In a lot of companies I've set this up for the vrfs that need to communicate between each other but also a security policy applied we terminate the vrfs on a routed firewall in the same context, this way the traffic has to be permitted by the firewall for inter vrf communication! It seems to work well.
Sent from my iPad
On 21/10/2010, at 11:04 PM, Ram Hispren Shummoogum <hispren_at_gmail.com> wrote:
> Hi:
>
> I am looking for full config examples that talk about inter-vrf routing in
> DC.
> The service pattern doc at Cisco web site seems imcomplete and all over the
> place.
> Ex: If I have a vrf for my app server and a vrf for my DB server with
> transparent FW in between.(sandwich VDC approach)
>
> APP Srv---L3 Router(VDC2)----Trans-FW------L3 Router(VDC1). The DC service
> pattern doc shows the L3s in differnet VRF.
> I think they should be in the same VRF.
> How the L3 Router-VDC1 will reach the DB which is in a different VRF?
> They don't talk about route leaking or MBGP. I am not sure if there is
> another way to do this in DC.
>
> Sorry for the OT.
>
> Thanks
> Ben
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 21 2010 - 23:35:12 ART
This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:06 ART