[j-nsp] Need some advice

Keegan Holley keegan.holley at sungard.com
Tue Dec 7 11:16:12 EST 2010

Very ugly.  Evil in fact.  You should beat yourself for even entertaining
the thought.  j/k  What does this decision buy you?  I'm not sure I
understand your network enough to say whether or not you should do it, but I
can tell you you're not the first person that ever needed to run BGP with a
device that does stateful firewalling.

On Tue, Dec 7, 2010 at 10:27 AM, Johan Borch <johan.borch at gmail.com> wrote:

> Hi,
> I'm no expert on this and this list seems to have a horde of them :)
> I have a quite simple setup where each customer is assigned a VRF, to that
> VRF office connections, leased lines, vpn, server network etc is connected,
> I run ospf inside the VRF. Usually each customer have an uplink to a
> central
> firewall, where shared services like dns, Internet are connected. My
> question is, is it ugly/wrong/../ to run BGP from customer "core" (VRF) to
> the firewall and use private ASN's? My idea is to see the customer VRF as
> their internal network and the firewall as an external entity.
> Regards
> Johan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list