VRF Best Practice: LAN only VRF, Mgmt VRF, Global Routing table or VRF?

wrichmond · ‎03-04-2008

I am setting up a routed LAN (not a WAN) environment on two 6500 switches (sup-720). My goal is to create 32 routed environments separated by logical firewalls (multi-context ASA's). So I want a â€œcoreâ€ router in each environment, and don't want to buy 32 pairs of 6500's-sorry Cisco.

Each of these environments are tied together by a core routing environment, running on the same pair of 6500's. No WAN MPLS is going on and I am trying to use VRF for each of the routed environments core router. The management functions of the 6500 shall run off the VRF Core router and ip range (the one that ties all the other VRF's together. Here is a simple diagram:

VRF1

||

FW1

||

VRFCOR

||

FW2

||

VRF2

So to go from VRF1 to VRF2, you traverse two firewalls and VRFCOR.

Several questions related to this design:

1) Am I nuts to use VRF's in this application?

2) Is there a better choice than VRF's to do what I want?

3) Should VRFCOR be the global routing table (IOW, not a VRF)? Or should be its own VRF? Another way to ask this is: Shall a router ever run entirely in VRF tables, or should there be at least one global table in use?

4) Are there problems with any management protocols on a VRF, such as NTP, AAA, SNMP, LOGGING, TELNET? Or have all those been worked out?

5) Any other suggestions?

TIA, Will

irisrios · ‎03-10-2008

VRF is suited for such kind of an application. Refer to URL http://cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080851cc6.pdf to get an idea about the