[c-nsp] VPN Exchange
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 27 04:59:58 EDT 2013
On 06/26/2013 01:49 PM, harbor235 wrote:
> I wanted to start a discussion around the design of a "VPN Exchange" in a
> MPLS environment. For a particular organization that may possess numerous
> L3VPNs is there a standard design practice for inter VPN traffic flows?
> Obviously any such exchange would be a natural security enforcement point
> as well as other network services ( Internet, security, DMZ, IDS/IDP, etc
> ......) given that each VPN may have their own security requirements,
> preferences etc .....
>
>
> Is anyone doing this now?
Yes. We use multiple VRFs for security zoning, and pass inter-vrf
traffic through firewalls. We do routing using BGP.
At one point it was novel, but I think it's pretty common now.
I'm not really sure what you mean by "standard design practice for inter
VPN traffic flows". It's just routing.
More information about the cisco-nsp
mailing list