[c-nsp] u-pe placement

Raymond Burkholder ray at oneunified.net
Fri Feb 22 08:12:57 EST 2013

nd+VPWS+Security+Overview/  they say:  "We recommend that no service
provider edge (PE) router be located at a customer premise because such an
installation exposes the service provider to unwelcome access. Further, in
order to mitigate against control plane spoofing, examples of protocols that
should never be exposed to untrusted routers include IGP, BGP, LDP, and

Is this common best practices?  Is there indeed quite a bit of risk in
exposing the u-pe at the customer site?  Is this exploited regularily?  Are
there methods of mitigating the risks?

With routers like the 1921 sitting at customer sites, with better than
adequate horsepower to handle mpls, it is very tempting to take the pe out
to the customer site as a u-pe in the form of a 1921 or similar.

Any comments on advantages/dis-advantages?


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the cisco-nsp mailing list