""John Neiberger"" wrote in message news:[EMAIL PROTECTED] > I'm at the early stages of considering migrating away from a > point-to-point frame relay network to a layer 3 MPLS-based private > network and I have a couple of questions based on some preliminary > verbal information. > > I was told that no router reconfiguration was required on our side but > I don't see how that's possible. Since our CE router connects the the > PE router they need to have common addressing and a common routing > protocol, which I think must be either OSPF or IS-IS.
You are correct, router reconfiguration will be necessary. You will also need to somehow 'link' your route tables with your provider's tables. > > Regarding the routing protocol, it wouldn't be a big deal to change to > using one of the above but that would still be a change, right? :-) Yep > > Regarding the addressing, is it common for a customer to get a new > addressing scheme for the provider for their edge links? Or, will the > provider readdress their PE connections that interface with our network? > It makes more sense to me that the provider would make us readdress. > Does one method seem to be more common than the other? Usually it's the latter. > > Since this is a layer 3 VPN the provider's routers will have specific > information about our internal addressing, and I can hear our security > people groaning over this already. My boss might not like that idea, as > well. Has this been a security concern for anyone? Is there reason to > be concerned? Conversely, is there a good way for me to explain to my > boss and the security department why we shouldn't be concerned? It is a concern - but I doubt that it's a substantially greater risk than what you had before. Remember that in your old frame-relay setup, your provider could have been sniffing/copying your frames, including route updates that you were sending, and then figured out your addressing (along with anything else your provider wanted to know). The only difference between that situation and RFC2547 VPN's is that now they'll just see all your routes explicitly- they won't need a sniffer. So yes, I could say that it's a little less secure, but not substantially. > > I'm still awaiting more technical information from our provider, and > we're going to have a face-to-face meeting with technical people in a > couple of weeks, but I wanted to become more familiar with this > technology before they get here. > > Many thanks! > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64774&t=64770 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
