[c-nsp] Internet vrf, pros and cons

Tima Maryin tima at transtelecom.net
Wed May 7 04:25:31 EDT 2008


Hi!


Pros:
Security. You can make device management based on private addresses like 
10./172. So no one ever can get remote access to your routers from internet.

Cons:
Memory consuption on routers.
Each full view will consume more router's ram that usual.
A bit more annoying troubleshoot - you need to type ping vrf, trace vrf and so on

Works well on NPE-G1, IOS bases GSR's



Mark Tech wrote:
> Hi
> We area going to deploy a new MPLS network which will be used for Internet customers and IP/VPN customers. I understand that there are two options with running these networks:
> 1. Run the internet natively across all boxes and secure them down against DoS attacks etc
> 2. Create an Internet VRF whereby all internet traffic is simply seen as a large IPVPN network, thereby utilising some of the inherent security factors associated with IPVPNS
> My question is whether anyone has other pros and cons from real life experience, associated with the two options previously stated.
> I would like to add that the platforms will be provisionally Cisco 6500s with SUP720s (edge) and Cisco XR 12406's (core)
> Regards
> Mark
> 



More information about the cisco-nsp mailing list