[c-nsp] u-pe placement

Waris Sagheer (waris) waris at cisco.com
Sat Mar 9 14:00:25 EST 2013


Ray,
This is changing now. MPLS at access is becoming popular since there are ways to provide adequate security. Unified MPLS is one example.

Best Regards,

[http://www.cisco.com/web/europe/images/email/signature/horizontal06.jpg]

Waris Sagheer
Technical Marketing Manager
Service Provider Access Group
waris at cisco.com<mailto:waris at cisco.com>
Phone: +1 408 853 6682
Mobile: +1 408 835 1389

CCIE - 19901


<http://www.cisco.com/>



[Think before you print.] Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html



From: Raymond Burkholder <ray at oneunified.net<mailto:ray at oneunified.net>>
Date: Friday, February 22, 2013 5:12 AM
To: "cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>" <cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>>
Subject: [c-nsp] u-pe placement

At
http://etutorials.org/Networking/MPLS+VPN+security/Part+III+Practical+Guidel
ines+to+MPLS+VPN+Security/Chapter+7.+Security+of+MPLS+Layer+2+VPNs/C6+VPLS+a
nd+VPWS+Security+Overview/  they say:  "We recommend that no service
provider edge (PE) router be located at a customer premise because such an
installation exposes the service provider to unwelcome access. Further, in
order to mitigate against control plane spoofing, examples of protocols that
should never be exposed to untrusted routers include IGP, BGP, LDP, and
RSVP-TE."

Is this common best practices?  Is there indeed quite a bit of risk in
exposing the u-pe at the customer site?  Is this exploited regularily?  Are
there methods of mitigating the risks?

With routers like the 1921 sitting at customer sites, with better than
adequate horsepower to handle mpls, it is very tempting to take the pe out
to the customer site as a u-pe in the form of a 1921 or similar.

Any comments on advantages/dis-advantages?

Ray


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list