[c-nsp] Ethernet WAN Links question
Gert Doering
gert at greenie.muc.de
Thu Dec 3 10:28:12 EST 2009
Hi,
On Thu, Dec 03, 2009 at 02:02:27PM +0100, Mikael Abrahamsson wrote:
> >There is an option they supply the switch too.
> >The first thing that came to mind is security issues since we are
> >connecting
> >Internet and Local Network to the same switch inside the network.
[..]
> Usually I'd say that the ISP will solve the handoff by having a switch or
> media converter to give you one port per service, but using vlans for
> logical separation has been pretty much standard procedure for 10 years in
> a lot of places.
But still, the underlying argument "if you connect your internal network
to the ISPs MPLS network, you need to trust your ISP" remains true.
So the question is not only separation of VLANs (which I would trust, on
sufficient recent switch gear) but also "trust towards the ISP".
Otherwise, crypto gear on top of the MPLS link is needed.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20091203/63b5df61/attachment-0001.bin>
More information about the cisco-nsp
mailing list