Pshem Kowalczyk pshem.k at gmail.com
Tue Feb 24 22:36:11 EST 2009


2009/2/25 Joe Maimon <jmaimon at ttec.com>

> There are apparently three approaches to trafficking between VRF's.
> - configuration route leakage, static routes, route-maps and whatnot
> All hacks in my opinion.
> - physical crossover between two devices, vrf A in device A becomes vrf B
> in device B
> Which is actually a degenerate or optimized instance of the following:
> - crossover in the same device
> This can be done as per your tunnel example.
> You can also do this with physical ports, with a l2/l3 switch architecture
> its not as conveniently done however, since you would need to cross connect
> one access port in one vlan to another access port in another vlan.


I think that you're missing one other possibility  (which may or may not
suit you) - putting all of your routing into vrfs and doing the normal
leaking between the vrfs.  This way you can retain the level of granularity
you want (any particular interface might be either in the vrf that has only
the 'public' internet or in the 'special' vrf, that has access to the
premium routes).

For smaller installation you probably don't even need to run MPLS - simply
vlans or GRE tunnels can vrf lite should suffice.
Obviously you might have to keep full bgp feed in a vrf which some people
regard as a no-no.

kind regards

More information about the cisco-nsp mailing list