[AusNOG] Virtual routers that users can manage without interfering with other tenants

David Lambert sobmalss at gmail.com
Thu Aug 27 09:58:06 EST 2015


Logical systems are great, easy and a really solid solution in a hardware environment looking for some virtualisation but perhaps miss out on some of the benefits of true separation that virtualised software environments provide; such as independent resource allocation, freedom to run multiple releases, vendors, flavours, reboots, scale up/down.. and perhaps the freedom to ultimately treat your vrouters like cattle.


Dave.L

> On 27 Aug 2015, at 7:09 am, Tom Storey <tom at snnap.net> wrote:
> 
> Thats essentially what logical systems do on Juniper, provide a
> virtualised router instance in to which the admin of the box can
> assign interfaces (or subints) - the user does not have the ability to
> configure new interfaces, just the parameters of interfaces they have
> been assigned. There is a limit to the number of logical systems you
> are supposed to be able to configure which is 15 for a router
> platform, and potentially less on the SRX (and only the higher end
> SRXs, which may also require additional licenses last I read.)
> 
> Ive not yet tried to configure a logical system on a vMX router, will
> have to play with that at some point.
> 
> There are some cons to using logical systems, for example you lose
> some of the configuration management abilities that makes JunOS really
> great (i.e. the ability to rollback), but they do allow the user to
> configure their own instances of routing protocols and other things in
> such a way that wont interfere with anyone else on the same box. And a
> user can be configured to log directly in to their own logical system
> instance, so theres less chance of them fat fingering and messing up
> another logical system or the host router itself.
> 
>> On 26 August 2015 at 15:41, Mark Smith <markzzzsmith at gmail.com> wrote:
>> So I don't know the pricing or specs of any of the routers mentioned, but
>> isn't one of the theoretical benefits of virtualization that you can run as
>> many instances as you like, which also means you can also "right-size"?
>> 
>> In other words, don't try to share a single virtual router between many
>> people, give them each their own.
>> 
>>> On 26 Aug 2015 23:54, "Chris Bennett" <chris at ceegeebee.com> wrote:
>>> 
>>>> I would like to try and do it in a scalable way, as we are thinking
>>>> we may have to allocate each customer a VLAN instead of using a
>>>> common VLAN, but just wanted to see if anyone had any thoughts on
>>>> other ways to do this?
>>> 
>>> Assuming you have it or can afford it, you can do private vlans with
>>> the Nexus 1000V (on KVM or VMware), or VMware's vNetwork Distributed
>>> Switch (VDS).
>>> 
>>> Otherwise you could implement ACL's on virtual firewall products that
>>> sit between the vNIC and vSwitch (there are a few to choose from).
>>> 
>>> Regards,
>>> 
>>> Chris
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>> 
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


More information about the AusNOG mailing list