[c-nsp] Internet vrf, pros and cons
Mark Tinka
mtinka at globaltransit.net
Tue May 6 22:59:27 EDT 2008
On Wednesday 07 May 2008, Rubens Kuhl Jr. wrote:
> The issue with VRFs is that it can't do policy routing,
> because it's already a routing table selection... I agree
> that box security should be taken care with CoPP. Put
> Internet customers on the main VRF, but carefully design
> ACL, policy-routing and CoPP to reach your security
> goals. VRFs are great with overlapping IP spaces, but on
> the Internet where everybody on the world agrees on an
> addressing plan, just use plaing routing.
I agree with this - having global (Internet) routes in a
VRF, I think, adds complexity.
One situation where we have considered doing this is when we
want a specific PE router to have access to only a specific
set of routes on a public border router. Other than that,
we keep it quite simple :-).
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: This is a digitally signed message part.
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080507/29784580/attachment.bin
More information about the cisco-nsp
mailing list