Hi everyone, i have datacenter of hosting , my company gives services to customers on the cloud.
for example: companies makes DR of their websites on my datacenter, they connect my datacenter with ISP VPN"S
my data center have 2 nexus 7K as backbones that connect our servers , FW , internet Routers and so on..
the poing that we have servers of vmwares on esx machines that have few ports that connected to our nexus with vpc's but this is not the point... the point is that these servers have many customers of them.
on the nexus i give vlan for any customer and trunk it to the servers and on the servers each customer have its own vlan and own server on vmware.
if customers have on their sites router or fw and connect it to my data center its easy as we are working on layer 3.
the problem began when customer wants his lan on my side.. means he want to connect my data center with layer 2 connection directly to his servers, means to my nexus as this is the eqipment that connect the vmware servers... the problem is that the virtual servers are shared infostructures.. the same ports at the nexus for many customers.
how should i connect customer to his server on my side (my vmware servers) at layer 2?? should i connect him directly switch to switch (sound dnagerous even if am using bpdufilter and stormcontrol broadcast and so on...
i did lab on gns that i added router to the topology between the wan switch and the nexus and used xconnect pseduwires to connect each customer, and vrf lite to make layer 3 connection. but i guess this is the same risk
please advice me what to do??? what is the best practice???
if somone wants to see the topology i can send by mail