On Fri, Mar 12, 2010 at 2:41 PM, Raja Subramanian <[email protected]> wrote: > On Fri, Mar 12, 2010 at 10:49 AM, Arun Khan <[email protected]> wrote: >> On the WAN interface, there are two subnets coming in on the same pipe >> from the service provide. >> >> One subnet is for MPLS VPN and other subnet is for Public IP addresses >> (Internet access). >> >> I am planning to terminate the RJ45 cable from the service provider >> modem directly into the WAN NIC. > > If you have control over the client side ISP router,
There is *no* client side ISP router - just a modem for media conversion > it's better to run > a VLAN trunk between the ISP router and your device. Put the > MPLS subnet on one VLAN interface, and internet on the other > VLAN interface. This would imply a switch supporting VLAN right? If yes, the client does *not* have the infra. > You'll end up having 2 VLAN interfaces on your appliance which > you can configure independently as if they were individual NICs. The appliance is an Intel Atom DG945GCLF based nettop with 2 NICs (one for LAN and one for WAN) Would appreciate some pointers If you are suggesting to do VLAN in Linux on the WAN NIC. > >> Please confirm if anyone has done IP "alias" using the vyatta router. >> I am working with the version vc5.0.2 as well as VC6.0-2010.02.19.beta > > Problem with IP aliasing is that there is no isolation at L2 between the > MPLS and the internet. There is the possibility of a data leak between > internet and MPLS. This possibility also exists in VLANs does it not? In my scenario, at the L2 layer, it is a point to point connection with the service provider (who is providing both MPLS VPN as well as Internet) Thanks for your input. -- Arun Khan _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
