Cisco OL-4344-01 - Manuals

1-6 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Overview of ISC • Route Distinguisher (RD) pool : The IP subnets advertised by the CE routers to the PE routers are augmented with a 64-bit prefix called a route distinguisher (...

1-9 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center The Customer’s and Provider’s View of the Network The Customer’s and Provider’s View of the Network From the customer’s point of view, they see their internal routers communicat...

1-12 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Using Templates to Customize Configuration Files Mapping IPsec Tunnels to MPLS VPNs Provisioning network-based IPsec VPNs in order to map IPsec tunnels to MPLS VPNs involves bo...

1-13 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Using Templates to Customize Configuration Files The template files and data files are in XML format. The template file, its data files, and all template configuration file fil...

1-14 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs • Audit Existing Services : Checks and evaluates configuration of deployed service to see if the service is still in effect. • Audit Routing Reports : Checks th...

1-15 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs Characteristics of MPLS VPNs MPLS VPNs have the following characteristics: • Multiprotocol Border Gateway Protocol-Multiprotocol (MP-BGP) extensions are used to...

1-17 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs Figure 1-9 VRFs for Sites in Multiple VPNs VRF Implementation Considerations When implementing VPNs and VRFs, Cisco recommends you keep the following considerat...

1-18 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs • The MPLS VPN backbone relies on the appropriate Interior Gateway Protocol (IGP) that is configured for MPLS, for example, EIGRP, or OSPF. When you issue a sho...

1-19 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs ISC chooses route target values by default, but you can override the automatically assigned RT values if necessary when you first define a CERC in the ISC softw...

1-20 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs ISC supports multiple CEs per site and multiple sites connected to the same PE. Each CERC has unique route targets (RT), route distinguisher (RD) and VRF naming...

1-21 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs Security Requirements for MPLS VPNs This section discusses the security requirements for MPLS VPN architectures. This section concentrates o...

1-22 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs Given addressing and routing separation across an MPLS core network, MPLS offers in this respect the same security as comparable Layer 2 VPN...

1-23 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs Resistance to Attacks It is not possible to directly intrude into other VPNs. However, it is possible to attack the MPLS core, and try to at...

1-24 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs In practice, access to the PE router over the CE-PE interface can be limited to the required routing protocol by using access control lists ...

1-25 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs For security reasons, a PE router should never accept a packet with a label from a CE router. Cisco routers implementation is such that pack...

1-26 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs • PE-P link: use LDP MD5 authentication • P-P This prevents attackers from spoofing a peer router and introducing bogus routing information....

1-27 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs From a security point of view, the merged VPNs behave like one logical VPN, and the security mechanisms described above apply now between th...

1-28 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs The forwarding table for a PE contains only address entries for members of the same VPN. The PE rejects requests for addresses not listed in...

1-29 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs • Layer 2 VPN Service • MPLS VPN Service • Inventory • IPsec VPN Service • FireWall Service • NAT Service • SLA • Deployment Flow Engine • D...

1-31 Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center The Four-Tier System Architecture Figure 1-12 Redundant Load Balancing Configuration The Four-Tier System Architecture The Cisco ISC architecture is a four-tier architecture. T...