Re: Securing MPLS Network.

Bill,

You can consider preventing any routing protocol but the one thatPE peers
with CE through.
Prevent any routes but the ones originated from the CE.

Moreover, you need to hide the core structure to customer network,,,,,

Configure strict ACLs for the access to the PEs.

Prevent lable spoofing using variety of techniques...

etc...

On Tue, May 19, 2009 at 3:32 PM, Mohammad T. Dawod
<www.engineer_at_gmail.com>wrote:

> Thanks Anantha.
> Brief but useful.
> Please send more if you hav
>
>
>
> On Tue, May 19, 2009 at 3:18 PM, Anantha Subramanian Natarajan <
> anantha.natarajan_at_gravitant.com> wrote:
>
>> Hi Bill,
>>
>> You may use "RPF" checks on the interface facing the CE ,if it CE is not
>> dual homed .Can deploy COPP(Control plane policing ) on your PE platform
>> if
>> it supported.Also can employ "maximum routes" command on the PE's under
>> each
>> VRF while running dynamic routing protocol between PE-CE,again if its is
>> supported.Deploy routing protocol authentication between your CE and PE.
>>
>> Regards
>> Anantha Subramanian Natarajan
>>
>> On Tue, May 19, 2009 at 6:52 AM, Bill Roger <coreofit_at_gmail.com> wrote:
>>
>> > Any reference for recommendations about hardening a national MPLS
>> network
>> > when hosting VPN CPEs or ISPs.
>> >
>> > I seek what commands to use to secure the PEs against any risks or abuse
>> > from the CPEs/CEs.
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Best Regards,
> Mohammad
>

-- 
Best Regards,
Mohammad
Blogs and organic groups at http://www.ccie.net