10-02-2013 12:47 PM
I am building a DC where we decided each service is routed in its own vrf, then in separate FW context.
Some services however, needs to communicate together, and that works fine via FW.
In order to offload traffic from FW, we decided to use vrf import, export(services are routed in aggregation layer, and no FW). This also works, but removes the independence I wanted for each service.
Are there any other methods to achieve inter routing without import export. I am considering PVLANs also.
Tia
Samir
Sent from Cisco Technical Support iPad App
10-04-2013 03:32 AM
Hi,
If you use asr1k, you can use VASI to do that. VASI is a logical link within the router, it has 2 logical interface, left and right. You can assign each interface in different vrf, and form routing Protocol between the vrfs. That way you can pass routes between vrfs via the VASI link.
HTH,
Lei Tian
Sent from Cisco Technical Support Android App
10-11-2013 04:46 AM
I came to the conclusion that some traffic is bst left out of Firewalls and actually routed securely withing data center only.
since I am using VRFs in DC, import and export seems to be the right choice. At some point, and depending on traffci type and how much needs to be interconnected, I will simply collapse VRFs into a single one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide