Dear Experts,
I would like to enquire regarding about a scenario I am facing which is as
follows:
-I have two Core Switches (6509) having FWSM modules and running in VSS Mode
on one side which is connecting in fact the clients.
-I have another two core switches (6509) having FWSM modules/running in VSS
where the servers are connected (applications.etc).
An internal MPLS cloud will be built and the goal is to be able to keep the
traffic of clients seperate (using VRFs) i.e. every client has his own set
of servers/user subnets and those subnets will be put into a VRF. MBGP will
be run in order to share/isolate one customer's routes from another.
Now the question that comes to my mind is that FWSM doesn't support VRFs,
thus I won't be able to terminate the VLANs on the FWSM for security
policies. If I terminate the VLANs on the FWSM how will I be able to achieve
route isolation through VRF? The only solution I could think of is to use
multiple contexts on the FWSM (one per client) and every context outside
interface will be pointing to an SVI which will be in a certain VRF. However
I don't find this to be very practical.
I am not an expert on MPLS/VRFs, but all I need is to be able to do an
isolation of Routes into VRFs and use the security policies of FWSM at the
same time.
Your help will be greatly appreciated.
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Fri Nov 05 2010 - 00:33:40 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:55 ART