Virtural router how many do have and when to have multiple

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Virtural router how many do have and when to have multiple

L4 Transporter

Hi

 

So I am doing some network segregation.

 

I have  vr with say 40 interfaces on it.

I want to add 3 more.

can i create a new vr (vr_b)

place the 3 interface on the new vr (vr_b) and then create a vlan to connect vr original (vr_a) to new vr (vr_b)

 

When do you create a new vr ?

And what is the down side.

 

 

 

6 REPLIES 6

L4 Transporter

Hi,

 

you can have as many interfaces in a VR as you want. 
You create another VR when you want a another Routing instance, like vrfs. Down side if not needed, another VR makes things more complex for not reason.
and no you can not connect VRs togather with a vlan. But if you want a VR to reach a network found in a another VR then you create a static route for that network and make it point to the next VR.

So get the complexity bit

 

Doesn't really explain how inter router comes happens.  Can I connect them to do OSPF or BGP

Do they have to share a phy interface or ?

@Alex_Samad,

 

Normally you need multiple VRs to have a separate set of routes which you do not want to share between VRs, also you can configure different routing types for different interfaces.

As explained by @Abdul-Fattah , If you want to reach subnet on VR1 from the subnet on VR2, you can add static route on respective VRs and mention next hop as a NEXT VR. Yes you can also have OSPF or BGP neighborship between two VRs. Below are ref. articles.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clz7CAC#:~:text=OSPF%20can....

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIpCAK

 

 

 

 

M

Hi

 

had an indirect chat with PA engineer.  Seems like the linkage between VR is not that good.

 

Best to just keep it all in 1 VR.

 

The doco is not very clear on this.

 

If you don't understand the purpose of having multiple virtual routers this means that you really don't need it.


@Abdul-Fattah in most case you are correct, but in regality every device has its limit for how many interfaces you can have per device. Here you can see comparation between the some of the low end devices - https://www.paloaltonetworks.com/products/product-comparison?chosen=vm-50,pa-220,pa-850 and look for "Max interfaces (logical and physical" 

@Alex_Samad 

 

It depends on the environment as in our case we have different Segregated networks and also IPSEC tunnels and we have different 

VR for them.

So far never saw any issues for Routing between VR's

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
  • 5275 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!