[c-nsp] Internet inside a VRF?

Derick Winkworth dwinkworth at att.net
Wed Mar 14 08:51:55 EDT 2012


If you run an MPLS network and are using MPLS to separate security zones within your network (such as a very large enterprise) then this makes perfect sense in the context of your design.

Sure, it can be solutioned otherwise.  The bottom line is:  POC it, buy enough RAM and CPU, and deploy what you POC.  If it works as expected without negative side-effects and its aligned with your overall design, then do it.

Otherwise, don't.

Honestly I wouldn't use anything less than RP2 w/16GB of RAM (a common theme in my posts here) and probably an ESP-40.  Again, for the on-board RAM setup... not the throughput.  

 
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/


________________________________
 From: Jose Madrid <jmadrid2 at gmail.com>
To: Dan Armstrong <dan at beanfield.com> 
Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net> 
Sent: Tuesday, March 13, 2012 8:17 PM
Subject: Re: [c-nsp] Internet inside a VRF?
 
I would like to understand why you guys would do this? What is the
reasoning behind this? Super granular control? Cant this level of
granularity be achieved with route-maps?

Sent from my iPhone

On Mar 13, 2012, at 8:27 PM, Dan Armstrong <dan at beanfield.com> wrote:

> We have all our Internet peers and customers inside a VRF currently, and our Cisco SE thinks we're stark raving mad, and should redesign and put everything back in the global table.
>
>
> This is all on ASR 9Ks and 7600s.
>
>
>
>
>
> On 2012-03-13, at 8:12 PM, Pshem Kowalczyk wrote:
>
>> Hi,
>>
>> On 14 March 2012 11:59, Dan Armstrong <dan at beanfield.com> wrote:
>>> I know this topic has been discussed a million times, but just wanted to get an updated opinion on how people are feeling about this:
>>>
>>>
>>> In a service provider network, how do people feel about putting the big Internet routing table, all their peers and customers inside a VRF?  Keep the global table for just infrastructure links…
>>
>> In my previous role we've done just that. One internet VRF for all
>> transit functions, separate vrfs for peering and customers and
>> import-export statements to tie them all together. All done on ASR1k
>> (mainly 1006, but a few of 1002 as well).
>>
>> kind regards
>> Pshem
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list