Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
5
Helpful
1
Replies

Is it possible to add a firewall between two mpls peers (P-PE)

Go to solution
pavlosd
Level 2
Level 2

‎08-11-2003 11:31 PM

Hi, I was wandering if there is a way between two routers that 'speak' MPLS to introduce a firewall (i.e. pix firewall). I know by default is not possible but perhaps through tunneling etc?

Ragards.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mazhar71
Level 1
Level 1

‎08-12-2003 05:55 AM

Hi,

No, it is not possible at least for today. The packets between P and PE router are not IP packet but MPLS packets (it protocol type is different). One exception to that is penultimate hop poping. If P-H-P is placed and there is no other label stack (ex : no vpn ) the packet is pure IP packet.

Also one of the main idea of MPLS is that P router doesn't know anything except label binding information.

If you want to use firewall somewhere , use it on the CE side not between P-PE,P-P or PE-PE.

Best Regards

View solution in original post

1 Reply 1

Go to solution
mazhar71
Level 1
Level 1

‎08-12-2003 05:55 AM

Hi,

No, it is not possible at least for today. The packets between P and PE router are not IP packet but MPLS packets (it protocol type is different). One exception to that is penultimate hop poping. If P-H-P is placed and there is no other label stack (ex : no vpn ) the packet is pure IP packet.

Also one of the main idea of MPLS is that P router doesn't know anything except label binding information.

If you want to use firewall somewhere , use it on the CE side not between P-PE,P-P or PE-PE.

Best Regards

Customers Also Viewed These Support Documents