Re: [nsp] REG: MPLS Traffic engineering

From: Eric Osborne (eosborne@cisco.com)
Date: Tue Nov 07 2000 - 09:02:32 EST


On Tue, Nov 07, 2000 at 01:41:44PM +0000, Neil J. McRae wrote:
> > If you have an 'ip route vrf foo 0.0.0.0 0.0.0.0 1.2.3.4 global', then
> > all packets whose destinations are not in the vrf foo routing table
> > will be sent towards 1.2.3.4, as seen in the global table.
>
> I'd strongly recommend not doing this as it opens up some major
> security issues.

True, it's not a thing you do for every VPN. This knob is really only
useful when you want to provide both VPN and Internet connectivity in
the sae VRF. That sort of thing should be done carefully, but has its
uses.

eric



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:20 EDT