I am looking to use a couple ASR9001 routers at the Internet edge to bring in some Internet circuits, then I need to push it through an firewall and IPS stack. Then after traversing the security stack, I want to bring it back into the same ASR9001 routers in a different VRF. From there, I can distribute scrubbed Internet handoffs to multiple tenants within the data center. Dynamic routing within this Internet edge topology is a must so I would need to have multiple OSPF instances, and would like to use a second BGP instance (scrubbed) on the ASR9k routers to peer with the other BGP instance (external). I would like to not have to purchase another set of routers for the scrubbed side of this design.
The documentation states that this is one of the use-cases ("Mechanism to consolidate the services provided by multiple routers using a common routing infrastructure into a single IOS-XR router.").
But, the restrictions section states "Only one Address Family can be configured under each BGP instance". Does that mean that on the external BGP instance, I can run IPv4 unicast, but I cannot run IPv4 unicast on the scrubbed BGP instance, but I could run another address-family? Or is it such that I can run only one address-family on each BGP instance, but both instances could both be running the IPv4 unicast address-family?
No comments:
Post a Comment