Discussion

if encrypted communication need be managed
policy-based separation
installation cost vs hedged risk comparison required
if the total amount of traffic is not so much
tunnel-based separation
otherwise
depends on administrator's policy:

      e.g.)
          if cost is most important
              layer 3 separation
          if complete security is most important
              layer 2 separation or policy-based separation