[c-nsp] Management stuff in VRFs

Jerome Durand jdurand at renater.fr
Thu Sep 3 04:17:02 EDT 2009

We went in that direction in our latest deployment and discovered also 
that many pieces were missing in IOS and IOS-XR to have full management 
in a dedicated VRF for all our devices.

At this stage we have the VRF but not all management goes there... so 
there is more complexity and network is no more secure... I must admit 
IOS-XR gives us more troubles as more management features are missing in 

Maybe for a pure IOS network there could be an added value (?)


Peter Rathlev a écrit :
> I'm a little curious since there have been so many threads about running
> management stuff in VRFs. I've until now considered VRFs something for
> customers only; management is in the global table.
> Is management from a VRF to be considered "best practice"?
> What are the benefits from using a VRF for this?
> I assume everyone uses infrastructure ACLs so the VRF thingy shouldn't
> be any more "secure". Or should it?
> Regards,
> Peter
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

Jerome Durand

Responsable des services aux usagers
Services operations & support manager

             Réseau National de Télécommunications
      pour la Technologie, l'Enseignement et la Recherche

Tel:    +33 (0) 1 53 94 20 40  |  GIP RENATER
Fax:    +33 (0) 1 53 94 20 41  |  c/o ENSAM
E-mail: jdurand at renater.fr     |  151 Boulevard de l'Hôpital
http://www.renater.fr          |  75013 PARIS

More information about the cisco-nsp mailing list