[c-nsp] Logical Router Segmentation

Skeeve Stevens skeeve at skeeve.org
Sun Jan 11 16:40:20 EST 2009


Speaking on VRF-Lite.

What is the easiest way to link two VRF's on two separate routers in layer 2
- so each VRF can see the arp and so on from the other?

...Skeeve

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Chris Burwell
Sent: Monday, 12 January 2009 8:15 AM
To: Derick Winkworth
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Logical Router Segmentation

More than likely we will go in the direction of adding an additional
layer 3 device off of the external interface of our firewall. We will
use this layer 3 device to make the decision as to which interface the
traffic should be forwarded onto.

We could probably accomplish this with a Procurve layer 3 switch,
which can handle the basic routing as well as the traffic for a
minimal amount. Everything is still up in the air right now. I still
need to have several meetings with both our proposed ISP as well as
the network admin from the IU. From there I should have the proper
information to make a solid recommendation.

As I said before, I will report back what I find about HPs support of
VRF-Lite (or something similar).

- Chris

On Sun, Jan 11, 2009 at 1:58 PM, Derick Winkworth <dwinkworth at att.net>
wrote:
> Juniper supports it well.  The EX series 1U switches are pretty decent
> actually.
>
> But, again... he might be able to get this done without VRFs...
>
> Brad Hedlund (brhedlun) wrote:
>> The term "VRF-Lite" comes from when Cisco started delivering VRF
>> capabilities across all Catalyst L3 platforms, even the low end.
>>
>> Many vendors do support VRF on their high end routers and switches,
>> but few have comprehensive VRF support from the high end all the to
>> the low end.
>>
>> MBGP is not required for L3 VPN's. That's the beauty of VRF-Lite end
>> to end.  A customer can deploy a handfull of L3 VPN's within their own
>> campus without MPLS or BGP.
>>
>> Sent from my iPhone
>>
>> Brad Hedlund
>>
>>
>> On Jan 11, 2009, at 10:20 AM, "Brandon Bennett" <bennetb at gmail.com>
>> wrote:
>>
>>> Vrf-lite is just a Cisco term for utilizing VRFs when no MPLS is
>>> present.   Any vendor who supports VRFs support "VRF-lite".
>>>
>>> In all honesty it's a stupid term as VRF technology isn't tied to
>>> MPLS at all.   Yes vrf is required for l3 vpns but so is mBGP and we
>>> don't have mBGP-lite :)
>>>
>>> -Brandon
>>>
>>> Sent from my iPhone
>>>
>>> On Jan 10, 2009, at 10:58 AM, Brad Hedlund <brhedlun at cisco.com> wrote:
>>>
>>>> On 1/10/09 8:57 AM, "Chris Burwell" <cburwell at gmail.com> wrote:
>>>>
>>>>> I am fairly certain the 8212zl can accomplish what was described here,
>>>>> the problem will be finding documentation on how to configure
>>>>> everything.
>>>>
>>>> Chris,
>>>> I would be curious to see what you come up with.  The 8212 feature
>>>> list on
>>>> HP's website doesn't show anything similar to VRF-Lite.  I'm pretty
>>>> sure
>>>> VRF-Lite like capabilities are unique to Cisco.  Let me know if you
>>>> find
>>>> otherwise.
>>>>
>>>>
>>>> Cheers,
>>>> Brad Hedlund
>>>> bhedlund at cisco.com
>>>> http://www.internetworkexpert.org
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> ------------------------------------------------------------------------
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG - http://www.avg.com
>> Version: 8.0.176 / Virus Database: 270.10.5/1886 - Release Date:
1/10/2009 6:01 PM
>>
>>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list