Am currently migrating our legacy IP network to MPLS.we have been able to migrate 3 seperate networks into their respective vrfs and currently only left with the internet segment which used to connect to these 3 networks via a Cisco 535 firewall.
Problem is, i have created an internet vrf and intend to export a default route within the internet vrf into the other vrfs.Which should work fine for traffic leaving these networks to the internet.
Problem is : how to handle traffic comming from the internet to these respective vrfs without having to import those routes into the internet vrf?
Why do i want this ? Currently inter-vrf traffic is via a FWSM only and would like to keep it that way. No leaking of routes from one vrf to the other.If i do import the 3 vrfs into the internet vrf, it will leak one vrf route to the other !
one way would be to create a VLAN subinterface per VRF in the PIX. This way all traffic to the internet would be directed towards the firewall and there you could easily control/block inter-VRF traffic.
Or you create one internet interface in the FWSM and control access there.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...