Re: OT - vrf through asa from Ronnie Angello on 2013-02-21 (Ccielab archives 02/2013)

From: Ronnie Angello <ronnie.angello_at_gmail.com>
Date: Thu, 21 Feb 2013 11:47:21 -0500

Nice number ;)

On Thu, Feb 21, 2013 at 11:33 AM, Brian McGahan <bmcgahan_at_ine.com> wrote:

> Why does it need to be routed?
>
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security), CCDE 2013::13
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> On Feb 21, 2013, at 7:59 AM, "Tony Singh" <mothafungla_at_gmail.com> wrote:
>
> > Gilles
> >
> > Thought so cheers will check it out...
> >
> > If we do have contexts still the ASA has only max 2 ospf processes, not
> > scalable in that regard...?
> >
> > Ryan - need to have it routed bro
> >
> >
> > On 21 February 2013 13:40, Gilles Fabre <fabre.gilles_at_voila.fr> wrote:
> >
> >>
> >> If I remember well, dynamic rouiting support in multi-context was one
> >> major enhancement of 9.0 version
> >> ASA.8.x supported only static routing when configured with contexts
> >>
> >> RD/RT won't be transmitted except you use MP-BGP
> >> Contexts only allow segmentation of security domlains in relation with
> VRF
> >> routing domains (more to be used with VRF-lite setups in my mind)
> >>
> >>
> >>
> >>
> >>> Message du 21/02/13 ` 14h31
> >>> De : "Tony Singh"
> >>> A : "Carlos G Mendioroz"
> >>> Copie ` : "Cisco certification"
> >>> Objet : Re: OT - vrf through asa
> >>>
> >>> Hi Carlos
> >>>
> >>> The thought did cross my mind, im sure I did see something about
> dynamic
> >>> routing being supported in multi-context mode, I may have been dreaming
> >>> however as can't find nothing on this...
> >>>
> >>> It might not be required depending on the way you set the context's up,
> >>> will check Brian's video again..
> >>>
> >>> Question in vrf-lite how does the RD/RT get exported? is it within the
> >> ospf
> >>> multicast dbd? I know with MPBGP it is transported in the extended
> >>> communities value packet, confused on this bit..and would the ASA
> ignore
> >>> the RD/RT but look at the source/dest ipv4 addr
> >>>
> >>> Thanks bro!
> >>>
> >>> Tony
> >>>
> >>>
> >>> On 21 February 2013 12:34, Carlos G Mendioroz wrote:
> >>>
> >>>> You may try 2 contexts, and have different routing domains
> >>>> (inbound/outbound) in each ?
> >>>> -Carlos
> >>>>
> >>>> Tony Singh @ 21/02/2013 09:29 -0300 dixit:
> >>>>
> >>>>> can get this working from PE > CE > Switch > trunk > trunk > Switch >
> >> CE >
> >>>>> PE
> >>>>>
> >>>>> any solution available going through ASA say if I wanted to do IPS
> >> DPI and
> >>>>> other
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On 21 February 2013 12:02, Tony Singh wrote:
> >>>>>
> >>>>>
> >>>>>> Hi
> >>>>>>
> >>>>>> I know ASA's are not vrf aware unless latest code supports this...
> >>>>>>
> >>>>>> I have customer routing tables separated by vrf's CE to PE is MPBGP,
> >> and
> >>>>>> IGP is OSPF vrf-lite on CE's
> >>>>>>
> >>>>>> Is there anyway to get the customer traffic through the ASA's
> >>>>>> dynamically,
> >>>>>> max OSPF processes the ASA's support is 2
> >>>>>>
> >>>>>> Is their any benefit in passing this traffic through the ASA's
> >>>>>>
> >>>>>> what would you guys do?
> >>>>>>
> >>>>>> Topology
> >>>>>>
> >>>>>> Site 1 PE > CE > ASA > Switch > trunk > trunk > Switch > ASA > CE >
> >> PE
> >>>>>> Site 2
> >>>>>>
> >>>>>> Thanks in advance
> >>>>>>
> >>>>>> Tony
> >>>>>>
> >>>>>
> >>>>>
> >>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>
> >>>>> ______________________________**______________________________**
> >>>>> ___________
> >>>>> Subscription information may be found at:
> >>>>> http://www.groupstudy.com/**list/CCIELab.html
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>> --
> >>>> Carlos G Mendioroz LW7 EQI Argentina
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >> ___________________________________________________________
> >> Qu'y a-t-il ce soir ` la tili ? D'un coup d' il, visualisez le programme
> >> sur Voila.fr http://tv.voila.fr/programmes/chaines-tnt/ce-soir.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 21 2013 - 11:47:21 ART

This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 07:57:58 ART