Hi liviu,

Thanks for answering the question and I got some understanding from it. However, what would happen if you used the same router for internet service and partner service(mpls, p2p links). Would vrfs help if its a security concern?

Regards,

Isaac.

BTW, my prior reply was composed without seeing this response, where you also asked about using VRFs.

The other posters have mentioned having two routers one Internet and one for private networks minimizes impact of failure and or make operations somewhat easier.  Well, yes and no.  For both, often like to have redundancy for both, which might imply having four routers or using two that support both functions.

Again, "book" designs often try to keep functions separate but they often also assume you have an unlimited budget.

"Real world" designs might trade off things because of budget or might be "messy" due to network growth.

So, just keep in mind "book" designs often gloss over "real world" issues/considerations.

As an example, if we have an Internet and Partner routers, it's nice their configurations can be tailored for their roles, and perhaps acceptable that if one of those routers fails, or we need to take it down for maintenance, "only" Internet or Partners are impacted.

However, in my experience, Enterprises often prefer to avoid outages.  So, if we have just to routers, if they are both configured for both roles, Internet and Partners, possibly we can avoid the outright loss of either.  Having both roles on the same router is more complex, something "book" designs tend to avoid.

BTW, don't misunderstand, there's nothing wrong with "book" designs, especially for helping to make clear good design practices, but often such designs don't take into account all the network issues they need to.

Further understand many an actual real world design is far from ideal, but how it got to be what it is, might have been on a very tortured path.  Including reasons as @liviu.gheorghe mentioned in his initial reply, i.e. Partner networks were often considered "safer", from a security perspective, then the Internet.

Lastly, the reason I'm bringing this up, is so often dealing with new network engineers who have seen the classic 3 tier network design and sort of believe anything else is inherently "defective" in design (which might be the case, laugh) but that doesn't necessarily mean the network doesn't meet network needs or an ideal design would be actually better in meeting network needs.  (Of course, if you can convince management to totally refresh the network. . .)

Hi Joseph,

Thanks for your response. I asked the question because in my career I have come across this design separation of router roles but I really didn't understand why they were setting it up that way, instead of bundling everything on one router. The VRF option was not the real focus of my query.

Regards,

Isaac.

Hi MHM,

Thanks for your interest, kindly see attached the general topology

Regards,

Isaac

Your last comment is exactly what in my mind 

Using one router with multi vrf

But with two router you get 

1- two failure points' if one router down you can shift traffic to other router 

2- dedicated router for vpn

MHM