OT - Campus Path Isolation - MPLS, VRF-lite, etc.

From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Thu May 31 2007 - 10:41:40 ART

I'm looking into turning on guest wireless access across our campuses and
looking into the various options for path isolation. We have a single entry
point to the Internet in our network so some type of tunneling is what I
have in mind but I'm not sure which method is the way to go.
 
I've considered plain GRE tunnels (no VRF) but that would mean turning on
PBR, which I really don't want to do. The switches performing the PBR are
6500 w/Sup720 so plenty of horsepower but still, I don't think it's the way
to go. I've looked into MPLS through the campus and believe it's a good way
to go as is VRF-lite (non-BGP VRF) but I'm not sure if they fit. I would
only want to enable MPLS/VRF on the endpoints of the tunnels and not the
devices in between. I believe this will work but not sure. I would also
like to hear about any other possible path isolation options if they exist.
 
I would GREATLY appreciate it if somebody could enlighten me on this
subject. Any real-world experiences with campus guest access to share?
 
Thanks,
 
Rik

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:23 ART