hey,
Given our current network architecture, we have not found a significant
technical or commercial reason to separate VPN traffic from Internet
traffic as a function of what that will cost us in money and human terms.
Every network is different and YMMV.
In our case, we run BGP-free MPLS aggregation and BGP-free core. All IP
services, be L3VPN or inet, are terminated in separate edge boxes. Edge
boxes are only connected to core and are not in traffic path for other
traffic (typical aggregation-edge-core is not the case for us). Traffic
from aggregation to edge are transported in PW.
We are major provider for Estonia and Estonian government, banks etc.
Almost all of the GOV services, banking etc. depends on our network and
lives in L3VPN. So it's not really a capex/opex issue but more of a PR one.
--
tarko
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
