[c-nsp] MPLS and IPSEC co-working
Rodney Dunn
rodunn at cisco.com
Thu Aug 16 08:29:48 EDT 2007
I honestly don't know. I've seen it discussed some before but
don't recall seeing a roadmap or confirmation about it being
done.
It may already be done and I just don't know it.
Rodney
On Thu, Aug 16, 2007 at 02:59:59PM +0300, Andris Zarins wrote:
> Thanks for quick reply ;)
>
> If its not top-secret, are there any plans to address this issue in near
> future?
>
>
> A
>
>
>
>
> -----Original Message-----
> From: Rodney Dunn [mailto:rodunn at cisco.com]
> Sent: Thursday, August 16, 2007 2:54 PM
> To: Andris Zarins
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] MPLS and IPSEC co-working
>
> >
> > > Hi,
> > >
> > > Network setup is pretty trivial - three routers running MPLS (LDP
> > > full-mesh) to support 20+ MPLS VPNs. Tricky part, is that customer
> > > is asking to secure that infrastructure by running IPSEC (3DES). As
> > > far as I know, I can not run LDP over Tunnel interfaces, and
> > > crypto-maps will not help also. Concept of running IPSEC between
> > > CPEs doesn't make sense, as there are no CPEs :(
> > >
> > >
> > > Question is - is VRF-Lite plus back-to-back connectivity, like
> > > option A for inter AS MPLS, the only viable option I have, or Im
> > > missing something and there are other, more scalable ways to do it?
>
> I think it is today.
>
> Rodney
>
> > >
> > >
> > > Thanks,
> > > Andris
> > > CCIE #17473
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list