[c-nsp] VPN Exchange

Phil Mayers p.mayers at imperial.ac.uk
Thu Jun 27 04:59:58 EDT 2013


On 06/26/2013 01:49 PM, harbor235 wrote:
> I wanted to start a discussion around the design of a "VPN Exchange" in a
> MPLS environment. For a particular organization that may possess numerous
> L3VPNs is there a standard design practice for inter VPN traffic flows?
> Obviously any such exchange would be a natural security enforcement point
> as well as other network services ( Internet, security, DMZ, IDS/IDP, etc
> ......) given that each VPN may have their own security requirements,
> preferences etc .....
>
>
> Is anyone doing this now?

Yes. We use multiple VRFs for security zoning, and pass inter-vrf 
traffic through firewalls. We do routing using BGP.

At one point it was novel, but I think it's pretty common now.

I'm not really sure what you mean by "standard design practice for inter 
VPN traffic flows". It's just routing.


More information about the cisco-nsp mailing list