We have started migrating our legacy WAN (leased lines) to the Layer 3 MPLS.
We do not run MPLS on our router, rather we peer with the PE router of the service provided by running BGP.
As of now we are not advetising our IGPs (EIGRP in particular) to the BGP, instead we create GRE tunnel and encrypt the tunnels.
My question is :
How do I secure my networking domain, from the MPLS network.
Is there any configuration guidelines for securing router in such cases.
Do we need firewall on our routers, if yes what to filter?
I need forums help, I am really clueless.