Is Metro-ethernet Secured ? Compare with FR/ATM

Hi,
Just would like to understand if Metro-ethernet has the same security level as FR and ATM ? Metro-ethernet has broadcast nature and it seems mirroring ethernet frame is much more easier than FR and ATM . Is there any study onto the security issues presented in the Metro-ethernet technology ?
I see a lot of customers doing IPSec on the Metro-ethernet and they don't do this on the FR or ATM links ?
Thanks

I have not seen any document, but my understanding is that FR and ATM networks do not have broadcast capability which is an inherent security feature. Sites can communicte only if a VC is configured between them. In metro ethernet, broadcasting is possible and the providers have to implement security to islolate customers by configuring some feature. Since the customers may not trust the level of security provided by the providers, they may choose to run IPSec over this type of access.

Similar Messages

  • Metro Ethernet Design With Redundant Head Ends

    We're getting ready to turn up some metro ethernet circuits that were just installed by AT&T. AT&T has provided a VLAN for each remote site (so each site has its own VLAN), and those VLANs are trunked to our head end switches (Cisco 3750 Metro Switches).
    I'm struggling with the best design for IP routing. We currently use OSPF on our internal network, and I was going to extend OSPF to our metro solution as well, but I'm not so sure now.
    I don't want routing to occur directly between head end #1 and head end #2, we already have redundant paths within our corporate network, and allowing our two head ends to route between each other via our metro ethernet solution is not what we want. However, running OSPF on each of the VLANs which have been provisioned for us would permit routing between the head ends.
    We simply need to allow redundanny for our remote locations in the event that one head end were to fail, all of the traffic to/from the remote site would be routed through the head end which is still online.
    Anyone suggestions on the best routing design for this situation would be greatly appreciated. I've attached a network diagram to make things clear. I believe I can also go back to AT&T and request one VLAN that includes all sites if that would simply things. I just need to make sure I can still do our traffic shaping because the remote sites are only 10mbps and the head ends are 1gbps.
    Thanks,
    -Steve

    just at a glance it looks as if you should be able to have stp on and setup 1 site as primary and other as secondary

  • Security for Metro Ethernet over Fiber

    Is metro-ethernet over fiber (point-to-point) link secure ? Can someone sniff into the network (and see unencrypted data) over Metro-ethernet point-to-point link ?

    You might want to read this:
    http://www.cisco.com/en/US/solutions/collateral/ns341/ns522/ns3/metro_ethernet_white_paper.pdf

  • EIGRP with over 1000 neighbors using Metro Ethernet

    No documentation about using EIGRP with what kind router can build a large network using Metro Ethernet. Cisco7600 become unstable unstable after applying over 600 eigrp neighbors.

    Is there a reason you need EIGRP? If you're scaling to 1000 neighbors you should really use BGP. It's meant to be scalabale (I have routers that have 150,000 BGP routes in it). It's really designed for scalability, where as I find EIGRP is preferable in a low-neighbor routing environment.
    -Mike
    http://cs-mars.blogspot.com

  • Help with setting up Metro Ethernet

    Can someone please help and give suggestions and possible configuration options for setting up metro ethernet in the following senario:
    Will be setting up ME between headquarters and three remote branch offices. Each remote branch will be provisioned to 10MB, and the headquarters will have one link for the aggregate provisioned to 30MB.
    My questions, we will have routers at the remotes, but how will this terminate at the headquarters? Do we connect the one ME aggregate connection to a router, or to a L3 switch? And how do you configure the headquarters devices to separate the traffic? Do you use sub interfaces like in frame relay? Please provide a sample config if possible.
    Thanks

    HI,
    Assume you have 3560 SW at your HQ and where you can terminate the ME circuts.
    Configuration in Switch as:
    3560SW#sh run int Fa0/5
    Building configuration...
    Current configuration : 123 bytes
    interface FastEthernet0/5
    description ***************
    switchport access vlan 40
    switchport mode access
    end
    Create a SVI interface at the Router, the configuration is as:
    7604-Backbone-RTR#sh run int Vl40
    Building configuration...
    Current configuration : 119 bytes
    interface Vlan40
    description *********
    ip vrf forwarding 1234-NAME-MESH
    ip address xx.xx.xx.xx 255.255.255.252
    end
    In the above configuration, VRF is applied on Interface to make the pefix unique across the Backbone.
    is it here at the remotes where I will configure the "sub-interfaces"?
    A. Yes, the case for remote is same as that of HQ.
    Pls Rate if HELPS
    Best Regards,
    Guru Prasad R.

  • Metro Ethernet Design question

    Hello,
    I was wondering how service providers guarantee their security protection in the Metro Ethernet model, especially when Internet is one of the applications used over the Metro network.
    For example: The customer edge switch (3550) is connected directly to the service provider aggregation layer(either Cisco Catalyst 4500 and 6500 Series switches ) .
    In the network core, Cisco 12000 or Cisco 7600 Series routers.
    So where is the security devices in this architecture, where is the firewalls, the IDS/IPS, that protects the service provider core from any threats.
    Providing the customer with Internet in Ethernet switching technology the service will put the provider in a vulnerable position.
    Am I thinking wrong here?

    Hi
    The CE will be hardened using storm control both multicast as well as broadcast on the ports where the end users are connected.
    About the accesiability between the other users who are connected on the ports of same switches you have switchport security coded which will take care of the access violation part.
    Also the maximum no of MAC address which can be permitted/allowed over the ports.
    This inturn will send u a trap and can shut the port if theres any violation detected on those ports..
    In the next layer where u say 6500 or 7600 u will have FWSM modules which will be taking care of filtering and other funtionalities which is very much similar to a standalone PIX firewall.
    you can have redundandcy or even load balancing with
    the FWSM modules over there in the 6500 switches.
    And ofcourse the IP addressing schemes deployed would be in private scopes and will have either NAT pools or PAT enabled in the FWSM.
    you got to have more n more ACLS on all the devices to mitigate the general known worms/virus or their variants in the network applied in applicable points.
    regds

  • Metro Ethernet vs Leased line

    Guys,
    I'm setting a proposal for WAN link. there will 2 option, 45 MB leased line and 100 Metro ethernet. I need to know what is the pro/cons for this 2 technology as i need to explain to the customer.
    Do anybody have a link or explaination on this?
    Thanks
    Rezzo

    WAN vs Metro
    1) Future BW Expansion : Metro-E BW expansion is as very easy compared to adding leased circuits to the WAN.
    2) Service levels : Since Metro-E is a service it has better service levels than a traditional WAN link.
    3) Finally Cost: In most cases the BW cost derived per Leased Circuit to that of Metro-E Link is higher in most places.
    What may make the choice of WAN more practical is the availability of WAN only and no Metro service in a area.
    Plus if the customer is not at all comfortable with a shared infrastructure link like Metro-E.
    HTH-Cheers,
    Swaroop

  • 3750 Metro ethernet switch

    Folks,
    I have 6500's at the core and want to use the 3750 at the PE. My question is the following:
    1) 3750 would do Q-IN-Q.
    2) Once the packet reaches the 6500(sup 720) running MPLS. What happens to the frame. Do i use xconnect to transfer the frame to the appropriate PE?
    Just confussed about how does the PE use the Q-IN-Q information to direct it to the appropriate PE?
    Sample config would be highly appreciated.
    Thanks

    Well.. its about product features .. you gotta compare products with your requirments at various layer of your network and to come out with justification of your requirments . Any ways below is snippet for you to have some justification between two products
    ===============================================
    What is the difference between the Cisco Catalyst 3750 Metro Series and the Cisco Catalyst 3750 Series?
    The Cisco Catalyst 3750 Metro Series is built for Metro Ethernet access in a customer location, enabling the delivery of more differentiated Metro Ethernet services. These switches feature bidirectional hierarchical QoS and Traffic Shaping; intelligent 802.1Q tunneling with class-of-service (CoS) mutation; VLAN translation; MPLS, EoMPLS, and Hierarchical Virtual Private LAN Service (H-VPLS) support; and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs. With flexible software options, the Cisco Catalyst 3750 Metro Series offers a cost-effective path for meeting current and future service requirements from service providers.
    The standard Cisco Catalyst 3750 Series is an innovative product line for midsize organizations and enterprise branch offices. Featuring Cisco Systems® StackWise™ technology, Cisco Catalyst 3750 Series products improve LAN operating efficiency by combining industry-leading ease of use and high resiliency for stackable switches.
    What is the Metro Ethernet positioning of the Cisco Catalyst 3750 Metro Series, the Cisco Catalyst 3550 Series, and the Cisco Catalyst 2950 Series?
    Cisco Catalyst 3750 Metro Series Switches
    =========================================
    Cisco Catalyst 3750 Metro Series switches are a new line of premier, customer-located switches that bring greater intelligence for Metro Ethernet access, enabling the delivery of more differentiated Metro Ethernet services. These fixed configuration switches feature bidirectional hierarchical QoS and Traffic Shaping; intelligent 802.1Q tunneling; VLAN translation; MPLS, EoMPLS, and H-VPLS support; and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs. With flexible software options, the Cisco Catalyst 3750 Metro Series offers a cost-effective path for meeting current and future service requirements from service providers.
    Cisco Catalyst 3550 Series Switches
    ==================================
    With a range of Fast Ethernet, Gigabit Ethernet, DC power, and fiber configurations, the Cisco Catalyst 3550 Series is an intelligent metro access switch for service providers serving the enterprise and small and medium-sized business markets. Featuring 802.1Q tunneling, high-performance IP routing, and subsecond Spanning Tree Protocol convergence, this line of powerful, cost-effective, fixed-configuration switches enables Metro Ethernet services such as Transparent LAN services and business-class Internet access.
    Cisco Catalyst 2950 Series Switches
    ===================================
    Ideal for Metro Ethernet access in residential markets, the Cisco Catalyst 2950 Series is an affordable line of fixed-configuration Fast Ethernet and Gigabit Ethernet switches. Featuring advanced rate limiting, voice VLAN support, and multicast management, these switches enable residential Metro Ethernet services such as Internet access, voice over IP (VoIP), and broadcast video.
    Hope it helps
    Ps rate this post if it helps u ..
    Thanks and Regards
    Raj

  • My itunes in pc fails to secure link with itunes store it shows the process bar it automatically quits the process it also does not shows any on the screen. i am using windows xp service pack 3. what shoul i do?

    my itunes in pc fails to secure link with itunes store it shows the process bar it automatically quits the process it also does not shows any on the screen. i am using windows xp service pack 3. what shoul i do?
    Diagnostics test
    Microsoft Windows XP Professional Service Pack 3 (Build 2600)
    ECS G31T-M7
    iTunes 10.5.2.11
    QuickTime 7.6.9
    FairPlay 1.13.37
    Apple Application Support 2.1.6
    iPod Updater Library 10.0d2
    CD Driver 2.2.0.1
    CD Driver DLL 2.1.1.1
    Apple Mobile Device 4.0.0.97
    Apple Mobile Device Driver 1.57.0.0
    Bonjour 3.0.0.10 (333.10)
    Gracenote SDK 1.9.5.502
    Gracenote MusicID 1.9.5.115
    Gracenote Submit 1.9.5.143
    Gracenote DSP 1.9.5.45
    iTunes Serial Number 0012ABAC07F3CCB0
    Current user is an administrator.
    The current local date and time is 2011-12-31 14:06:21.
    iTunes is not running in safe mode.
    WebKit accelerated compositing is enabled.
    HDCP is not supported.
    Core Media is not supported. (16005)
    Video Display Information
    Intel(R) G33/G31 Express Chipset Family
    **** External Plug-ins Information ****
    No external plug-ins installed.
    **** Network Connectivity Tests ****
    Network Adapter Information
    Adapter Name:        {7599FAD1-1BB9-4AC6-80AF-404253DC519E}
    Description:            Atheros L2 Fast Ethernet 10/100 Base-T Controller - Packet Scheduler Miniport
    IP Address:             192.168.1.5
    Subnet Mask:          255.255.255.0
    Default Gateway:    192.168.1.1
    DHCP Enabled:      Yes
    DHCP Server:         192.168.1.1
    Lease Obtained:     Sat Dec 31 13:46:09 2011
    Lease Expires:       Tue Jan 03 13:46:09 2012
    DNS Servers:         192.168.1.1
    Active Connection: LAN Connection
    Connected:             Yes
    Online:                    Yes
    Using Modem:        No
    Using LAN:             Yes
    Using Proxy:           No
    SSL 3.0 Support:     Enabled
    TLS 1.0 Support:     Enabled
    Firewall Information
    Windows Firewall is on.
    iTunes is enabled in Windows Firewall.
    Connection attempt to Apple web site was successful.
    Connection attempt to browsing iTunes Store was successful.
    Connection attempt to purchasing from iTunes Store was successful.
    Connection attempt to iPhone activation server was unsuccessful.
    The network connection timed out.
    Connection attempt to firmware update server was unsuccessful.
    The network connection timed out.
    Connection attempt to Gracenote server was successful.
    Last successful iTunes Store access was 2011-12-31 14:00:02.
    **** Device Connectivity Tests ****
    iPodService 10.5.2.11 is currently running.
    iTunesHelper 10.5.2.11 is currently running.
    Apple Mobile Device service 3.3.0.0 is currently running.
    Universal Serial Bus Controllers:
    Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8.  Device is working properly.
    Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9.  Device is working properly.
    Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA.  Device is working properly.
    Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB.  Device is working properly.
    Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC.  Device is working properly.
    No FireWire (IEEE 1394) Host Controller found.
    Connected Device Information:
    rawkiss’s iPhone, iPhone 3G running firmware version 4.0
    Serial Number:       86931UEAY7H
    **** Device Sync Tests ****
    Sync tests completed successfully.

    I have found a fix after doing additional research through this forum. Tech Note #328730 addresses this problem and it works for Photoshop Album 3.2 even though it was written for release 1.0.
    Here is a link that will take you directly to the Tech Note:
    http://kb.adobe.com/selfservice/viewContent.do?externalId=328730
    When using this fix the Tech Note indicates:
    "Imported image data and tags are lost when you re-create the My Catalog.psa file, so you need to reimport images and reapply any tags"
    however it did retain the captions (at least it did for me).

  • What are the limitation of the 4 Port Gigabit ethernet Security Service Module (4GE SSM)?

    I was wondering if anyone can help me out. I am trying to create a redundancy topology which require several connections to an ASA 5510. I am looking at extending the connections to my ASA 5510 appliance with the four port gig ethernet security module (4GE SSM). I am trying to find out what the limitations are on this particular module.
    I have heard that there might be limitations to the 4GE SSM. Such as the interfaces on this module might process data separately from the ASA 5510 appliance. My question is does the ASA four port gig ethernet security module (4GE SSM) interfaces act as a extension of the ASA 5510 appliance or does it process and filter data separate from the ASA 5510 appliance ?
    My concerns are that the 4GE SSM does not utilize all the security features of the ASA 5510 appliance, and that it just separates traffic into security zones. I interpret that to mean that each interface can be placed in a separate security level in which case has a separate security algorithm and uses the security level to force security policies. Nothing more.
    My second question if relevant would be what are the limitations?
    Thank you for your help on this topic.
    mike

    The 4GE SSM just gives you the four additional ports. It doesn't increase the processing capacity of the 5510 (a relatively low end box whose replacement - the 5515X -  has been out since this past spring). It works off the same configuration script and CPU as all the built-in ports.
    The only limitation I can think of off the top of my head is that members of an Etherchannel cannot span the SSM and the built-in ports.

  • Safari cannot create secure connection with certain websites

    I have OS X 10.10 with every available updates, and Safari's currently unable to 'establish secure connection' with some site I'm trying to connect, most disturbing being the whole Steam network (store/support.steampowered.com, steamcommunity.com, etc). IE (via Bootcamp), Chrome (both standalone and integrated into Steam client) and Firefox have no problem doing so.
    Considering sometime before the in Steam browser indicated the site as insecure (a red lock icon with a cross, typically used to indicate bad cert) for a short time, and hearing of certs issued to gov agencies for man in the middle, I compared the cert for store.steampowered.com/login (which, in contrary to most content on that domain, forces a secure connection) and this discussions.apple.com. Well Firefox and IE do show a normal grey lock icon without organization name, and Chrome admits the website's ownership is unverified (in details, it says ownership is verified by the CA but there's no public verification record; the secure setting of that site has outdated, too) despite having Valve's name and green lock icon. So the cert could be a fake since it's an ordinary (I guess?) cert from a EV authority (DigiCert High Assurance EV CA-1 in this case). The certificate shown from Chrome is totally fine (not a single red cross in the chain), though.
    Well there're other https resources Safari fails to create a secure connection with every now and then. I just forgot/ am unable to test them with other browsers (Sometimes it's not the page itself that can't be retrieved via https, but some resource it loads. Sadly I only know how to use Inspector in Safari, though I'm sure other browsers have similar functions, too). I suspect Safari just refuses such certificates (or the AES_128_CBC method maybe) while other browsers accept it. Is there an override for this?
    Weird enough, https://ev-root.digicert.com/ has grey lock on Firefox and Safari. Seems overriding is the only workaround.
    As a side note, my Safari freezes upon loading PayPal, being ir-responsive for tens of seconds on every activity such as clicking a link. For most of duration of the freeze no high CPU usage is monitored, though ocspd does sometimes take 50% or so, and the web process bursts into 100% immediately before unfreezing. Guess Yosemite has some issues with TLS on the system level.

    This could be a complicated problem to solve, as there are several possible causes for it.
    Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
    Step 1
    From the menu bar, select
               ▹ System Preferences... ▹ Date & Time
    Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
    Check the box marked 
              Set date and time automatically
    if it's not already checked, and select one of the Apple time servers from the menu next to it.
    Step 2
    Triple-click anywhere in the line below on this page to select it:
    /System/Library/Keychains/SystemCACertificates.keychain
    Right-click or control-click the highlighted line and select
              Services ▹ Show Info
    from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
    Repeat with this line:
    /System/Library/Keychains/SystemRootCertificates.keychain
    If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
    Step 3
    Launch the Keychain Access application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
    In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
    In the Keychains list, there should be items named System and System Roots. If not, select
              File ▹ Add Keychain
    from the menu bar and add the following items:
    /Library/Keychains/System.keychain
    /System/Library/Keychains/SystemRootCertificates.keychain
    Open the View menu in the menu bar. If one of the items in the menu is
              Show Expired Certificates
    select it. Otherwise it will show
              Hide Expired Certificates
    which is what you want.
    From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
              Secure Sockets Layer (SSL)
    select
              no value specified
    Close the inspection window. You'll be prompted for your administrator password to update the settings.
    Now open the same inspection window again, and select
              When using this certificate: Use System Defaults
    Save the change in the same way as before.
    Revert all the certificates with non-default trust settings. Never again change any of those settings.
    Step 4
    Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
    Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
              Help ▹ Keychain Access Help
    from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
    Step 5
    From the menu bar, select
              Keychain Access ▹ Preferences... ▹ Certificates
    There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.
    Step 6
    Triple-click anywhere in the line of text below on this page to select it:
    /var/db/crls
    Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
    A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
    Restart the computer, empty the Trash, and test.
    Step 7
    Triple-click anywhere in the line below on this page to select it:
    open -e /etc/hosts
    Copy the selected text to the Clipboard by pressing the key combination command-C.
    Launch the built-in Terminal application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
    Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
    # Host Database
    # localhost is used to configure the loopback interface
    # when the system is booting.  Do not change this entry.
    127.0.0.1                              localhost
    255.255.255.255          broadcasthost
    ::1                                        localhost
    fe80::1%lo0                    localhost
    If that's not what you see, post the contents of the window.

  • Customer Equipment for Metro Ethernet Link

    Hi All
    It has been some time since I utilised Cisco network kit to provide private circuit point to point connectivity and I wonder if someone could give me a little guidence.
    The customer is shortly to implement a new 100Mb Metro Ethernet link to connect two of their branches. They initially intend to use the link for data only traffic but eventually will want to route VOIP traffic across the link so bandwidth management and QoS will be essential components. It is unlikely that further links will be added to this link so built in expansion of the chosen routers may not be required.
    Budget will be an issue on this so I would appreciate any advice or recomendations.
    Thanks
    J.

    Hello James,
    I think it would be better to get in touch with your Cisco Account Team as this question cannot be answered on a forum post.
    Thanks,
    Karim

  • Metro Ethernet implementation questions

    I am planning a Metro Ethernet upgrade for a network I manage. This is the first time I’ve implemented Metro on any network. I’m looking for some suggestions and answers to a couple questions regarding this upgrade.
    The current network is Hub and spoke connected by copper lines to 17 different locations from a DS3 @ our HQ. HQ also has a DS3 to the internet which the branch locations go out for internet. At our branches we have a private and public network on different subnets. Each branch location has either a T1 or bonded T1 connected to a Cisco 2801 router then to Netgear PoE managed switch(s).
    The upgrade of the DS3 for internet is going to 100 meg. The data side will also be 100meg at HQ, 10meg to our small locations and 100meg to the large.
    My question is what do I need to be aware of on our existing network that must change to get this working?
    1)      Will I simply go from the layer2 Metro Switch to our router?
    2)      Should I remove the router and go directly to the Netgear switch?
    3)      Do I need to VLAN the private and public networks?
    4)      Do I need to change routing tables?
    Thoughts and/or suggestions welcome.
    Let me know if more information is required to assist in answers.
    Thanks

    Hi,
    I think it would be better to include Cisco Account Manager/SE for this upgrade, they can guide you better and can come up with LLD for this upgrade, otherwise upgrading your 17 sites without proper planning can cause you serious issues.
    Yasir

  • Best way to detect failure in Metro ethernet networks

    Hello ,
    I am working for a well known provider and I am currently migrating one of my client from Frame-relay to Metro-ethernet link .
    I am actually looking for advices on what sort of mechanism to implement to detect a failure in the ME parth .
    As you probably know , failure on one of the links might cause the CE-SWITCH-PE interfaces to stay up/up and the network will not neceseraliy start converging .
    So far I have implemented BFD along with IP SLA route tracking , I am happy with BFD but the IP SLA is acting "weird" .
    - IP SLA ICMP tracking rely on ICMP packets and was too sensitive to packets lost
    - We switched to ip route sla tracking but I am still unsure about the best way to use or implement this .
    Is there some sort of best practices available somewhere for this ?
    thanks ¨
    T

    Hello Thomas,
    From what i have seen BFD is best bet as it allows to relax the L3 protocols timers ( BGP / any other protocol used between CE- PE ). Another option is to have gre tunnel between the PE - CE link and track this tunnel interface.
    Regards,
    Shreeram

  • Metro Ethernet in RAIL Transportation (MRTS) applications

    Dear Sir,
    I have a query related to Metro Ethernet technology.
    We are into TRANSPORTATION SYSTEMS. We are coming up with a MRTS Project in Mumbai , India. We are at a planning stage at the moment. As per our experience, companies in RAIL MRTS Applications are using SDH technology (MUX and access multiplexers).
    Could you please suggest , should we go for METRO ETHERNET of SDH Technology.
    Are there any players/ any Metro Projects who have implemented Metro Ethernet ( instead of SDH).

    Hi Pankaj
    What kinda applications you are going to use and what kinda bandwidth requirement you have in place ?
    Also do revert back the number of locations and a bit more onto your topology which mite help to get back with our suggestions..
    regds

Maybe you are looking for