The shared services area of the network is meant to provide common services — such as DNS, DHCP, and Internet access — to multiple logical networks/VRFs/customers. Cisco publishes a validated design for shared services that describes the use of multiple virtual firewalls and routers to provide connectivity between the shared services module and the VRFs in the network. I'm going to describe a method of collapsing the shared services firewalls and virtual routers into a single instance running on a single box using some of the features found in Juniper's Junos platform.

This post is going to provide a very basic introduction to configuring VRFs on Cisco IOS and Juniper's Junos. There's so many configuration combinations and options for virtual routing that it would be impossible to go through everything in great detail. At the end of the post I'll provide links to documentation where you can get detail if you want it.

Here's a summary of interesting articles/posts that I've come across in the last couple of weeks.

This post is for anyone who administers a Juniper SSL VPN. I saw an issue in our environment recently that was created by an unexpected interaction between two different systems that were working to enforce our computer security policy. Because the way the systems were configured is pretty common and because the issue is not specifically warned against by Juniper, I'm going to share it here.

It's been a long time since I've taken a run at getting Olive up and working. I wanted to take another stab at it and document how to get a working Olive installation using the latest JUNOS code. I also wanted to document how to get Olive up inside VMware ESXi since I hadn't actually done that before.

Olive refers to a regular PC that's running Juniper Networks' JUNOS software. Juniper developed Olive early on so they could perform testing of JUNOS during development. These days Olive is deprecated in favor of cheap, low-end M and J-series routers.