Welcome back Nerds, Geeks, and Ziglets for another episode of the Zigbits Network Design Podcast (ZNDP), where Zigabytes are faster than Gigabytes. As always our goal is to provide you with real world context around technology. I’m Michael Zsiga, also known as Zig, and I am your host. Our Guest Expert for today’s show is Jody Lemoine and our topic of discussion is Multi-tenant Franchisee Network Design!
1. High level summary of technology solution
Essentially, we’re talking about a migration of a simple dual-hub, dual-network DMVPN topology to a multi-tenant (franchisee) network with isolated networks over the same topology. This is a variant of Cisco’s 2547oDMVPN solution that permits direct spoke-to-spoke connectivity rather than running everything through the hub.
2. High level business requirements, constraints, and drivers (00:06:11)
- The need to receive fast food orders from a central on-line ordering system, hosted at two collocations facilities.
- The requirement for franchisees to connect to any of their store locations from any other store location that they own.
- Continued use of commodity Internet connectivity: PPPoE/DHCP/Static DSL/Cable/3G/4G
- Re-use of existing hardware: Cisco 3800 ISR hubs and Cisco 87x spokes.
- Low-margin, high volume food sales in a franchisee model required that the solution be inexpensive to implement and operate.
- Inability (no budget) to change the base technology to accommodate new requirements.
- Wide distribution of franchisee locations, ranging from major metropolitan centers (Toronto/Vancouver/&c) to tiny communities on the shores of the Arctic Ocean (Inuvik/Iqaluit/&c) required a technology that would work over almost any Internet transport.
3. Detailed breakdown of technical solution chosen and implemented (00:15:04)
- How are you handling Next hop lookups?
- How are you handling the label distribution and why?
- Why did you go with DMVPN Phase 2 verse Phase 3
- What services are you hosting?
- How many RT, RD, and VRFs are there?
- How are you handling the RT, RD, and VRF management
- Is there a VRF design, with internet access and shared services
- How many Spokes are there?
- How many people are there on staff to manage this solution
4. Full list of technical solutions that were compared (00:38:43)
- For the initial implementation, traditional policy-based IPSec was considered
- EZ-VPN IPSec connections were considered, but rejected due to authentication management overhead
- DMVPN (phase 1) eventually won out because of the quick fail over provided by routing protocols vs SA failover.
Hosted By: Michael “Zig” Zsiga
Guest Expert: Jody Lemoine
How to stay engaged with Jody:
- Website: http://www.ghostinthenet.info
- Twitter: https://twitter.com/ghostinthenet
- LinkedIn: https://www.linkedin.com/in/jodyl/
Ask questions and give feedback
- You can leave a comment in the show notes
- You can leave a voicemail at (617) 913-4103
- You can email us at Feedback@zigbits.tech
Engage with Zigbits further:
- Subscribe to the podcast on an iPhone or on an Android
- Follow Zigbits on Twitter!
- Follow Zigbits on LinkedIn!
Engage with me further:
This post may contain affiliate links to products or services were I may receive a level of compensation from your actions by following those links. This is seamless to you and does not add any additional cost to the products or services in question. In addition, I do not let any affiliate relationship cloud my judgement or my recommendation of a product or service. My recommendations will always be above reproach. This is my commitment to you Ziglets!