[c-nsp] Management stuff in VRFs

Jerome Durand jdurand at renater.fr
Thu Sep 3 04:17:02 EDT 2009


We went in that direction in our latest deployment and discovered also 
that many pieces were missing in IOS and IOS-XR to have full management 
in a dedicated VRF for all our devices.

At this stage we have the VRF but not all management goes there... so 
there is more complexity and network is no more secure... I must admit 
IOS-XR gives us more troubles as more management features are missing in 
VRF's.

Maybe for a pure IOS network there could be an added value (?)

Regards,
Jerome





Peter Rathlev a écrit :
> I'm a little curious since there have been so many threads about running
> management stuff in VRFs. I've until now considered VRFs something for
> customers only; management is in the global table.
> 
> Is management from a VRF to be considered "best practice"?
> 
> What are the benefits from using a VRF for this?
> 
> I assume everyone uses infrastructure ACLs so the VRF thingy shouldn't
> be any more "secure". Or should it?
> 
> Regards,
> Peter
> 
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
-------------------------------------------------------------
Jerome Durand

Responsable des services aux usagers
Services operations & support manager

             Réseau National de Télécommunications
      pour la Technologie, l'Enseignement et la Recherche

Tel:    +33 (0) 1 53 94 20 40  |  GIP RENATER
Fax:    +33 (0) 1 53 94 20 41  |  c/o ENSAM
E-mail: jdurand at renater.fr     |  151 Boulevard de l'Hôpital
http://www.renater.fr          |  75013 PARIS
--------------------------------------------------------------



More information about the cisco-nsp mailing list