Hi,
If I have Org1 and Org2 and Org3 as best practices and from security perspective to map each org to external network ?
As you know external networks can be shared with multiple tenants,from a SP perspective it is recommended to have unique ext network for each tenant with different VLAN ID(Virtual Switch Tagging) ,configure 802.1q trunking on switches and finally allocate pool of IP's to each tenant external pool is what i would suggest.
May i know what security you are looking for each org and external network ? Based on that i can give you suggestions.
Thank you SreecSreec
I will put the question in other way If you are SP and have 3 diff Org for 3 diff companies would you use one external Network or 3 external networks?
As you know external networks can be shared with multiple tenants,from a SP perspective it is recommended to have unique ext network for each tenant with different VLAN ID(Virtual Switch Tagging) ,configure 802.1q trunking on switches and finally allocate pool of IP's to each tenant external pool is what i would suggest.
Thank you
SreecSreec
Back again the question, as you said "it is recommended to have unique ext network for each tenant" those unique ext networks will be linked to one PortGroup or unique Portgrops in VDS ? I would like to know what is the most common with SP in regards to VDS?
Unique port-groups in DVS is a better approach,rather than putting all the external traffic in pipe. How you isolate in physical layer is your choice,same l2/l3 domain etc with additional security.