Hi Bill,
You may use "RPF" checks on the interface facing the CE ,if it CE is not
dual homed .Can deploy COPP(Control plane policing ) on your PE platform if
it supported.Also can employ "maximum routes" command on the PE's under each
VRF while running dynamic routing protocol between PE-CE,again if its is
supported.Deploy routing protocol authentication between your CE and PE.
Regards
Anantha Subramanian Natarajan
On Tue, May 19, 2009 at 6:52 AM, Bill Roger <coreofit_at_gmail.com> wrote:
> Any reference for recommendations about hardening a national MPLS network
> when hosting VPN CPEs or ISPs.
>
> I seek what commands to use to secure the PEs against any risks or abuse
> from the CPEs/CEs.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue May 19 2009 - 07:18:33 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:43 ART