[cisco-voip] Securing Voice networks
Jason Aarons (US)
jason.aarons at us.didata.com
Tue Dec 2 18:36:16 EST 2008
VRF is the backbone of how MPLS works. Your network routes are in a
private VRF that only you can see. If they can hack or mis-configure the
VRF then your routes could be advertised to a hack is the security worst
case scenario with MPLS. I believe you can filter a VRF into another
VRF but haven't seen that myself. I went thru backbone service provider
MPLS training, did all the labs and haven't used VRF much since then.
________________________________
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Lelio Fulgenzi
Sent: Tuesday, December 02, 2008 6:07 PM
To: Scott Voll
Cc: cisco-voip
Subject: Re: [cisco-voip] Securing Voice networks
The term is VRF. http://en.wikipedia.org/wiki/VRF
I'm still not clear as to the difference, but from what I understand,
they are logically two separate networks and go beyond the level of
seperation that VLANs provide. For example, you can have two VRF domains
and route them across your network, both with the same IP address space
but still logically separated. What I don't know, is whether you can
somehow route between two VRF domains (if that's even what you call
them).
For now, we are using ACLs, and for the most part they work, but it's
not ideal. Putting things behind a firewall makes sense, but with
multiple data centres, you have to ensure that the voice servers can
communicate with each other unhindered/unblocked. There are also some
issues with respect to asymetrical routing which I think is an issue for
us.
Until Cisco comes up with a recommended design for putting their voice
servers behind firewalls in multiple data centres, I think people will
be clamoring.
---
Lelio Fulgenzi, B.A.
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"Bad grammar makes me [sic]" - Tshirt
----- Original Message -----
From: "Scott Voll" <svoll.voip at gmail.com>
To: "<cisco-voip at puck.nether.net>" <cisco-voip at puck.nether.net>
Sent: Tuesday, December 2, 2008 5:56:59 PM GMT -05:00 US/Canada Eastern
Subject: [cisco-voip] Securing Voice networks
I have multiple Voice networks that I would like to put behind my FWSM.
At CIPTUG (pass the mic) i asked the question of how others were doing
it and I thought they were using VFR. is that the right term?
Can someone give me a run down of how they are doing it?
Thanks
Scott
_______________________________________________ cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-----------------------------------------
Disclaimer:
This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful. If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20081202/a31e3145/attachment-0001.html>
More information about the cisco-voip
mailing list