Comcast ENS design advice


Our company used to be hub and spoke with cable modems and firewall site to site tunnels. We have now invested in Comcast ens service.
ENS, is diff than EDI. ENS is a wan, mpls type of circuit where as edi is pure fiber out to the internet, just for you guys who didnt know.

So there are 20 sites. They all point back to one site, lets call it our data center, where are actual ISP is. Just to clarify, Comcast is the wan provider but the service stops once it gets to the data center site. Then there is a separate isp connection that takes that traffic to the internet.

my question,
there are two types of the ens service. one involves trunking, where the tags are carried from the individual sites and the other (ours) is essentially one large layer 2 network and we have to manage the layer 3 portion of it. I would like some advice, best practice, traffic optimal advice on how to design the subnet structure.

2 quick notes
*i know a backup connection is optimal, but that is not a problem right now
*we would like for the firewalls to stay at the local school site since we bought then, and also there is a supermassive giant firewall at the data center. Thank you
Who is Participating?
Based on this picture:

I would make each site its own subnet, or subnets depending on their setup.

Then on every sites CPE's I would create a routing only subnet that uses the Comcast network as the L2 network.

Each site would use point to the CPE at their site as the default route, except for your central site.  That would use it's Internet connection as its default route.  

This way no each site is basically its own network and traffic stays local unless it has to go to another site or the Internet.
mrbayItAuthor Commented:
thats what i was thinking. And then not put any servers or machines on the routable subnet right?
That is correct.  The only thing on the routing network are your L3 devices.  I don't know how your IP addressing currently is setup or how big the sites are, but I would setup subnets large enough that you can use static IP routing.

Maybe something like each site gets their own /16, which should be big enough for all but the largest sites.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.