Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
2
Replies

Basic Question on terminating SP Link on Core Switch

Go to solution
ramkunta
Level 1
Level 1

‎03-23-2011 07:11 AM - edited ‎03-04-2019 11:50 AM

Hi there,

1. Is it okay to terminate the MPLS Service Provider connectivity directly on Core Switch GigE ports? Or is it not advisible?

2. Also, kindly help me understand the answer for above question in case of internet connectivity.

Thanks and Regards,
Ramchander Kunta

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-23-2011 08:29 AM 

ramkunta@in.ibm.com
Hi there,
1. Is it okay to terminate the MPLS Service Provider connectivity directly on Core Switch GigE ports? Or is it not advisible?
2. Also, kindly help me understand the answer for above question in case of internet connectivity.
Thanks and Regards,
Ramchander Kunta

1) Yes you can providing you are only using MPLS to connect up to your other sites. Even if that is the case it still depends on your internal security policy ie. do you trust your other sites ?

Also depends on whether device is going to act as a CE device. If so you may need to run BGP between this device and the provider PE router router so you would need to know whether this was possible.

2) Absolutely not, no.  This would in effect mean there is a direct connection from the internet to your core switch. What if somebody launched a denial of service against your switch. This would not only take down your internet connectivity but also whatever else your core switch is responsible for, presumably internal connectivity.

For internet connectivity you should have a completely separate firewall/switch/router setup that then connects back to your core switch.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-23-2011 08:29 AM 

ramkunta@in.ibm.com
Hi there,
1. Is it okay to terminate the MPLS Service Provider connectivity directly on Core Switch GigE ports? Or is it not advisible?
2. Also, kindly help me understand the answer for above question in case of internet connectivity.
Thanks and Regards,
Ramchander Kunta

1) Yes you can providing you are only using MPLS to connect up to your other sites. Even if that is the case it still depends on your internal security policy ie. do you trust your other sites ?

Also depends on whether device is going to act as a CE device. If so you may need to run BGP between this device and the provider PE router router so you would need to know whether this was possible.

2) Absolutely not, no.  This would in effect mean there is a direct connection from the internet to your core switch. What if somebody launched a denial of service against your switch. This would not only take down your internet connectivity but also whatever else your core switch is responsible for, presumably internal connectivity.

For internet connectivity you should have a completely separate firewall/switch/router setup that then connects back to your core switch.

Jon

0 Helpful

Go to solution
ramkunta
Level 1
Level 1
In response to Jon Marshall

‎03-23-2011 07:57 PM

Hello Jon,

Thank you very much for the help and for the suggestions.

Especially for my second query, I will look no further for any answers as it is very clear from your reply.

Your suggestion is also clear for my first query, however, I will have to do some home work on the requirements gathering, thanks again...

Regds,
Ram

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card