On Fri, Jun 12, 2015 at 10:04 PM, Randy Bush <ra...@psg.com> wrote: >> it's nice to have the tools to segregate traffic/users/things... >> mpls/etc is one method to do that... I don't know that many >> enterprises pursue this path though :( which is sad (I think). > > i have seen a lot of this done with firewall devices and vlans. with > vlans or mpls, you can make spaghetti without wires, one wheat and one > semolina.
oh absolutely. you can use many tools to lop off your fingers, my point was that things like mpls (or vlans) provide a nice other tool to use along with your firewalls and such. of course you ought not willy-nilly go crazy with this, but... imagine if the 'hr department' were in one contiguous 'VRF' which had a defined set of 2-3 exit points to control access through... while those willy 'engineers' could be stuck in their own ghetto/VRF and have a different set of 2-3 exit points to control. Expand your network over many locations and in large buildings and ... it can be attractive to run a 2547 network that the company is a 'customer' of, or so I was thinking :)