[c-nsp] Multiple VRFs into common 'internet' gateway
Jeff Kell
jeff-kell at utc.edu
Thu May 29 16:07:14 EDT 2008
We're in the planning process for a better way to get multiple VRFs
meshed into a common 'internet' gateway, preferably without
unintentional cross-leakage between them.
There are brute-force methods (run them all to the edge) but we really
do need to have some leakage across certain VRFs.
For "full" leakage we just import/export RDs at the PE.
We have a temporary workaround with an ASA taking a tagged vlan from
each VRF as a separate logical interface, but this is a little messy.
Takes lots of static routes, and anything we do leak across has to
bounce out the the ASA and back again.
It would appear that a FWSM in the PE could do this. Has anyone been
down this road that would be willing to share some
notes/pointers/warnings/war stories?
Thanks in advance,
Jeff
More information about the cisco-nsp
mailing list