[AusNOG] Virtual routers that users can manage without interfering with other tenants
Nathan Brookfield
Nathan.Brookfield at simtronic.com.au
Wed Aug 26 14:32:02 EST 2015
Ben,
The best way to do this is as you suggested VLAN's with /31 routed interfaces to minimize IP use out of your subnet.
This means you can separate everyone and remove the chance of someone think they're smarter than they actually are :)
Nathan Brookfield
Chief Executive Officer
Simtronic Technologies Pty Ltd
http://www.simtronic.com.au
On 26 Aug 2015, at 14:29, Ben Thompson <ben at benthompson.id.au<mailto:ben at benthompson.id.au>> wrote:
Hi all,
Facing a challenge and looking for some ideas to get this right.
We have some customers who we want to let use some Cisco CSR1000V routers (or maybe Vyatta, haven't decided exactly which to go with yet), but I am struggling to work out a way to ensure a customer can login to the device if they want to do things like configure NAT or VPN, but not be able to change their external interface settings in a way that be able to impact other customers, as these would be on a common public network segment (by impact I mean things like using IP's we haven't allocated to them, or rogue proxy ARP messages, etc.)
I would like to try and do it in a scalable way, as we are thinking we may have to allocate each customer a VLAN instead of using a common VLAN, but just wanted to see if anyone had any thoughts on other ways to do this?
Thanks,
Ben
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150826/79e1086a/attachment.html>
More information about the AusNOG
mailing list