On 11/Nov/16 12:07, Baldur Norddahl wrote:
> No filters. There are just no routes that will take a network packet that > arrive on an interface in VRF internet and move it to an interface in VRF > default without adding a MPLS header to mark the VRF. With the MPLS header > the packet type is no longer IPv4 but MPLS. > > Therefore there is no way you from the internet or from a customer link can > even attempt to inject packets that would be received by the OSPF process. > Since we use 10.0.0.0/8 and our vrf internet has no such route, you would > just get no route to host if you tried. Good for you. We don't run the whole "Internet in a VRF" architecture (too many moving parts), so not having our IGP being exposed to IP helps :-). Mark.
