This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric Routing: Is GlobalRouter isolation required?

Fabric Routing: Is GlobalRouter isolation required?

BRMS
New Contributor II

‎06-10-2020 08:50 AM

Hi! When i installed our SPBM-backbone consisting of 4 VSP8600 i made the mistake of not seperating VRF0 and our internal LAN. As far as i understand, VRF0 should only contain the ISIS configuration. Every other L2 or L3 VSNs should reside in different VRFs, is this correct?

Is there a technical reason VRF0 should not contain other VLANs other then internal ISIS related ones? could this possibly lead to routing problems down the line?

0 Kudos
2 REPLIES 2

PeterK
Contributor III

‎06-12-2020 11:40 AM

As far as I know, is the reason that you can only access the host / cpu via GRT aka VRF0 and mgmtVRF.

As Roger wrote, it’s a security question. simple config vs. security

0 Kudos

Roger_Lapuh
Extreme Employee

‎06-10-2020 10:58 AM

Hi BRMS

no, you are absolutely fine using VRF0 for your VLANs/IP Subnets if you don’t need L3 separation. Some customers like to move all user traffic into a different VRF to segement network management off of user traffic, but this is by choice.

I hope this helps.

Roger

0 Kudos
GTM-P2G8KFN