We have two zones separated by a firewall and implemented in a somewhat complex fashion. The routing for the first zone (call it zone A) is straightforward and runs on a 6500 switch. The routing for the second zone (call it zone B) is implemented as a VRF on this same 6500 switch. An external firewall has a leg in each zone and provides the connectivity between them. So far, so good, and it all works fine.
The issue is what happens when the firewall fails or needs to be taken offline, and we still need a method to connect the two zones - connectivity is more important than security in this case, so we've been testing some options (and we will probably merge the two zones at some time in the future).
1) Use another external device such as a switch or router. (Works ok, but we want a config solution)
2) Use another VRF with a leg in both zones. (Also works, but needs external cables and messing about with mac addresses which is so ugly we'd like to avoid it if possible.)
3) Use something else?
Is there an easier way of doing this? I have a feeling that I'm missing something obvious but can't think what (all routing in both zones is OSPF - no BGP anywhere).
I wonder if anyone could add another pointer to help me out here - I've been trying to get this working as suggested with standalone BGP and route import/export and I can see how this would work between VRF's but how do you do a route import/export with the global table as there is no RD? The route-target command seems to need this as an argument but it doesn't exist for the global table as far as I can see.
Could someone help out with a pointer to some config? much appreciated!
This document is an early notification of a behaviour change that will be introduced in IOS XR release 6.5.
IOS XR configuration principles relevant for this article are:
On router platforms all interfaces must be by defaul...
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application ...