Hello,
imagine a network consisting of multiple corporate public IP subnet, e.g.:
- 13.1.50.0/22
- ...
Also you have plenty of peconfigured Virtual Routing and Forwarding (VRF) instances in all your buildings / racks containing hundreds of private rfc1918 subnets e.g.:
Now imagine virtual machines in public and private subnets, which should be able to communicate with each other, e.g. a network monitoring system being in 13.1.50.0/22 should monitor virutal machines in 10.1.0.0/24, 10.2.1.0/24, 10.3.2.0/24
=> Easy solution: Give that network monitoring system VM additional vNICs and connect them to the multiple virtual routing instances.
Wouldn´t it be really bad design, if instead the routes of 10.1.0.0/24, 10.2.1.0/24, 10.3.2.0/24 get injected into the public subnets, so such the the mentioned NMS could reach the virtual machines in public subnets? When the main public routing instance gets down, all those dependent other private subnets will be down, too?
Does anyone have some sources of good / bad design in such a situation?
Regards
No comments:
Post a Comment