I see your point on security, but I don't completely agree. Your current Frame Relay network is only as secure as your carrier. If someone at your carrier maps a PVC between you and company X, real traffic can flow (assuming your router picks it up and places on the physical interface, which it likely would). Granted, the only way someone could probably use this to hack into your network was if they had a route to you (which they could add) and if you had a route back to them (unlikely unless you are running a routing protocol and they pick up on it).
It seems to me you could make MPLS fairly secure by using a routing protocol with authentication and a simple access list. To answer John's original question, I have only seen MPLS deployed in one organization - they are using Equant as their carrier. They are happy with it, but its hardly widespread. I'm curious why they said they could not give John any-any connectivity if he kept his addressing?? That's basically exactly what MPLS was meant to do...perhaps its an implementation issue...? It also curious why they even suggested changing the addressing. On a network as big as John's (100 site) its a ridiculous idea, and as Joseph mentioned they are going to add a unique VRF, so it doesn't matter if the carrier has 100 customers that all use 192.168.1.0... Rob. ""Joseph Brunner"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > i was pitched this very thing recently by wcom and qwest.. basically it is > only as secure as your carriers.. if some "f*cks up" and imports something > into your VRF, either a default, another vpn, or whatever you security > is finished.. plug banks are supposed to encrypt over IPSEC, so why bother > running MPLS (come one how much diff-serv can do you on frac T-1's anyway) > if you are just going to IPSEC the packets between pix's or vpn > concentrators > anyway.. MPLS right now for 100 sites, just can't be trusted. I used to work > for ISP's, everyone there was a perp.. trust my vpn security to some loser > ISP. > No thanks > > read this > > http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/mxinf_ds.htm > > > > Joseph Brunner > ASN 21572 > MortgageIT MITLending > New York, NY 10038 > (212) 651 - 7695 Voice > (212) 651 - 7795 Fax > > > > -----Original Message----- > From: John Neiberger [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 27, 2002 12:24 PM > To: [EMAIL PROTECTED] > Subject: MPLS in the Enterprise [7:36670] > > > Okay, I'm about to show how clueless I am when it comes to MPLS.... > > I've been getting calls from multiple providers lately all trying to > suggest that I migrate our 100-site frame relay network to their MPLS > network, suggesting that we'll have any-to-any connectivity and the > ability to prioritize traffic classes within the MPLS network. > > Are any of you doing something like this? I'm going to read up on it > but I'm having trouble visualizing it. Does this basically turn our > network into a giant multipoint network? Do our branch routers need to > be aware of MPLS or do providers make this transparent somehow? How > does this affect routing? > > It seems that if we have any-to-any connectivity then the branch > routers don't even need to run a routing protocol; every router would > have one exit point to get to any destination. But, how would the MPLS > cloud know where to route packets? The more I think about it it seems > like our branch routers would have to participate in MPLS to provide the > necessary destination info for the MPLS cloud. > > See how clueless I am? Ugh... Time to do some studying on this. > Since we already do a little video conferencing over IP and are working > on getting VoIP working, it might be beneficial to get away from the > frame relay network. But since I don't understand this new technology, > I don't know if it's a viable solution for us or not. > > Off to CCO I go! > > Thanks, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36694&t=36670 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
