[j-nsp] Need some advice
Keegan Holley
keegan.holley at sungard.com
Tue Dec 7 11:16:12 EST 2010
Very ugly. Evil in fact. You should beat yourself for even entertaining
the thought. j/k What does this decision buy you? I'm not sure I
understand your network enough to say whether or not you should do it, but I
can tell you you're not the first person that ever needed to run BGP with a
device that does stateful firewalling.
On Tue, Dec 7, 2010 at 10:27 AM, Johan Borch <johan.borch at gmail.com> wrote:
> Hi,
>
> I'm no expert on this and this list seems to have a horde of them :)
>
> I have a quite simple setup where each customer is assigned a VRF, to that
> VRF office connections, leased lines, vpn, server network etc is connected,
> I run ospf inside the VRF. Usually each customer have an uplink to a
> central
> firewall, where shared services like dns, Internet are connected. My
> question is, is it ugly/wrong/../ to run BGP from customer "core" (VRF) to
> the firewall and use private ASN's? My idea is to see the customer VRF as
> their internal network and the firewall as an external entity.
>
> Regards
> Johan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
More information about the juniper-nsp
mailing list