Re: MPLS Security

ciscobuddy · ‎11-03-2003

Hi All,

we r ISP. we hav MPLS -VPN set up having GSR adn 6509. wants to go for Security auditing. need suggestions for security.

Thanks & Regards,

Ciscobuddy

ahanspal · ‎11-04-2003

MPLS VPN security was analysed by Miercom and independent body back in March 2001. You may want to use that report for your Security audit. You can access that report at http://www.miercom.com/dl.html?fid=20010330&type=report

You will need to register - it is Free

Cheers

Amrit

ciscobuddy · ‎11-05-2003

hi Amrit,

Thanks for ur reply. so many doubts regarding security auditing for MPLS VPN. can u suggest me good links so i can study. we r ISP.

Thanks & Regards,

Ciscobuddy

ciscobuddy · ‎11-06-2003

Hi Buddy,

Can anybody give me suggestions for following questions

1. how can we hide the Addressing structure of the MPLS core for outside the world

2. Can u put some security for CE-PE

interface. if yes then pls suggest me.

3. Cn we hide PE routers IP address from CE.? if yes then How? pls suggest.

4.is it possible that PE router should never accept unlabel packet from CE ?

%. Security for Fake Labels on CE-PE interface.

Please give me sugestion for abover questions

Thanks & Regards,

Ciscobuddy

olorunloba · ‎11-06-2003

To hide the ip structure use the no ip propate-ttl command. Labelled packets are not normally exchnaged between CE and PE, unless you are having a carrier's carrier configuration.

ciscobuddy · ‎11-14-2003

hi,

i hv 6509 configured as PE in that this command is not there. can u give me some more advise.

Thanks & REgards,

Ciscobuddy