[j-nsp] Interconnect two VRFs via L2 security box with redundant path

[Clarke Morledge]

Stefan,

I was just hunting through your blog for ideas when I saw your post :-)
Thanks for jumping in.   A few responses in-line below.....

On Tue, 24 Apr 2012, Stefan Fouant wrote:

> If that adjacency goes down, a simple floating static (static route w/ higher 
> preference than the dynamic BGP/IS-IS route) can be used pointing to 
> next-table will do the trick. No need to used Logical-Tunnels or use 
> auto-export.

If my two routers were directly connected all of the time, this would be 
fine.  But I'm also thinking of the case of when there might be another L3 
hop between the two routers.   I guess I could insert another floating 
static on the third router, but that just seemed to add a little more 
complexity to me.  I was hoping for a way to just let the dynamic routing 
protocols do the work for me instead of fooling with a bunch of statics 
with filter-based forwarding.   Don't get me wrong, I like FBF.  I was 
just hoping to leverage dynamic routing more.

> Of course, in your case you've got not just two VRFs but also an East and 
> West path which further complicates things - why not just connect the MX West 
> device into your L2 Packet Scrubber as well and keep things the same on both 
> the East and West device so that you can take full advantage of two planes. 
> This will keep configurations uniform regardless of whether traffic comes in 
> on the East or West devices.

I should have given the reason why I do not put the L2 scrubber between 
the two routers:  conservation of fiber.  I already have fiber connecting 
the routers in different wiring centers for traffic that does not need to 
be scrubbed.   Chewing up another set of strands is much more expensive 
than simply connecting both sides of the L2 scrubber to just one router in 
the same rack.

Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187