[c-nsp] Management stuff in VRFs
Clinton Work
clinton at scripty.com
Wed Sep 2 17:59:02 EDT 2009
A management VRF is attractive from best practice perspective, but full
management support like using the global routing table is lacking in
Cisco IOS. I have enhancement CSCsu22476 open to support selecting the
syslog source interface when using VRF aware syslog (IOS 12.4T). While
not always practical for full Internet routes, I would recommend using
the global routing table for mgmt and putting all the customer traffic
in a VRF. There are also many Cisco IOS features which only work in the
global routing table making a management VRF more attractive.
Peter Rathlev wrote:
> I'm a little curious since there have been so many threads about running
> management stuff in VRFs. I've until now considered VRFs something for
> customers only; management is in the global table.
>
> Is management from a VRF to be considered "best practice"?
>
> What are the benefits from using a VRF for this?
>
> I assume everyone uses infrastructure ACLs so the VRF thingy shouldn't
> be any more "secure". Or should it?
>
More information about the cisco-nsp
mailing list