On Wed, Mar 7, 2012 at 2:07 AM, Leigh Porter <leigh.por...@ukbroadband.com> wrote: > What's the nicest way of allowing the ops servers all talk to each VPN > instance? At the moment I just us pretty normal L3VPN techniques so that > every VPN sees routes tagged with the ops VPN target community and so that > the ops VPN sees all the other VPN routes but the division between VPNs is > maintained. > > Or, would it be nicer to have the firewall have a foot in each VPN, advertise > routes to ops systems to each VPN instance and receive routes from all the > other VPNs?
I think you may pay more money for extra firewall zones and perhaps not receive any benefit from it. -- Jeff S Wheeler <j...@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
