Metro Ethernet implementation questions

Similar Messages

• Metro Ethernet Design question

  Hello,
  I was wondering how service providers guarantee their security protection in the Metro Ethernet model, especially when Internet is one of the applications used over the Metro network.
  For example: The customer edge switch (3550) is connected directly to the service provider aggregation layer(either Cisco Catalyst 4500 and 6500 Series switches ) .
  In the network core, Cisco 12000 or Cisco 7600 Series routers.
  So where is the security devices in this architecture, where is the firewalls, the IDS/IPS, that protects the service provider core from any threats.
  Providing the customer with Internet in Ethernet switching technology the service will put the provider in a vulnerable position.
  Am I thinking wrong here?

  Hi
  The CE will be hardened using storm control both multicast as well as broadcast on the ports where the end users are connected.
  About the accesiability between the other users who are connected on the ports of same switches you have switchport security coded which will take care of the access violation part.
  Also the maximum no of MAC address which can be permitted/allowed over the ports.
  This inturn will send u a trap and can shut the port if theres any violation detected on those ports..
  In the next layer where u say 6500 or 7600 u will have FWSM modules which will be taking care of filtering and other funtionalities which is very much similar to a standalone PIX firewall.
  you can have redundandcy or even load balancing with
  the FWSM modules over there in the 6500 switches.
  And ofcourse the IP addressing schemes deployed would be in private scopes and will have either NAT pools or PAT enabled in the FWSM.
  you got to have more n more ACLS on all the devices to mitigate the general known worms/virus or their variants in the network applied in applicable points.
  regds

• Metro Ethernet 3550 IOS

  Hello,
  Just a basic question:
  Is there an recommended IOS version for a Cat 3550 acting as a U-PE in a Metro Ethernet implementation?
  Thanks!

  The Catalyst 3550 will now provide limited support for Policy Based Routing (PBR), while Catalyst 3550 Metro Ethernet users can benefit from Layer 2 Tunneling Protocol enhancements, which allow configuration of drop and shut-down thresholds based on ingress packet rates.
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1833/prod_bulletin09186a008014eed1.html

• Basic:Metro Ethernet and DWDM vs SONET question

  Hey, my understanding is that in order to deliver Metro Ethernet solutions, one system must be based on DWDM.
  SONET, for example, cannot deliver Metro Ethernetsince that is based on TDM (not Ethernet, duhhh).
  If the above is right, so I want to confirm that there is no other technology out there besides DWDM which can deliver Metro Ethernet services for enterprise customers?

  Any number of underlying technologies can be used to deliver Metro Ethernet services - DWDM, SONET, pure play Ethernet over metro area fiber, etc.
  It's more of an economic (what installed base does the carrier have or able to obtain the use of and at what cost) and efficiency (how much of the overall capacity can be feasibly broken into resellable Ethernet services without too much stranded or wasted capacity) question than a technological one. Some technologies lend themselves better to one or the other of those factors thus their dominance in certain markets.
  The industry is very adept at achieving previously unthought-of solutions through the introduction of additional layers of abstraction (e., Ethernet over SONET, inverse multiplexing, etc.)

• Metro Ethernet Switches Network Implementations

  I wish that Cisco would collect as many as network scenarios and pratical configurations for 3750ME, Metro Ethernet, and MPLS, starting with few basic one.
  Cut down the marketing materials. It will benefits all customers and cut down supports.

  There are lot of such materials.
  http://www.cisco.com/en/US/products/hw/switches/ps5532/tsd_products_support_series_home.html
  http://www.cisco.com/en/US/netsol/ns341/ns396/ns223/ns227/networking_solutions_sub_solution.html
  http://www.cisco.com/en/US/tech/tk436/tsd_technology_support_category_home.html
  Hope this helps

• SONET Metro Ethernet questions

  I was wondering if anyone has had a good/bad experience deploying and working with Metro Ethernet technologies since it is fairly new. I'm planning onto linking a large office 40 miles away to my central office and considered this and PPP OC3 as 2 top choices, I was told I will be able to extend my LAN without any additional hardware, anyone can share their thoughts? reliability?

  Hi,
  I think it would be better to include Cisco Account Manager/SE for this upgrade, they can guide you better and can come up with LLD for this upgrade, otherwise upgrading your 17 sites without proper planning can cause you serious issues.
  Yasir

• Customer Equipment for Metro Ethernet Link

  Hi All
  It has been some time since I utilised Cisco network kit to provide private circuit point to point connectivity and I wonder if someone could give me a little guidence.
  The customer is shortly to implement a new 100Mb Metro Ethernet link to connect two of their branches. They initially intend to use the link for data only traffic but eventually will want to route VOIP traffic across the link so bandwidth management and QoS will be essential components. It is unlikely that further links will be added to this link so built in expansion of the chosen routers may not be required.
  Budget will be an issue on this so I would appreciate any advice or recomendations.
  Thanks
  J.

  Hello James,
  I think it would be better to get in touch with your Cisco Account Team as this question cannot be answered on a forum post.
  Thanks,
  Karim

• Comcast Metro Ethernet Setup

  We have one customer with one ASA and one 3750 switch in headquater. 6 1801 Routers in 6 branches.
  All connected via MPLS/BGP provided by ATT. And it was terminated at one port on 3750.
  We plan to replace that with Metro Ethernet Hub/Spoke topology since the customer mentioned each office never talks to each other. Later on we found they have IP phones do need to talk with each other at branches.
  Question - can we still use the MetroE service but configure routing to make each office talk with each other and how that would work?? I would assume some routings on 3750.
  Any info is appreciated. thanks!
  Ben

  Hi Ben,
  It will work for sure since this is what ( in a much more complex scenario) we are implementing in our company since ab few months. Just take care of defining data and voice subnets as technically unrelated so to be free implementing very flexible and easy to manage routing policies. Is ATT providing L3VPN or what?
  Hope to help
  Alessio
  Sent from Cisco Technical Support iPad App

• Bellsouth Metro Ethernet -- is it QinQ?

  I have a customer who has bought some connections from Bellsouth's Metro Ethernet product. I am having a tough time getting someone at Bellsouth to give me any information about the product.
  Are they just using QinQ (802.1q tunneling) to make it all happen? If that's the case then I should just trunk to them with 802.1q and not have to do anything else, I believe keeping the native vlan 1 should even be fine. If anyone knows anything about this or has connected sites using the Bellsouth metro-e product please let me know.
  Brian

  Hello,
  looks like it is Ethernet over SONET, with a possibility to migrate it to EoMPLS:
  "Currently BellSouth uses a specialty Ethernet switch to support its shared multipoint offering, but that may change. "We're converting to more of a general purpose device that will be part of our MPLS network and will deliver Ethernet and other services," hints Kaish.
  Some carriers have implemented shared multipoint services directly over fiber, which means that those services do not include Sonet restoration capability, effectively limiting them to non-critical traffic. But BellSouth's metro Ethernet network is Sonet-based and customers can leverage Sonet's restoration capabilities, Kaish says."
  http://www.findarticles.com/p/articles/mi_m0DUJ/is_13_107/ai_108408900
  Another source of information supporting the statements above:
  http://newsroom.cisco.com/dlls/2004/prod_070604.html
  In any case this does not mean straight forward, that you can use the service to setup trunks between your switches. This depends on the interface configuration of (presumably) the 7600. They might restrict you to dot1Q with one VLAN or even to plain ethernet.
  Hope this helps! Please rate all posts.
  Regards, Martin
  P.S.: have a look at http://www.metroethernetforum.org/presentations/SC2003_BobSmithEntNet.PDF which should answer many questions! Especially they state "Dedicated Ethernet supports VLAN tagging" - sounds like setting up a dot1Q trunk with them will be supported.

• Suggest No. of routers in a single metro-ethernet Vlan

  Hi,
  Just would like to know if there is a recommended no. of routers to put into a single metro-ethernet vlan. The local Metro-ethernet provider suggest 10 routers per vlan but I think 30-50 would be OK ?

  This question is like how many nodes can you put into a VLAN. For an answer to be given your traffic types would need to be known. How chatty are your routers? Are you bridging? What type routing / bridging traffic (non-unicase) might you have on the wire? Baseline data from your environment is important to answer this question. There is no hard fast recommendation for this just as there is none for numbers of nodes in a VLAN or router is an OSPF area. This is completely dependant on your environment.
  Hope this helps,
  Don

• Best way to detect failure in Metro ethernet networks

  Hello ,
  I am working for a well known provider and I am currently migrating one of my client from Frame-relay to Metro-ethernet link .
  I am actually looking for advices on what sort of mechanism to implement to detect a failure in the ME parth .
  As you probably know , failure on one of the links might cause the CE-SWITCH-PE interfaces to stay up/up and the network will not neceseraliy start converging .
  So far I have implemented BFD along with IP SLA route tracking , I am happy with BFD but the IP SLA is acting "weird" .
  - IP SLA ICMP tracking rely on ICMP packets and was too sensitive to packets lost
  - We switched to ip route sla tracking but I am still unsure about the best way to use or implement this .
  Is there some sort of best practices available somewhere for this ?
  thanks ¨
  T

  Hello Thomas,
  From what i have seen BFD is best bet as it allows to relax the L3 protocols timers ( BGP / any other protocol used between CE- PE ). Another option is to have gre tunnel between the PE - CE link and track this tunnel interface.
  Regards,
  Shreeram

• Metro Ethernet in RAIL Transportation (MRTS) applications

  Dear Sir,
  I have a query related to Metro Ethernet technology.
  We are into TRANSPORTATION SYSTEMS. We are coming up with a MRTS Project in Mumbai , India. We are at a planning stage at the moment. As per our experience, companies in RAIL MRTS Applications are using SDH technology (MUX and access multiplexers).
  Could you please suggest , should we go for METRO ETHERNET of SDH Technology.
  Are there any players/ any Metro Projects who have implemented Metro Ethernet ( instead of SDH).

  Hi Pankaj
  What kinda applications you are going to use and what kinda bandwidth requirement you have in place ?
  Also do revert back the number of locations and a bit more onto your topology which mite help to get back with our suggestions..
  regds

• Metro ethernet, Ethernet protection ring.

  Hi everybody.
  I hope everybody is doing great.    A quick question for you guys.
  Let say we have Ethernet switches connected in a ring .We want to use Ethernet protection ring for loop avoidance and faster convergence.
  One of the switch will be RPL owner, and of the link in our ring will be chosen as RPL link.
  1)My question is what is the criteria for RPL owner selection and RPL link?  (  For e.g  in STP, we use lowest bridge priority for root bridge)
  2)  Is Ethernet protection ring provide an alternative to stp when we switches connected in ring toplogy  and fast convergence is required as is the case with metro ethernet commonly ?
  Have a great evening.

  Dear Friend
  If you want to deploy and use L2 VPN service you should
  define whst is he type of core
  do you want to use L2 VPN service based on IP or MPLS?

• Metro Ethernet over Docsis

  Hello Gurus,
  I would like to know a bit more about this tecnologie (Metro Ethernet over Docsis).
  I work for a cable companie and we would like to know the implicationd of implementing such a technologie.
  If we go for a CPE based aproach we only have to configure a CPE like the Cisco 1805 in each costumer end-point?
  Which configurations does the CMTS and backbone require?
  What are the maximum speed we can offer with this technologie running on HFC?
  Any help would be much appreciated.
  Thanks in advance.

  You might want to read this:
  http://www.cisco.com/en/US/solutions/collateral/ns341/ns522/ns3/metro_ethernet_white_paper.pdf

• Is Metro-ethernet Secured ? Compare with FR/ATM

  Hi,
  Just would like to understand if Metro-ethernet has the same security level as FR and ATM ? Metro-ethernet has broadcast nature and it seems mirroring ethernet frame is much more easier than FR and ATM . Is there any study onto the security issues presented in the Metro-ethernet technology ?
  I see a lot of customers doing IPSec on the Metro-ethernet and they don't do this on the FR or ATM links ?
  Thanks

  I have not seen any document, but my understanding is that FR and ATM networks do not have broadcast capability which is an inherent security feature. Sites can communicte only if a VC is configured between them. In metro ethernet, broadcasting is possible and the providers have to implement security to islolate customers by configuring some feature. Since the customers may not trust the level of security provided by the providers, they may choose to run IPSec over this type of access.