<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PostalCode"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>VRF is the backbone of how MPLS works.
Your network routes are in a private VRF that only you can see. If they can
hack or mis-configure the VRF then your routes could be advertised to a hack is
the security worst case scenario with MPLS. I believe you can filter a VRF
into another VRF but haven’t seen that myself. I went thru backbone service
provider MPLS training, did all the labs and haven’t used VRF much since then.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] <b><span style='font-weight:bold'>On
Behalf Of </span></b>Lelio Fulgenzi<br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, December 02, 2008
6:07 PM<br>
<b><span style='font-weight:bold'>To:</span></b> Scott Voll<br>
<b><span style='font-weight:bold'>Cc:</span></b> cisco-voip<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [cisco-voip] Securing
Voice networks</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2 color=black
face=Verdana><span style='font-size:10.0pt;font-family:Verdana;color:black'>The
term is VRF. http://en.wikipedia.org/wiki/VRF<br>
<br>
I'm still not clear as to the difference, but from what I understand, they are
logically two separate networks and go beyond the level of seperation that
VLANs provide. For example, you can have two VRF domains and route them across
your network, both with the same IP address space but still logically
separated. What I don't know, is whether you can somehow route between two VRF
domains (if that's even what you call them).<br>
<br>
For now, we are using ACLs, and for the most part they work, but it's not
ideal. Putting things behind a firewall makes sense, but with multiple data
centres, you have to ensure that the voice servers can communicate with each
other unhindered/unblocked. There are also some issues with respect to
asymetrical routing which I think is an issue for us.<br>
<br>
Until Cisco comes up with a recommended design for putting their voice servers
behind firewalls in multiple data centres, I think people will be clamoring. <br>
<br>
<br>
---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst (CCS) * <st1:PlaceType w:st="on">University</st1:PlaceType> of <st1:PlaceName
w:st="on">Guelph</st1:PlaceName> * <st1:place w:st="on"><st1:City w:st="on">Guelph</st1:City>,
<st1:State w:st="on">Ontario</st1:State> <st1:PostalCode w:st="on">N1G 2W1</st1:PostalCode></st1:place><br>
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>
"Bad grammar makes me [sic]" - Tshirt<br>
<br>
<br>
----- Original Message -----<br>
From: "Scott Voll" <svoll.voip@gmail.com><br>
To: "<cisco-voip@puck.nether.net>"
<cisco-voip@puck.nether.net><br>
Sent: Tuesday, December 2, 2008 5:56:59 PM GMT -05:00 US/Canada Eastern<br>
Subject: [cisco-voip] Securing Voice networks<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>I have multiple Voice
networks that I would like to put behind my FWSM. At CIPTUG (pass the
mic) i asked the question of how others were doing it and I thought they were
using VFR. is that the right term? <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Can someone give me a
run down of how they are doing it?<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Thanks<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Scott<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><br>
_______________________________________________ cisco-voip mailing list
cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip <o:p></o:p></span></font></p>
</div>
</div>
</body>
</html>
<HTML><BODY><P><hr size=1></P>
<P><STRONG>
Disclaimer:
This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
</STRONG></P></BODY></HTML>