cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

385
Views
0
Helpful
1
Replies
Highlighted
Beginner

Security design for MPLS to protect against the Service Provider (using BGP)

Hello all,

I was hoping I might find some help regarding wrapping appropriate security around an MPLS network design (beyond a IPSEC tunnel between sites), to protect against the Service Provider. e.g. What can I do to most effiencently keep them [the SP] from being a potential attack vector, outside of VPN, more in the sense of edge security with them? - ACLs, route filtering, or what have you to ensure they can't access or traverse our network from their side (PE) - including some examples would be fantastic.

Items to Note:

  • BGP is being used between us & the SP
  • Each site has its own ASN
  • Using /30 networks between us & the SP (is it better to do a different way?)
  • Largely, IOS 15.x will be used.


Any input would be appreciated.

Thank you in advance!

Everyone's tags (4)
1 REPLY 1
VIP Expert

Security design for MPLS to protect against the Service Provider

Hi,

Here is a pretty good document on how to secure your infrastructure:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/IPSNGWAN.html#wp37411

HTH

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards