03-23-2011 07:11 AM - edited 03-04-2019 11:50 AM
Hi there,
1. Is it okay to terminate the MPLS Service Provider connectivity directly on Core Switch GigE ports? Or is it not advisible?
2. Also, kindly help me understand the answer for above question in case of internet connectivity.
Thanks and Regards,
Ramchander Kunta
Solved! Go to Solution.
03-23-2011 08:29 AM
Hi there,
1. Is it okay to terminate the MPLS Service Provider connectivity directly on Core Switch GigE ports? Or is it not advisible?
2. Also, kindly help me understand the answer for above question in case of internet connectivity.
Thanks and Regards,
Ramchander Kunta
1) Yes you can providing you are only using MPLS to connect up to your other sites. Even if that is the case it still depends on your internal security policy ie. do you trust your other sites ?
Also depends on whether device is going to act as a CE device. If so you may need to run BGP between this device and the provider PE router router so you would need to know whether this was possible.
2) Absolutely not, no. This would in effect mean there is a direct connection from the internet to your core switch. What if somebody launched a denial of service against your switch. This would not only take down your internet connectivity but also whatever else your core switch is responsible for, presumably internal connectivity.
For internet connectivity you should have a completely separate firewall/switch/router setup that then connects back to your core switch.
Jon
03-23-2011 08:29 AM
Hi there,
1. Is it okay to terminate the MPLS Service Provider connectivity directly on Core Switch GigE ports? Or is it not advisible?
2. Also, kindly help me understand the answer for above question in case of internet connectivity.
Thanks and Regards,
Ramchander Kunta
1) Yes you can providing you are only using MPLS to connect up to your other sites. Even if that is the case it still depends on your internal security policy ie. do you trust your other sites ?
Also depends on whether device is going to act as a CE device. If so you may need to run BGP between this device and the provider PE router router so you would need to know whether this was possible.
2) Absolutely not, no. This would in effect mean there is a direct connection from the internet to your core switch. What if somebody launched a denial of service against your switch. This would not only take down your internet connectivity but also whatever else your core switch is responsible for, presumably internal connectivity.
For internet connectivity you should have a completely separate firewall/switch/router setup that then connects back to your core switch.
Jon
03-23-2011 07:57 PM
Hello Jon,
Thank you very much for the help and for the suggestions.
Especially for my second query, I will look no further for any answers as it is very clear from your reply.
Your suggestion is also clear for my first query, however, I will have to do some home work on the requirements gathering, thanks again...
Regds,
Ram
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide