10-14-2011 01:53 AM
hi all,
i want to know what is the security concern when we have Inter-AS L2VPN between two Service Provider as the attached configuration (just one service provider side configuration for the ASBR & PE the other Service Provider is the same pointing to our service provider), and how we can mitigate the risk and what is the most secure option, we need to know the advantage and disadvantage.
10-15-2011 06:18 AM
Hi Ahmad
Looking at your configuration it seems the setup is as below
CE1_ISP1---------xconnect---PE_ISP1-----ISP1MPLSBB----ASBR_ISP1-----IP_Link---ASBR_ISP2-----ISP2MPLSBB----PE_ISP2------xconnect---CE2_ISP1
Is that correct ?
In my personal opinion from Security Point of View already only the required loopbacks are being allowed which is good to do. And I believe the SNMP Traps and Remote Access to your ASBR would be a protected and limited access.
Apart from these there might be some other standard security features which others can suggest to be taken care of but the above two should be surely taken care of as I think.
Hope this helps you.
Regards
Varma
10-15-2011 06:51 AM
the setup is correct, do you think sharing with other provider the loopback ip address is not a risk, and also the ASBR ip address we are peer with is from the globa routing in ASBR not from vrf
10-15-2011 06:57 AM
Hi Ahmad
I understand thats everything is in Global but the above scenario can only be served in this way. We need the remote ISP PE Loopback in Global RT.Again for security concerns we need to make sure Telnet/SSH and SNMP are protected using ACL.
Regards
Varma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide