[150878] in North American Network Operators' Group
Re: L3 VPN Management
daemon@ATHENA.MIT.EDU (Jeff Wheeler)
Wed Mar 7 03:04:38 2012
In-Reply-To: <3F07E816-EFC6-4E01-8951-559FE7AF7AE9@ukbroadband.com>
Date: Wed, 7 Mar 2012 03:03:42 -0500
From: Jeff Wheeler <jsw@inconcepts.biz>
To: Leigh Porter <leigh.porter@ukbroadband.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 7, 2012 at 2:07 AM, Leigh Porter
<leigh.porter@ukbroadband.com> wrote:
> What's the nicest way of allowing the ops servers all talk to each VPN in=
stance? At the moment I just us pretty normal L3VPN techniques so that ever=
y VPN sees routes tagged with the ops VPN target community and so that the =
ops VPN sees all the other VPN routes but the division between VPNs is main=
tained.
>
> Or, would it be nicer to have the firewall have a foot in each VPN, adver=
tise routes to ops systems to each VPN instance and receive routes from all=
the other VPNs?
I think you may pay more money for extra firewall zones and perhaps
not receive any benefit from it.
--=20
Jeff S Wheeler <jsw@inconcepts.biz>
Sr Network Operator=A0 /=A0 Innovative Network Concepts
