[c-nsp] virtual router on a cat4500

Arie Vayner ariev at vayner.net
Mon Jan 18 16:08:57 EST 2016 

This should work with no major issues.

I would consider making the firewall a layer 3 hop, and use something like
VRRP for redundancy and maybe use BGP as the routing protocol... But these
are just options. I personally don't like layer 2 firewalls, and there
might be design complications due to spanning tree in a redundant mode...

Another interesting approach for easy redundancy is to make the pair of
4500's a logical VSS node.
https://supportforums.cisco.com/document/124626/virtual-switching-system-vss-configuration-cisco-4500-series-switches

If you intend to run OSPF with VRF-lite, you need to enable "capability
vrf-lite"
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ew/configuration/guide/config/vrf.html

HTH
Arie


On Mon, Jan 18, 2016 at 11:41 AM Eli Kagan via cisco-nsp <
cisco-nsp at puck.nether.net> wrote:

> Hi all,I need community feedback about carving a virtual router instance
> out of Cat4507r+e Sup7-e. Let me explain. I have a pair of said Cat4507
> running as distribution switches. I need to add two new routers to
> terminate MPLS VPN connection. Currently this connection terminates on a
> firewall, which is not ideal and I would like to change it. Hence, two new
> routers. And then I thought, why not create a vrf on the catalyst and use
> it as my CE. All I need is two interfaces, BGP and OSPF. So physically I
> would still have same Cat4507 but logically it would be   [L3 distribution]
> --- [ firewall ] --- [ mpls ce ]where distribution is the default VRF on
> the Cat4507 and CE is the new VRF on the same Catalyst.Any reasons why I
> should not do it?One concern I have is running OSPF between these two
> VRFs.Any insight would be greatly appreciated.Thanks,Eli
>
>
> ---------- Forwarded message ----------
> From: Eli Kagan via cisco-nsp <cisco-nsp at puck.nether.net>
> To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Cc:
> Date: Mon, 18 Jan 2016 14:41:31 -0500 (EST)
> Subject: [c-nsp] virtual router on a cat4500
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list