Re: MPLS Security Design

Marcello Costa · ‎12-06-2018

Hi guys,

The question is about layers of security to implement MPLS link.

Today my MPLS link are terminanting on Border Routers that are performing BGP Single Multi-homed as well.

After this Border Router I have the Firewall performing external NAT and External filtering only and fowarding the traffic via Switch core to Internal Firewall that perform all internal filtering.

So, the communication is in the bellow way: internet > border-router > external-firewall > core-switch > internal-firewall

The security team is asking us about external-firewall role that only performs external filtering and can't perform the routing by yours.

In this way the traffic would be through> internet > border-router > core-switch > internal-firewall.

My point is, whats the best place and recomendation to this case?

Are there some document/recomendation, best practice design to this scenario?

Thank you in advance.

a.alekseev · ‎12-07-2018

it depends...

What is external firewall doing? NAT?

Marcello Costa · ‎12-07-2018

Alekseev

Yes. It is doing NAT and are our border firewall.

MPLS Security Design

Port-Security - Configuração Básica

【原创】Switch Security

Unified MPLS for Mobile Transport 3.0 - Design Guide

[原创]port-security特性演示

ACIデザインシリーズ(1) - ACI Design Pattern