Can someone explain to me why we use access lists in a mpls cloud that uses IBGP. I thought for the most part access lists were used on firewalls not routers running BGP. Do we even need access lists with bgp can't bgp work without access lists. What are the reasons for having access lists on a router for IBGP on a mpls cloud?
I'm not sure what you are asking, access-lists could be used to filter BGP routes although prefix-lists are vastly superior.
Routers running BGP are often on the edge of the network so doing filtering there makes sense. It could be to filter RFC1918 and Bogon space from entering the network. Also to filter someone from spoofing from your own IP range. Then there are other reasons to filter malicious traffic and so on.
This could be the first line of defense and more advanced features could be deployed further into the network.
I understand access lists are used to filter malicious traffic, however if there is an mpls cloud thru an ISP that only the company's sites connect thru each other for routing packets within the company network. Why do we need prefix list or access list between an internal network with mpls cloud that goes thru the company ISP. I thought a private mpls cloud is secure but not secure only when going thru Internet. Are prefix lists or access lists used for bgp as we'll as eigrp, ospf or is it because it goes thru the mpls cloud?
So if we have a private mpls cloud with our company's circuits it's still not 100% secure because its not encrypted. My question is why and who we are encrypted our company's packets from if no one from outside our network would have access because we have a ASA firewall. Are we encrypting our packets from our ISP who provides us our mpls cloud or do other organizations that have service with our ISP could hack into our mpls cloud?
The only way to get access to your network is if the ISP misconfigures so that another company gets access to your IP networks by mistake or that someone gets access to a PC on the inside and can reach the networks from there. It could happen if someone accidentally downloads an e-mail attachment or something like that.
It all depends on how critical the traffic is. If it's a bank there could be regulations in place that demands that all traffic is encrypted even if it is supposed to be private. If you compare it to a leased line, it's also secure as long as someone doesn't get access to it. So MPLS is like a virtual leased line in comparison.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...