[afnog] Bridged Access Network

Seun Ojedeji seun.ojedeji at gmail.com
Wed Oct 9 12:51:51 UTC 2013 

On Wed, Oct 9, 2013 at 1:42 PM, Vincent Mwamba <davince01 at gmail.com> wrote:

> ...What we have now is clients been assigned static IPs from a big pool
> /24 and if they connect anything to the cable they can sniff other customer
> traffic.
>
> Ah now i understand why you get broadcast storm and risk exposing clients.

I guess all the responses you have gotten so far will help build a network
that will finally allow you have long uninterrupted dreams during your
sleep and puts a smile on your customers face ;-)

Cheers!


> Thanks
>
> ./Vinny
>
>
> On Wed, Oct 9, 2013 at 11:39 AM, Seun Ojedeji <seun.ojedeji at gmail.com>wrote:
>
>> Okay Vin,
>>
>> On Wed, Oct 9, 2013 at 10:11 AM, Vincent Mwamba <davince01 at gmail.com>wrote:
>>
>>> Hi Seun,
>>>
>>> We have Layer 3 devices at each customer premises with static IPs from a
>>> pool assigned to a service e.g a /24 static pool. But we do get customers
>>> who plug their links into a switch at their end.
>>>
>>> Hmm....so if i get this correctly, you assign say 192.168.4.0/24 to a
>> customer, who then plug in into a switch and assigns static to all its
>> users (or dhcp as the case maybe) and this the activity (including
>> broadcast) by those users gets to you.
>>
>> Yeah thats the normal and expected behaviour. A first thing to do is to
>> limit the subnet you are assigning to customers to say /30 or /28 max. The
>> prefix you assign to the customer would only be a broadcast within the
>> customer end since broadcasts are within subnets. I presume you have a/some
>> routing protocol(s) running at your say distribution and definitely at the
>> core.
>>
>> On a lighter note, if you have layer 3 devices at your customer premises,
>> then you just need to run a few more layer 3 at the pops (high ends
>> connecting to other sites). Even with the current setup, i am still
>> wondering how you receive broadcast storm from the customer since they have
>> their subnets? Perhaps the broadcasts is coming from devices directly
>> connected on the switch at the pops(high ends)
>>
>> Cheers!
>>
>>
>>> Thanks
>>>
>>> ./Vinny
>>>
>>>
>>> On Wed, Oct 9, 2013 at 10:51 AM, Seun Ojedeji <seun.ojedeji at gmail.com>wrote:
>>>
>>>> Hello Vin,
>>>>
>>>> On Wed, Oct 9, 2013 at 9:31 AM, Vincent Mwamba <davince01 at gmail.com>wrote:
>>>>
>>>>> <<snip>>
>>>>>
>>>>
>>>>
>>>>>  The customer traffic from each high site is carried over our layer 2
>>>>> access back to a single aggregation router.
>>>>>
>>>>
>>>> Wow! looks like too much to chew for the poor single router. Which seem
>>>> to be the only layer 3 device.
>>>>
>>>>
>>>>> Some High sites are aggregation points for more remote sites and for
>>>>> redundancy links, which has caused us spanning tree issues in the past.
>>>>>
>>>>
>>>> The hard fact is you need to spend a few coins and get layer 3 devices
>>>> for the High sites. Especially those that are pop to other sites
>>>>
>>>>>
>>>>> What is the best way to grow the flat network and avoid spanning tree
>>>>> headaches.
>>>>>
>>>>
>>>> I say try as much as possible to avoid spanning tree (if you can), also
>>>> try to reduce switching as much as possible at your core.
>>>>
>>>>
>>>>> What is the best practice to provision the various services we
>>>>> offering to our customers and avoid broadcasts?
>>>>>
>>>>
>>>> Could you explain what a typical customer end looks like i.e do they
>>>> connect by pppoe, dhcp or static IPs/ have you got a layer 3 device at each
>>>> customer premises?
>>>>
>>>>
>>>>> How are other ISP doing it?
>>>>>
>>>>>  N/A ;-)
>>>>
>>>> Cheers!
>>>>
>>>>> Thanks
>>>>>
>>>>> ./Vinny
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> afnog mailing list
>>>>> http://afnog.org/mailman/listinfo/afnog
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> ------------------------------------------------------------------------
>>>>
>>>> *Seun Ojedeji,
>>>> Federal University Oye-Ekiti
>>>> web:      http://www.fuoye.edu.ng
>>>> Mobile: +2348035233535
>>>> **alt email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng*
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> *$$= *Vincent Mwamba
>>>
>>> *Mobile:*    +260979458807
>>>
>>> *Skype: *    davince24
>>>
>>> ~ ~ ~
>>> - imiti ikula e mpanga
>>>
>>
>>
>>
>> --
>> ------------------------------------------------------------------------
>>
>> *Seun Ojedeji,
>> Federal University Oye-Ekiti
>> web:      http://www.fuoye.edu.ng
>> Mobile: +2348035233535
>> **alt email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng*
>>
>>
>>
>
>
> --
> *$$= *Vincent Mwamba
>
> *Mobile:*    +260979458807
>
> *Skype: *    davince24
>
> ~ ~ ~
> - imiti ikula e mpanga
>



-- 
------------------------------------------------------------------------

*Seun Ojedeji,
Federal University Oye-Ekiti
web:      http://www.fuoye.edu.ng
Mobile: +2348035233535
**alt email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20131009/70f019ad/attachment.html>

More information about the afnog mailing list