[c-nsp] Internet in VRF

Gert Doering gert at greenie.muc.de
Sun May 3 07:43:33 EDT 2015


Hi,

On Sun, May 03, 2015 at 11:07:10AM +0000, Adam Vitkovsky wrote:
> If you have the choice I'd definitely recommend Internet in a VRF.
> It provides resiliency, fast convergence and plethora of option or great freedom on how to implement internet services (think outside the box).

Thinking *in* the box, mixing your IPv4 Internet routing with MPLS operation
provides a number of extra surprises where things can blow up (... like,
"the NOC forgetting to enable MPLS on that new link"...).

So we consciously decided to have "Internet" not only not in a VRF but
also not labeled.

It has drawbacks (like, no automatic TE, no MPLS FRR) but for me, the main
point is "the junior networking engineers can do useful debugging when
they have understood IP routing and traceroute" - mix in MPLS, and you 
need to understand many more protocols and debugging can get way more
complex, especially for "oops, traffic is just disappearing, but *where*
along the path is the black hole?" scenarios.

"Plain IP routing" *does* provide fast convergence, btw, you just need
to run EIGRP :-) *duck and run*  (yes, I'm aware that things have vastly
improved in link state protocol land in the past 10 years, and stuff like
LFA is now even better)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150503/622f0ee6/attachment.sig>


More information about the cisco-nsp mailing list