Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
1
Replies

Security design for MPLS to protect against the Service Provider (using BGP)

dmarekatc
Level 1
Level 1

‎11-09-2012 09:15 AM - edited ‎03-03-2019 06:50 AM

Hello all,

I was hoping I might find some help regarding wrapping appropriate security around an MPLS network design (beyond a IPSEC tunnel between sites), to protect against the Service Provider. e.g. What can I do to most effiencently keep them [the SP] from being a potential attack vector, outside of VPN, more in the sense of edge security with them? - ACLs, route filtering, or what have you to ensure they can't access or traverse our network from their side (PE) - including some examples would be fantastic.

Items to Note:

  • BGP is being used between us & the SP
  • Each site has its own ASN
  • Using /30 networks between us & the SP (is it better to do a different way?)
  • Largely, IOS 15.x will be used.


Any input would be appreciated.

Thank you in advance!

Labels:
0 Helpful
1 Reply 1

Reza Sharifi
Hall of Fame
Hall of Fame

‎11-10-2012 10:33 AM

Hi,

Here is a pretty good document on how to secure your infrastructure:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/IPSNGWAN.html#wp37411

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents