If I use IPsec before the CE is it still possible for the CE discriminate the traffic for the MPLS labeling? or IPsec hide the fields used to discriminate traffic? I think this is true for IPsec-ESP but not for AH
What about using TOS field to labal to packet? I read that IPsec even in Tunnel mode copy the TOS field from the original packet to the new IP header.
Do I have to use Tunnel mode even if the VPN is provided by MPLS itself? the MPLS is used first to create VPN site to site over the provider's public network and secondly to provide different QoS for traffic flowing inside the VPN itself.
I've also heard that the TOS is carried through, but I haven't tested this.
IPSEC Tunnel mode is independent of how the MPLS VPN is provided.
If a router is providing the IPSEC for a number of client connections normally the client's packet will come in with ipaddress_a and then be placed in an IPSEC tunnel with source ipaddress_b which is the ip address of the router. Perhaps some routers can provide transport mode, and retain the source ipaddress_a even in ipsec, but I haven't come across this. I would be interested if others have.
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...