>> i have seen a lot of this done with firewall devices and vlans. with >> vlans or mpls, you can make spaghetti without wires, one wheat and one >> semolina. > > oh absolutely. you can use many tools to lop off your fingers, my > point was that things like mpls (or vlans) provide a nice other tool > to use along with your firewalls and such. > > of course you ought not willy-nilly go crazy with this, but... imagine > if the 'hr department' were in one contiguous 'VRF' which had a > defined set of 2-3 exit points to control access through... while > those willy 'engineers' could be stuck in their own ghetto/VRF and > have a different set of 2-3 exit points to control. > > Expand your network over many locations and in large buildings and ... > it can be attractive to run a 2547 network that the company is a > 'customer' of, or so I was thinking :)
i have seen people successful with this with mpls and with vlans with non-mpls tunnel tech (e.g. ipsec for the paranoid). i have seen them screw the pooch with both. randy
