[c-nsp] (no subject)
Bruce Pinsky
bep at whack.org
Thu Jun 21 19:21:56 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Malitsky wrote:
> Hello,
>
> We are in the process of deploying an MPLS network (carrier-provided) to
> connect several customers to a data center. The customer locations are
> all separate entities and need to be completely isolated from each
> other. The carrier is now telling us that they will only announce a
> full set of routes (either through BGP or statically) to all locations,
> and will not do any filtering or policy routing, or anything else in the
> core.
> So question is, how do I make sure the various customer locations stay
> segregated? I know the easy answer is to write ACLs on the CPE routers
> (which I am providing), but since they are not under my physical
> control, that makes me somewhat uneasy. Are there any better solutions?
>
Use VRF-lite on your data center CE to segregate the customers?
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGewgUE1XcgMgrtyYRAroZAJwMY/j9niaKhd/Pg1aF7DsrnAnFVACfaOx0
M7DreE224wjP2SziSr6oAZs=
=Mimi
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list