<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:navy;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>You can also use VRF Lite which allows you to use VRF’s without
using MPLS.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On
Behalf Of </b>Jason Aarons (US)<br>
<b>Sent:</b> Tuesday, December 02, 2008 4:36 PM<br>
<b>To:</b> Lelio Fulgenzi; Scott Voll<br>
<b>Cc:</b> cisco-voip<br>
<b>Subject:</b> Re: [cisco-voip] Securing Voice networks<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:navy'>VRF is the backbone of how MPLS works. Your network routes
are in a private VRF that only you can see. If they can hack or mis-configure
the VRF then your routes could be advertised to a hack is the security worst
case scenario with MPLS. I believe you can filter a VRF into
another VRF but haven’t seen that myself. I went thru backbone service
provider MPLS training, did all the labs and haven’t used VRF much since then.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:navy'><o:p> </o:p></span></p>
<div>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=2 width="100%" align=center>
</div>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Lelio Fulgenzi<br>
<b>Sent:</b> Tuesday, December 02, 2008 6:07 PM<br>
<b>To:</b> Scott Voll<br>
<b>Cc:</b> cisco-voip<br>
<b>Subject:</b> Re: [cisco-voip] Securing Voice networks</span><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:10.0pt;
font-family:"Verdana","sans-serif";color:black'>The term is VRF. http://en.wikipedia.org/wiki/VRF<br>
<br>
I'm still not clear as to the difference, but from what I understand, they are
logically two separate networks and go beyond the level of seperation that
VLANs provide. For example, you can have two VRF domains and route them across
your network, both with the same IP address space but still logically
separated. What I don't know, is whether you can somehow route between two VRF
domains (if that's even what you call them).<br>
<br>
For now, we are using ACLs, and for the most part they work, but it's not
ideal. Putting things behind a firewall makes sense, but with multiple data
centres, you have to ensure that the voice servers can communicate with each
other unhindered/unblocked. There are also some issues with respect to
asymetrical routing which I think is an issue for us.<br>
<br>
Until Cisco comes up with a recommended design for putting their voice servers
behind firewalls in multiple data centres, I think people will be clamoring. <br>
<br>
<br>
---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>
"Bad grammar makes me [sic]" - Tshirt<br>
<br>
<br>
----- Original Message -----<br>
From: "Scott Voll" <svoll.voip@gmail.com><br>
To: "<cisco-voip@puck.nether.net>"
<cisco-voip@puck.nether.net><br>
Sent: Tuesday, December 2, 2008 5:56:59 PM GMT -05:00 US/Canada Eastern<br>
Subject: [cisco-voip] Securing Voice networks<o:p></o:p></span></p>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'>I have multiple Voice networks that I would like to put behind my
FWSM. At CIPTUG (pass the mic) i asked the question of how others were
doing it and I thought they were using VFR. is that the right term?
<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'>Can someone give me a run down of how they are doing it?<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'>Thanks<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'>Scott<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";
color:black'><br>
_______________________________________________ cisco-voip mailing list
cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip <o:p></o:p></span></p>
</div>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=1 width="100%" align=center>
</div>
<p><strong>Disclaimer: This e-mail communication and any attachments may
contain confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the intended
addressee, you are hereby notified that you have received this communication in
error and that any use or reproduction of this email or its contents is
strictly prohibited and may be unlawful. If you have received this communication
in error, please notify us immediately by replying to this message and deleting
it from your computer. Thank you. </strong><o:p></o:p></p>
</div>
</body>
</html>