VRF-Aware IOS Firewall
The Multiprotocol Label Switching Basic Clandestine Arrangement (MPLS VPN) affection allows several sites to interconnect
transparently through a account provider network. A account provider arrangement can abutment several IP VPNs. Anniversary of these
appears as a abstracted clandestine network. VRF is an IP acquisition table instance for abutting sites in a VPN network. Anniversary VPN
has its own set or sets of VRF instances, thereby acceptance anniversary armpit to accelerate IP packets to any added armpit in the aforementioned VRF
instance.
The Cisco IOS Firewall affection is added to abutment analysis for VRF instances in a MPLS VPN network. CBAC can inspect
packets on a per-VRF base for packets beatific and accustomed aural a VRF. VRF-aware CBAC accomplishing can include
multiple firewall instances (with VRF instances) that are allocated to abstracted VPN customers. VRF-aware CBAC provides
scalability and bargain affiliation after the charge for abstracted firewall accessories for anniversary VPN network. In effect, a single
physical router active assorted basic acquisition instances (emulating assorted routers) can now run assorted basic IOS
Firewalls in a distinct device.
This affection was alien in IOS Version 12.3(14)T.