Hi,
As if now i have a very less time to get the customer on my PE it will take
me a long time to read the above mentioned books,for time being can any body
help with any additional command's other than above one so till my
completion of books i will be relaxed.
Thanks,
On Mon, Sep 28, 2009 at 5:17 PM, <sheherezada_at_gmail.com> wrote:
> Other than 'no mpls ip propagate-ttl', I would think of:
>
> - VRF unicast/ multicast prefix limits (so that a CE would not flood
> the PE with too many routes)
> - proper MTU configuration (to avoid fragmentation/ reassembly at the PE)
>
> In general:
>
> - have a separate address block for network infrastructure
> - use control plane policing
> - secure routing protocols (MD5 signature, GTSM- Genralised TTL
> Security Mechanism)
> - advertise the loopbacks only (not the P2P links)
>
> HTH,
>
> Mihai
>
> On Sun, Sep 27, 2009 at 9:37 AM, mike arnold <haynessmith70_at_gmail.com>
> wrote:
> > Dears,
> >
> > What IOS security features has to be enabled on PE router to protect
> attacks
> > from Customer edge (CE) devices.So that PE routers should be stable 365
> > days a year. Any reference link or Book which will help.
> >
> > Thanks,
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 01 2009 - 19:25:17 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART