<div>And that's what I'm looking at. I have NO MPLS so I should be good.</div>
<div> </div>
<div>Thanks All</div>
<div> </div>
<div>Scott<br><br></div>
<div class="gmail_quote">On Tue, Dec 2, 2008 at 3:44 PM, Mark Holloway <span dir="ltr"><<a href="mailto:mh@markholloway.com">mh@markholloway.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div lang="EN-US" vlink="purple" link="blue">
<div>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">You can also use VRF Lite which allows you to use VRF's without using MPLS.</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<div>
<div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<p><b><span style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of </b>Jason Aarons (US)<br>
<b>Sent:</b> Tuesday, December 02, 2008 4:36 PM<br><b>To:</b> Lelio Fulgenzi; Scott Voll
<div>
<div></div>
<div class="Wj3C7c"><br><b>Cc:</b> cisco-voip<br><b>Subject:</b> Re: [cisco-voip] Securing Voice networks</div></div></span>
<p></p></p></div></div>
<div>
<div></div>
<div class="Wj3C7c">
<p> </p>
<p><span style="FONT-SIZE: 10pt; COLOR: navy">VRF is the backbone of how MPLS works. Your network routes are in a private VRF that only you can see. If they can hack or mis-configure the VRF then your routes could be advertised to a hack is the security worst case scenario with MPLS. I believe you can filter a VRF into another VRF but haven't seen that myself. I went thru backbone service provider MPLS training, did all the labs and haven't used VRF much since then.</span></p>
<p><span style="FONT-SIZE: 10pt; COLOR: navy"> </span></p>
<div>
<div style="TEXT-ALIGN: center" align="center">
<hr align="center" width="100%" size="2">
</div>
<p><b><span style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of </b>Lelio Fulgenzi<br>
<b>Sent:</b> Tuesday, December 02, 2008 6:07 PM<br><b>To:</b> Scott Voll<br><b>Cc:</b> cisco-voip<br><b>Subject:</b> Re: [cisco-voip] Securing Voice networks</span></p></div>
<p> </p>
<div>
<p style="MARGIN-BOTTOM: 12pt"><span style="FONT-SIZE: 10pt; COLOR: black">The term is VRF. <a href="http://en.wikipedia.org/wiki/VRF" target="_blank">http://en.wikipedia.org/wiki/VRF</a><br><br>I'm still not clear as to the difference, but from what I understand, they are logically two separate networks and go beyond the level of seperation that VLANs provide. For example, you can have two VRF domains and route them across your network, both with the same IP address space but still logically separated. What I don't know, is whether you can somehow route between two VRF domains (if that's even what you call them).<br>
<br>For now, we are using ACLs, and for the most part they work, but it's not ideal. Putting things behind a firewall makes sense, but with multiple data centres, you have to ensure that the voice servers can communicate with each other unhindered/unblocked. There are also some issues with respect to asymetrical routing which I think is an issue for us.<br>
<br>Until Cisco comes up with a recommended design for putting their voice servers behind firewalls in multiple data centres, I think people will be clamoring. <br><br><br>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1<br>
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)<br>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>"Bad grammar makes me [sic]" - Tshirt<br><br><br>----- Original Message -----<br>From: "Scott Voll" <<a href="mailto:svoll.voip@gmail.com" target="_blank">svoll.voip@gmail.com</a>><br>
To: "<<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>>" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>Sent: Tuesday, December 2, 2008 5:56:59 PM GMT -05:00 US/Canada Eastern<br>
Subject: [cisco-voip] Securing Voice networks</span></p>
<div>
<p><span style="FONT-SIZE: 10pt; COLOR: black">I have multiple Voice networks that I would like to put behind my FWSM. At CIPTUG (pass the mic) i asked the question of how others were doing it and I thought they were using VFR. is that the right term? </span></p>
</div>
<div>
<p><span style="FONT-SIZE: 10pt; COLOR: black"> </span></p></div>
<div>
<p><span style="FONT-SIZE: 10pt; COLOR: black">Can someone give me a run down of how they are doing it?</span></p></div>
<div>
<p><span style="FONT-SIZE: 10pt; COLOR: black"> </span></p></div>
<div>
<p><span style="FONT-SIZE: 10pt; COLOR: black">Thanks</span></p></div>
<div>
<p><span style="FONT-SIZE: 10pt; COLOR: black"> </span></p></div>
<div>
<p><span style="FONT-SIZE: 10pt; COLOR: black">Scott</span></p></div>
<p><span style="FONT-SIZE: 10pt; COLOR: black"><br>_______________________________________________ cisco-voip mailing list <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a> </span></p>
</div>
<div style="TEXT-ALIGN: center" align="center">
<hr align="center" width="100%" size="1">
</div>
<p><strong>Disclaimer: This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you. </strong></p>
</div></div></div></div></blockquote></div><br>