Re: Cogent Layer 2

[Ryan Hamel <ryan () rkhtech org>]

All carrier Ethernet services are tunnels provided by VPLS Psuedowire or VXLAN services. Did you really expect a VLAN 
to be layer 2 switched everywhere?

Ryan
On Oct 14 2020, at 11:03 am, Rod Beck <rod.beck () unitedcablecompany com> wrote:
> I always heard this service was really Layer 3 disguised as Layer 2.
>
>
> From: NANOG <nanog-bounces+rod.beck=unitedcablecompany.com () nanog org> on behalf of Ryan Hamel <ryan () rkhtech org>
> Sent: Wednesday, October 14, 2020 7:54 PM
> To: Mike Hammett <nanog () ics-il net>
> Cc: nanog () nanog org <nanog () nanog org>
> Subject: Re: Cogent Layer 2
>
>
> Mike,
>
> Layer 2 is fine once it works.
> You will have to put up with whatever VLAN tags they pick, if you plan on having multiple virtual circuits on a 10G 
> hub.
> They do like to see into the flows of traffic, as they only allow up to 2Gbits/flow, per there legacy infrastructure.
>
> If the circuit doesn't work on turn up (which is more than likely), you'll have to be abrasive with their NOC and 
> demand escalations.
>
>
> IMO, if it's 1Gbit or less per circuit and can deal with ^, you're fine, otherwise look for another carrier.
>
> -----
> Below is what I got from Cogent about their layer 2:
> We offer Ethernet over MPLS transport utilizing Cisco FAT Pseudowire (Flow Aware Transport). Our service is a fully 
> protected service, so if we suffer a fiber cut or other disruption along the primary path, our IS-IS IP fast-reroute 
> enabled MPLS backbone will swing all traffic over to another pre-determined path across our backbone with usually no 
> packet loss or disruption in service.
> In order for our service to work correctly and provide the automatic redundancy, we need to verify that the traffic 
> traversing the network can be hashed correctly by our routers. For this to happen, Cogent has to see the src-dst IP 
> address or if you are running MPLS over the circuit, we need to see your MPLS labels. The hashing works by placing 
> each flow of data on a separate 10GE or 100GE interface between the routers, so that traffic is evenly dispersed 
> across all available capacity along the path. A flow is defined as a src-dst IP pair or a customer MPLS label, so the 
> more IP pairs or MPLS labels, the better the traffic load-balances. Cogent has decided to impose a 2Gbps/flow 
> restriction for our own traffic engineering purposes, which aim to make sure that no single customer can overrun a 
> 10GE interface anywhere on our network (since we do not sell 10GE Wave services).
> The reason we have the limitation in place is for our own traffic engineering purposes, which aims to make sure that 
> no single customer can overrun a 10GE interface anywhere on our network (since we do not sell 10GE Wave services). 
> Since most uplinks between routers are Nx10GE or Nx100GE, we want to make sure that all customer traffic can be 
> load-balanced across the uplink capacity evenly, which makes it easier to reroute traffic in the event of a fiber cut 
> or other disruption. One would think that with 100GE interfaces, it would not be possible to overrun the interface if 
> we allowed full 10Gbps/flow, however most 100GE interfaces, at the chip level are broken down into 10Gbps lanes and 
> the interfaces do not have a way to easily determine that a lane through the interface is at capacity, so as new 
> flows enter the interface, they could get allocated to a lane that is already full and therefore experience packet 
> loss.
> So that we can complete our technical review for this request, need the following questions answered:
> 1 - What equipment will be directly connected to Cogent interface?
> 2 - How are the servers/equipment behind the edge device connected, GE or 10GE interfaces?
> 3 - Will you be doing any type of tunneling or load-balancing that would hide the src-dst IP addresses or MPLS labels 
> of the servers/equipment?
> 4 - Will any single data flow (src-dst IP pair or MPLS label) be more than 2Gbps?
> 5 – What is the purpose of the connection? (Internet traffic backhaul, data center connectivity, replication, 
> extending point-of-presence, etc..)
> 6 – Will you be running MACSec over our L2 service?
> 7 – Will you need to pass multiple VLANs and/or Jumbo frames?
> ----------
> Ryan
> On Oct 14 2020, at 10:36 am, Mike Hammett <nanog () ics-il net> wrote:
> > Are any legitimate beefs with Cogent limited to their IP policies, BGP session charges, and peering disputes? 
> > Meaning, would using them for layer 2 be reasonable?
> >
> >
> >
> > -----
> > Mike Hammett
> > Intelligent Computing Solutions (http://www.ics-il.com/)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Midwest Internet Exchange (http://www.midwest-ix.com/)
> >
> >
> >
> >
> >
> >
> >
> > The Brothers WISP (http://www.thebrotherswisp.com/)