Hi, I use "Cisco IOS Cookbook" from O'Reilly. In its MPLS L3VPN example, it assigns "BGP 100" (a public AS number) to routers in MPLS cloud, and private AS numbers to CE routers. I want to follow this example for readability in a real project, but was wondering if I should use a private AS number instead. (for PE routers.) Our organization doesn't have a public AS number yet. Even if we have, I think we will get a new router dedicated for public internet AS exchange.  So will I be fine if I use "BGP 100" on our PE routers?   Thanks, -Andrew   ... View more

Hi, We want to build a MPLS core network using microwave equipment. In some situations there could be multiple microwave links between two routers, as below. R1  ----m1-----m2-----m3---- R2 R1 and R2 are routers running MPLS. m1~m3 are microwave bridges. Since R1 and R2 talk in MPLS, but m1 ~ m3 don't, can we still access m1 ~ m3 remotely (via IP, TCP) ? (assume R1, R2, m1 ~ m3 have interfaces in the same subnet.) Another question. Will the delay in microwave links causes troubles for AToM and VPLS? Thanks, -Andrew ... View more

Hi there, Should we worry about the the security on router-to-router VPN over internet (IPSec) ? We have two offices. Office A has Cisco 2811 router (internal, private) and ASA 5510 firewall. Office B has Cisco 2821 router (internal, private) and ASA 5505 firewall. Office B has private subnets that extend to 7 hops away. (running RIP) If we want to set up a site-to-stie VPN between these two offices, should we set it up on ASA's or routers? If we set up VPN on routers, does that mean we need to connect one interface to the internet on each router and suffer from Internet attacks? How do we defend our routers then? Thanks in advance! -Andrew ... View more

Hi, We have a dedicate private line connecting to a remote office. ( DS3(BGP) -> 3rd party private network -> E1 (BGP) -> Ethernet (RIP) -> Satellite (RIP) ) There are Cisco routers at both ends. This office has poor internet bandwidth so we want to route its internet traffic back to main office everyday at night from 8 pm to 8 am Eastern Time. I know how to use static or RIP default route at remote router to direct its internet traffic back to main office. But how do I cut it off when the morning comes? And how do I add restrications at main office to block this traffic if someone at remote office removes the timing rule manually? Can anyone give me an idea how to implement this? Thank you! -Andrew ... View more