[AusNOG] Virtual routers that users can manage without interfering with other tenants

Ben Thompson ben at benthompson.id.au
Wed Aug 26 14:27:29 EST 2015


Hi all,

Facing a challenge and looking for some ideas to get this right.

We have some customers who we want to let use some Cisco CSR1000V routers (or maybe Vyatta, haven't decided exactly which to go with yet), but I am struggling to work out a way to ensure a customer can login to the device if they want to do things like configure NAT or VPN, but not be able to change their external interface settings in a way that be able to impact other customers, as these would be on a common public network segment (by impact I mean things like using IP's we haven't allocated to them, or rogue proxy ARP messages, etc.)

I would like to try and do it in a scalable way, as we are thinking we may have to allocate each customer a VLAN instead of using a common VLAN, but just wanted to see if anyone had any thoughts on other ways to do this?

Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150826/571144c4/attachment.html>


More information about the AusNOG mailing list