[c-nsp] Management stuff in VRFs
Jerome Durand
jdurand at renater.fr
Thu Sep 3 04:17:02 EDT 2009
We went in that direction in our latest deployment and discovered also
that many pieces were missing in IOS and IOS-XR to have full management
in a dedicated VRF for all our devices.
At this stage we have the VRF but not all management goes there... so
there is more complexity and network is no more secure... I must admit
IOS-XR gives us more troubles as more management features are missing in
VRF's.
Maybe for a pure IOS network there could be an added value (?)
Regards,
Jerome
Peter Rathlev a écrit :
> I'm a little curious since there have been so many threads about running
> management stuff in VRFs. I've until now considered VRFs something for
> customers only; management is in the global table.
>
> Is management from a VRF to be considered "best practice"?
>
> What are the benefits from using a VRF for this?
>
> I assume everyone uses infrastructure ACLs so the VRF thingy shouldn't
> be any more "secure". Or should it?
>
> Regards,
> Peter
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
-------------------------------------------------------------
Jerome Durand
Responsable des services aux usagers
Services operations & support manager
Réseau National de Télécommunications
pour la Technologie, l'Enseignement et la Recherche
Tel: +33 (0) 1 53 94 20 40 | GIP RENATER
Fax: +33 (0) 1 53 94 20 41 | c/o ENSAM
E-mail: jdurand at renater.fr | 151 Boulevard de l'Hôpital
http://www.renater.fr | 75013 PARIS
--------------------------------------------------------------
More information about the cisco-nsp
mailing list