cancel
Showing results for 
Search instead for 
Did you mean: 

Fabric Routing: Is GlobalRouter isolation required?

Fabric Routing: Is GlobalRouter isolation required?

BRMS
New Contributor II

Hi! When i installed our SPBM-backbone consisting of 4 VSP8600 i made the mistake of not seperating VRF0 and our internal LAN. As far as i understand, VRF0 should only contain the ISIS configuration. Every other L2 or L3 VSNs should reside in different VRFs, is this correct?

Is there a technical reason VRF0 should not contain other VLANs other then internal ISIS related ones? could this possibly lead to routing problems down the line?

2 REPLIES 2

PeterK
Contributor III

As far as I know, is the reason that you can only access the host / cpu via GRT aka VRF0 and mgmtVRF.

As Roger wrote, it’s a security question. simple config vs. security

Roger_Lapuh
Extreme Employee

Hi BRMS

no, you are absolutely fine using VRF0 for your VLANs/IP Subnets if you don’t need L3 separation. Some customers like to move all user traffic into a different VRF to segement network management off of user traffic, but this is by choice.

I hope this helps.

Roger

GTM-P2G8KFN