[150874] in North American Network Operators' Group
L3 VPN Management
daemon@ATHENA.MIT.EDU (Leigh Porter)
Wed Mar 7 02:06:39 2012
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: North American Network Operators' Group <nanog@nanog.org>
Date: Wed, 7 Mar 2012 07:07:32 +0000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Folks,
I have a number of L3 MPLS VPNs. For example, there is the WiFi management=
VPN (WiFi management interface). There is th systems VPN where things li=
ke RADIUS servers, Databases talk. There is a VPN for LTE OAM. There are a=
lsomseparate VPNs for other LTE functions.
All OK.
Then are various sites I have a cluster of ops servers, syslogs, things th=
at go ping, instances of cacti and our various vendors management systems.=
They all sit behind a firewall.
What's the nicest way of allowing the ops servers all talk to each VPN ins=
tance? At the moment I just us pretty normal L3VPN techniques so that ever=
y VPN sees routes tagged with the ops VPN target community and so that the=
ops VPN sees all the other VPN routes but the division between VPNs is ma=
intained.
Or, would it be nicer to have the firewall have a foot in each VPN, advert=
ise routes to ops systems to each VPN instance and receive routes from all=
the other VPNs?
--=20
Leigh
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
