Central Services VPN Data Flow Model

This topic describes the data flow within a central services VPN.

This topic describes the data flow within a central services VPN.

ClEIJ Cl HCl

ClEIJ Cl HCl

W 2003, Cisco Systems, Inc. All rights reserved.

• Client VRFs contain server routes—clients can talk to servers.

• Server VRFs contain client routes—servers can talk to clients.

• Client VRFs do not contain routes from other clients—clients cannot communicate.

• Make sure there is no client-to-client leakage across server sites.

W 2003, Cisco Systems, Inc. All rights reserved.

In the central services VPN topology, the client VRF contains only routes from the client site and routes from the server sites. This setup precludes the client sites from communicating with other client sites.

A server VRF in this topology contains routes from the site or sites attached to the VRF, as well as routes from all other client and server sites. Hosts in server sites can therefore communicate with hosts in all other sites.

Note If the central site is propagating a default route to other sites, it can result in client sites seeing each other through the CE router in the central site.

Was this article helpful?

0 0

Post a comment