, who then plug in into a switch and assigns static to all its
> users (or dhcp as the case maybe) and this the activity (including
> broadcast) by those users gets to you.
>
> Yeah thats the normal and expected behaviour. A first thing to do is to
> limit the subnet you are assigning to customers to say /30 or /28 max. The
> prefix you assign to the customer would only be a broadcast within the
> customer end since broadcasts are within subnets. I presume you have a/some
> routing protocol(s) running at your say distribution and definitely at the
> core.
>
> On a lighter note, if you have layer 3 devices at your customer premises,
> then you just need to run a few more layer 3 at the pops (high ends
> connecting to other sites). Even with the current setup, i am still
> wondering how you receive broadcast storm from the customer since they have
> their subnets? Perhaps the broadcasts is coming from devices directly
> connected on the switch at the pops(high ends)
>
> Cheers!
>
>
>> Thanks
>>
>> ./Vinny
>>
>>
>> On Wed, Oct 9, 2013 at 10:51 AM, Seun Ojedeji <seun.ojedeji at gmail.com>wrote:
>>
>>> Hello Vin,
>>>
>>> On Wed, Oct 9, 2013 at 9:31 AM, Vincent Mwamba <davince01 at gmail.com>wrote:
>>>
>>>> <<snip>>
>>>>
>>>
>>>
>>>>  The customer traffic from each high site is carried over our layer 2
>>>> access back to a single aggregation router.
>>>>
>>>
>>> Wow! looks like too much to chew for the poor single router. Which seem
>>> to be the only layer 3 device.
>>>
>>>
>>>> Some High sites are aggregation points for more remote sites and for
>>>> redundancy links, which has caused us spanning tree issues in the past.
>>>>
>>>
>>> The hard fact is you need to spend a few coins and get layer 3 devices
>>> for the High sites. Especially those that are pop to other sites
>>>
>>>>
>>>> What is the best way to grow the flat network and avoid spanning tree
>>>> headaches.
>>>>
>>>
>>> I say try as much as possible to avoid spanning tree (if you can), also
>>> try to reduce switching as much as possible at your core.
>>>
>>>
>>>> What is the best practice to provision the various services we offering
>>>> to our customers and avoid broadcasts?
>>>>
>>>
>>> Could you explain what a typical customer end looks like i.e do they
>>> connect by pppoe, dhcp or static IPs/ have you got a layer 3 device at each
>>> customer premises?
>>>
>>>
>>>> How are other ISP doing it?
>>>>
>>>>  N/A ;-)
>>>
>>> Cheers!
>>>
>>>> Thanks
>>>>
>>>> ./Vinny
>>>>
>>>>
>>>> _______________________________________________
>>>> afnog mailing list
>>>> http://afnog.org/mailman/listinfo/afnog
>>>>
>>>
>>>
>>>
>>> --
>>> ------------------------------------------------------------------------
>>>
>>> *Seun Ojedeji,
>>> Federal University Oye-Ekiti
>>> web:      http://www.fuoye.edu.ng
>>> Mobile: +2348035233535
>>> **alt email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng*
>>>
>>>
>>>
>>
>>
>> --
>> *$$= *Vincent Mwamba
>>
>> *Mobile:*    +260979458807
>>
>> *Skype: *    davince24
>>
>> ~ ~ ~
>> - imiti ikula e mpanga
>>
>
>
>
> --
> ------------------------------------------------------------------------
>
> *Seun Ojedeji,
> Federal University Oye-Ekiti
> web:      http://www.fuoye.edu.ng
> Mobile: +2348035233535
> **alt email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng*
>
>
>

-- 
*$$= *Vincent Mwamba

*Mobile:*    +260979458807

*Skype: *    davince24

~ ~ ~
- imiti ikula e mpanga
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20131009/2521d7c5/attachment-0001.html>