Hi All
Just was curious if anything has evolved in the spaced of inter-VRF routing. Is it still the norm for a firewall to be the enforcement point where you need to route between VRF's or with BGP being able to filter routes with RT's and RD's we can control the routing design in that way? Only reason I'm not entirely convinced of using the firewall is that it's going to create additional overhead with requiring to manage firewall policies which can add unnecessary complexity to the design. Yes fully aware rules can be automated etc.. but if the customer is also using NSX-T to control their own firewall rules (which is a completely separate team, we only provide the network piping) I would rather make them be responsible for policy control than add more load to the firewall for processing traffic. Anyone else using BGP for inter-vrf routing or would you still recommend the firewall peer to multiple Vrf's and then perform the enforcement to allow traffic between the different zones?
Thanks in advance.
No comments:
Post a Comment