[AusNOG] Management VRF
Joseph Goldman
joe at apcs.com.au
Thu Dec 11 12:59:20 EST 2014
Personally - we have public routes / customer routes etc in 'no' VRF (or
the main routing table) then create a VRF for management either on a
VLAN interface or a dedicated interface. We run RFC1918 addressing then
have a VPN front end for outside access for management if required.
We tend to run it across the same routers and switching so its not full
separate protection, just protects against mistake in firewalling or
routing locking out of devices. Our network isn't overly large or
complex either which aids in that decision.
On 11/12/14 12:47, Ben Hohnke wrote:
> Hi Noggers,
>
> I've been doing a little research around management VRF's, mainly for
> splitting my company's network management traffic into it's own VRF,
> to shield it from any potential routing issues.
> I know some of our kit, such as the Cisco ASR 1001 and cat4948's have
> dedicated management ethernet interfaces locked in a management VRF.
>
> At this stage I see two common options:
> Management traffic in a VRF with RFC1918 addressing, and
> Management traffic in the global routing table, with customer traffic,
> with BGP etc in a VRF (i.e, turn it all "inside out")
>
> I'm curious to see others thoughts on this, and what implementations
> you've all put in place out there?
>
> Thanks,
>
> Ben
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141211/a3aa002e/attachment.html>
More information about the AusNOG
mailing list