Vll and l2vpn
hi,
can anyone explain the difference between, l2vpn and VLL.
regards,
jack
Broadly MPLS L2VPN are categorized in to two different model Virtual Pseudo Wire Service (VPWS) & Virtual Private LAN service (VPLS). VPLS has last mile Ethernet drop at the customer premises. VPLS helps to extend your LAN domain to remote end via service provides WAN.
Please refer below as capsule for L2VPN:
www.sanog.org/resources/sanog7/waris-l2vpn-tutorial.pdf
Regards
Pradip
Similar Messages
-
Ask the Expert: Packet Capture Capabilities of Cisco Routers and Switches
With Rahul Rammanohar
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about packet capture capabilities of Cisco routers and switches.
In May 2013, we created a video that included packet capture capabilities across multiple Cisco routers and switches. For each product, we began with a discussion about the theory of the capabilities, followed by an explanation of the commands, and we concluded with a demo on real devices. In this Ask the Expert event, you’re encouraged to ask questions about the packet capture capabilities of these Cisco devices:
• 7600/6500: mini protocol analyzer (MPA), ELAM, and Netdr
• ASR9k: network processor capture
• 7200/ISRs: embedded packet capture
• Cisco Nexus 7K, 5K, and 3K: Ethanalyzer
• Cisco Nexus 7K: ELAM
• CRS: show captured packets
• ASR1K: embedded packet capture
More Information
Blog URL: Packet Capture Capabilities of Cisco Routers and Switches
Watch the Video: https://supportforums.cisco.com/videos/6226
Hitesh Kumar is a customer support engineer in the High-Touch Technical Services team at Cisco specializing in routing protocols. He has been supporting major service providers and enterprise customers in routing, Multiprotocol Label Switching (MPLS), multicast, and Layer 2 VPN (L2VPN) issues on routing platforms for more than three years. He has more than six years of experience in the IT industry and holds a CCIE certification (number 38757) in service.
Rahul Rammanohar is a technical leader with the High-Touch Technical Support Team in India. He handles escalations in the area of routing protocols and large-scale architectures for devices running Cisco IOS, IOS-XR, and IOS-XE Software. He has been supporting major service providers and large enterprise customers for routing, MPLS, multicast, and L2VPN issues on all routing platforms. He has more than 13 years of experience and holds a CCIE certification (number 13015) in routing/switching and service provider.
Remember to use the rating system to let Hitesh and Rahul know if you have received an adequate response.
Because of the volume expected during this event, Hitesh and Rahul might not be able to answer each question. Remember that you can continue the conversation in the Service Provider, sub-community forum shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.Hello Erick
Thanks for the topology. The trigger will be different for labelled packet as you would need to mention the values of labels too in the trigger.
Below are two examples of one or two labels being used, it depends on where you are capturing the packet in mplsvpn scenario which will decide teh number of labels being imposed on the packet.
Trigger for one label. (if the router on which you are capturing the packet PHP is being performed)
VPN label - 5678
Source Address - 111.111.111.111
Destination Address - 123.123.123.123
show platform capture elam trigger dbus others if data = 0 0 0 0x88470162 0xE0000000 0 0 0x00006F6F 0x6F6F 7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
Trigger for two labels. (for other core routers)
IGP label - 1234
VPN label - 5678
Source Address - 111.111.111.111
Destination Address - 123.123.123.123
show platform capture elam trigger dbus others if data = 0 0 0 0x8847004D 0x20000162 0xE0000000 0 0 0x00006F6F 0x6F6F7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf000ffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
You can check the labels being used (by using show ip cef <> details) and covert their values to hex and change the trigger accordingly.
I have changed the colors for better understanding. If you notice carefully in the trigger the values for ip address, labels have just been converted to their respective hex values which could be replaced.
Please let me know if this helps.
Thanks & Regards
Hitesh & Rahul -
Hi,
I want to capture packet on gi0/0 of PE1 in order to show customer that all his traffic is encapsulated and transmitted by L2VPN (ldp signaling) in his lab.
CE1-----------(g0/1)PE1(g0/0)------------PE2-----------CE2
PE1 and PE2 are Cisco3945 and L2VPN is working well. I tried cisco RITE(Router IP Traffic Export Packet Capture) feature, but the output was not what I expected. I tried both export mode and capture mode. Only LDP hello message I got, looks like RITE is only interested in IP packet. Monitor session wasn't effective as well because it is not a switch.
Is there any other way/workaround to capture customer's traffic encapsulated in L2VPN?
What I did on PE1 when I was trying RITE export mode:
ip traffic-export profile test
bidirectional
interface GigabitEthernet0/2
mac-address e411.5b44.3a6d
interface GigabitEthernet0/2
ip address 10.1.2.1 255.255.255.0
interface GigabitEthernet0/0
ip traffic-export apply test
Gi0/2 connected my PC(10.1.2.2) with wireshark installed.
Many thanks.
Regards,
Jerry FanThanks Shivlu. I tried, but failed. 'monitor capture' is only interested in ipv4 and ipv6. Maybe the IOS in Cisco3945 isn't same as the IOS in Cat6500 or Cisco7600 or GSR/CSR.
See following:
===================================================================
Router_MPS_TEST_A#monitor capture ?
buffer Control Capture Buffers
point Control Capture Points
Router_MPS_TEST_A#monitor capture po
Router_MPS_TEST_A#monitor capture point ?
associate Associate capture point with capture buffer
disassociate Dis-associate capture point from capture buffer
ip IPv4
ipv6 IPv6
start Enable Capture Point
stop Disable Capture Point
Router_MPS_TEST_A#monitor capture point ip ?
cef IPv4 CEF
process-switched Process switched packets
Router_MPS_TEST_A#monitor capture point ip p
Router_MPS_TEST_A#monitor capture point ip process-switched ?
WORD Name of the Capture Point
Router_MPS_TEST_A#monitor capture point ip process-switched test-point ?
both Inbound and outbound and packets
from-us Packets originating locally
in Inbound packets
out Outbound packets
Router_MPS_TEST_A#monitor capture point ip process-switched test-point b
Router_MPS_TEST_A#monitor capture point ip process-switched test-point both ?
Router_MPS_TEST_A#monitor capture point ip process-switched test-point both
===================================================================
At last, I have to insert a switch in the middle of two cisco3945 and configured port span. That worked very well. Anyway, many thanks for your advice.
Jerry Fan -
URGENT: MPLS P/ PE support on 7600/Sup720-BXL and 3750 Metro switch
I'm need to design a MPLS network for a Cable Operator.
They will start small with some Cisco CMTS doing MPLS-PE and needing only two devices to aggregate these PE and delivering Services (Internet connection, VoD, ...) , so they will need to work has P/PE.
For that I want to know if it's possible to:
1 - Use 3750 Metro and 7600/Sup720-BXL as P and PE
2 - Who many customers (L2VPN/VLANs and/or L3VPN/VRF) can they support?
Searching in CCO I found these values/features but, need URGENT to check:
1 - sup720-bxl supports P and PE but 3750 only PE?
2 - 3750 supports 1024 VLANs and 8,192 MPLS labels but no values on L3VPN/VRF?
SUP720 supports more than 1000 VRF?
Really need urgent HELP on this design/capabilities for these two devices.
Thanks in advance,
MP
Network Consultant - CCIEbefore you even get anywhere close to the numbers of L2/L3 on a 7200 I would seriously consider asking what throughput you can get through a 7200 with MPLS, QOS, L3vpns and L2vpns configured. I have done this testing already but dont think it is appropriate to quote the figures publically.
-
Am having problem bringing up mpls l2vpn between asr9k and 7609 router . Below is my config. The interfaces are up, the vc working, but can't ping across.
AS9K
interface GigabitEthernet0/2/0/6.609 l2transport
encapsulation dot1q 609
rewrite ingress tag pop 1 symmetric
mtu 1526
pw-class TST
encapsulation mpls
transport-mode vlan
xconnect group TST
p2p TST
interface GigabitEthernet0/6.609
neighbor 2.2.2.2 pw-id 609
pw-class TST
7609
interface gig 3/4.609
encapsulation dot1q 609
xconnect 1.1.1.1 609 encapsulation mpls
***OUTPUT FROM ASR9K********
RP/0/RSP0/CPU0#sh l2vpn xconnect pw-class TST detail
Group X,X, state is up; Interworking none
AC: GigabitEthernet0/6.609, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [905, 905]
MTU 1512; XC ID 0x1040003; interworking none
Statistics:
packets: received 735789487, sent 725878036
bytes: received 405747931393, sent 184926449749
drops: illegal VLAN 0, illegal length 0
PW: neighbor 2.2.2.2, PW ID 609, state is up ( established )
PW class ENS, XC ID 0xc0000003
Encapsulation MPLS, protocol LDP
Source address 1.1.1.1
PW type Ethernet VLAN, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
Label 17442 847
Group ID 0x80003c0 0x0
Interface GigabitEthernet0/6.609 uknown
MTU 1512 1512
Control word disabled disabled
PW type Ethernet VLAN Ethernet VLAN
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225475
Statistics:
packets: received 725878036, sent 735789487
bytes: received 184926449749, sent 405747931393
*******7609 OUTPUT*******
Local interface: Gi1/3.609 up, line protocol up, Eth VLAN 609 up
Destination address: 1.1.1.1, VC ID: 609, VC status: up
Output interface: Gi2/4, imposed label stack {0 151644}******************This is my problem no imposed label on 7609
Preferred path: not configured
Default path: active
Next hop: 10.198.64.21
Create time: 00:00:16, last status change time: 00:00:16
Signaling protocol: LDP, peer 1.1.1.1 up
Targeted Hello: 2.2.2.2(LDP Id) -> 1.1.1.1, LDP is UP
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last local SSS circuit status rcvd: No fault
Last local SSS circuit status sent: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 505, remote 151644
Group ID: local 0, remote 134218688
MTU: local 1508, remote 1508
Remote interface description: GigabitEthernet0_6_.609
Sequencing: receive disabled, send disabled
Control Word: Off (configured: autosense)
SSO Descriptor: 1.1.1.1/609, local label: 505
SSM segment/switch IDs: 57633/24673 (used), PWID: 28772
VC statistics:
transit packet totals: receive 3, send 0
transit byte totals: receive 216, send 0
transit packet drops: receive 0, seq error 0, send 0Hello ogungbenro wale,
Would you be so kind to verify the output form 7600, since the config part does not correspond to VC you provided output for:
interface gig 3/4.609 <=
Local interface: Gi1/3.609 up, line protocol up, Eth VLAN 609 up <= -
L2VPN between ASR9000 and ME3800x
Hi,
I'm trying to set up a L2VPN(Vlan Mode) between a trunk port on an ASR9000, and an ME3800x.
The ASR is set up with an EFP:
interface GigabitEthernet0/0/0/19.912 l2transport
encapsulation dot1q 912
rewrite ingress tag pop 1 symmetric
mtu 1618
l2vpn
pw-class VlanMode
encapsulation mpls
transport-mode vlan
xconnect group orkide
p2p OrkideSurnadal
interface GigabitEthernet0/0/0/19.912
neighbor xxx.xxx.xxx.75 pw-id 912
pw-class VlanMode
On the other side I have terminated the xconnect on an ME3800x:
interface Vlan912
mtu 1600
no ip address
xconnect xxx.xxx.xxx.82 912 encapsulation mpls
end
The VC is UP:
Local intf Local circuit Dest address VC ID Status
Vl912 Eth VLAN 912 xxx.xxx.xxx.82 912 UP
Is this the correct way to to do this?
I can't get this to work like it should. If I should do this with switches, I would just configure a vlan from end-to-end.
Thanks in advance,
Jan Ove GregerHi,
I'm sorry for the confusion, but there is an MPLS network between them.
I tried using VC5/Ethernet mode, and the xconnect is UP again:
Group orkide, XC OrkideSurnadal, state is up; Interworking none
AC: GigabitEthernet0/0/0/19.912, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [912, 912]
MTU 1600; XC ID 0x40011; interworking none
Statistics:
packets: received 134, sent 12
bytes: received 9112, sent 816
drops: illegal VLAN 0, illegal length 0
PW: neighbor 85.93.224.75, PW ID 912, state is up ( established )
PW class not set, XC ID 0x40011
Encapsulation MPLS, protocol LDP
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
Label 16003 20
Group ID 0x5c0 0x0
Interface GigabitEthernet0/0/0/19.912 unknown
MTU 1600 1600
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x2
(router alert label) (router alert label)
(TTL expiry)
MIB cpwVcIndex: 0
Create time: 30/01/2012 19:52:07 (00:04:34 ago)
Last time status changed: 30/01/2012 19:52:07 (00:04:34 ago)
Statistics:
packets: received 12, sent 134
bytes: received 816, sent 9112
But still no connection or mac-adresses on vlan 912 on the trunk of the ME3800x.
For testing we have setup a network 10.33.33.1/24 on vlan 912 of the AC on the ASR. On the trunk port of the ME3800x we have a 3560 where we also have configured 10.33.33.10/24 on vlan 912.
So they should be able to see each other, but they don't...
Regards,
JoG -
About L2VPN and BPDU transport
Hi folks,
my topology is like that:
vlan 30 - router A & B - mpls cloud (no vlans) - router C & D - vlan 30
I've created two xconnect tunnels (A-C and B-D), but the first is working, the second is for a cold backup.
How could I use both at the same time? Maybe I've to transport the BPDUs, to loop prevention, but how? Any advice will be appreciated
Regards
AndreaAndrea, since you are using a L2transport, the PE's would be L3 peers, so do not enable STP between the PE's.
And if you are seeing a designated port then its normal, as each PE will consider itself the root for Vlan which it is transporting to the other side.
Designated-Root role in your topology means a problem, which will signify some one else is the root.
Now coming to your CE, to check STP is working fine or not try to manipulate the STP Bridge priority and see the effect for common Vlans spanning tree root ID. the root ID shoudl be the bridge ID of the switch whose priority you reduced.
Please do let me know if you have any more questions.
HTH-Cheers,
Swaroop -
Dsatsource /ODS/Cube for Open PR and Open PO"
Dear Experts
I want to build a report in which I need to show "Open PR and Open PO" but I could not locate these fields in the BW CUBE / ODS / DATASOURCES. Can anybody tell me where I can find these fields..........
Dinesh SharmaDear,
There is no specific standard data source is not available to fetch us "Open PO" or "Open PR". first vll talk about PO.
For open PO,
case - 1
Need to report count of all PO's which are in open status.
Case-2
Need to report TBQ ( to be delivered Qty ) against each over due PO.
Basically we have - EKKO - HEADER , EKPO - ITEM AND EKET - SCHEDULE LINE ( GRC - GOODS RECEIVED ) is available,
so create a view, take all these three tables EKKO, EKPO and EKET.
EKPO
1 DELIVERY COMPLETED INDICATOR ELIKZ
1 DELETION INDICATOR IN PD LOEKZ
1 ARTICLE NUM MATNR
1 SITE WERKS
X PO DOCUMENT NUM EBELN
PURCHASING ORDER QUANTITY MENGE
PURCHASING ORDER UOM MEINS
NET ORDER VAL IN PUR ORDER CURRENCY NETWR
NET PRICE IN PURCHASING DOC IN DOC CURRENCY NETPR
no PRICE UNIT PEINH
X ITEM NUMBER OF PURCHASING DOCUMENT EBELP
EKKO
DATE ON WHICH RECORD WAS CREATED AEDAT
PURCHASING DOCUMENT DATE BEDAT
DELIVERY DATE EQ_EINDT
RELEASE INDICATOR PURCHASING DOC FRGKE
RELEASE STATUS FRGZU
0PO_UNIT PURCHASING DOCUMENT NUM EBELN
CURR KEY WAERS
EKET
QUANTITY OF GOODS RECEIVED WEMNG
PURCHASING DOC NUM EBELN
ITEM NUM OF PURCHASING DOC EBELP
Logic - create a generic DS, by view, FIRST send the data to DSO, there mention a field like TDQ ( to be deliver qty ), TDQ = po qty - goods received qty. -
create a cube above DSO, set a filter, allow only those records who has TDQ <>0, so your cube contains only pending PO.
hope it helped u.
Thanks, -
Regarding Creation of Views and Multiple Datasources.
Dear All,
I hv a COreport(Cost Center Report).the data is coming from tables of CO,FI,SD,MM.
The Tables from CO are COEP,COSP,COSS,CSKS,CRHD,CSKU,CRCO,CSKB
The tables from SD are VBRK,KNA1
The Tables from MM are EKKO,LFA1.
The table from FI are SKAT,BKPF,BSIK,BSAK.
1)Can i create a view for these tables?Can a view be called a DS.
2)With these tables i hv Multiple DS's.So can i use Multiple DS's to extract data
3)Can i use FM to extract Data?If i use FM,vll i face errors during Support?
4)Please Guide me how to create Views for these tables and How to handle Multiple Datasources.
ThanksNoor,
Have you checked suitable business content datasources.
I think you have lot of options
FIrst You need to have a multiple data source
--> Check for suitable business content datasources
--> check whether these details are already available in BW through any means (through other standard datasources to ODS)
--> Create customized extractor finally as a last option
All these tables are atandard and nost probably you would find a standard datasource ( again multiple) I am sure for costing you have standard
Few or more standard datasources or already existing BW objexts with 1 or 2(rarely) customized extractor would do the purpose that you look for,....
Good Luck !!!
Regards
VJ -
SPA-1X10GE-L-V2 AND 4-10GBE-WL-XFP SUPPORTED FEATURES
Hello!
I am trying to find documents that prove the following:
4-10GBE-WL-XFP (with CRS-FP40 and XC-L2L3VPN)
SPA-1X10GE-L-V2 (with CRS-MSC-40G-B AND CRS1-SIP-800)
FEATURES NEEDED:
-802.1q encapsulation for L2VPN (EoMPLS & VPLS), L3 and L3VPN
-802.3ad and QinQ for L2VPN (EoMPLS)
-Support complete separation of QoS EXP, TOS, DSCP per interface
-Support complete separation of QoS EXP, TOS, DSCP per VLAN.
I am still researching to see if I can find supporting cisco documents.
Thanks in advance,
RodrigoHi Rashed,
I see that your list includes Cisco Insight Reporter and Cisco Service Control Subscriber Manager. Those are SW pieces which will require some servers to run them. You can review the following documents to have an idea of the SW and HW requirements for the servers required to run those components:
- Insight:
http://www.cisco.com/en/US/docs/cable/serv_exch/serv_control/broadband_app/insight/rel34/install_guide/insight_34_ig.pdf
- Subscriber Manager:
www.cisco.com/en/US/docs/cable/serv_exch/serv_control/broadband_app/rel38x/smug/Installation_and_Upgrading.html
If you have any doubt, I would strongly suggest you to reach out to your local Cisco Acount Team for these type of questions. They will be able to provide you proper support and guidance for these type of inquires.
Best regards. -
Hi,
I don't understand how to make to improve the security of dot1q tunneling. If the client makes some errors by example by disabling the spanning-tree on a vlan and he creates a loop between differents sites (L2VPN). What are the safety standards for Q-in-Q to protect the provider ?
Thank you for your help.
Regards.
DavidIt depends upon which switch you are using , If you are using a L3 capable switch , routing can be done on the switch it self , or if its a pure L2 switch you may have to create VLANs and route using sub-interfaces in the routers.Use these links for more details.
http://cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf50.html#1008908
http://cisco.com/en/US/products/hw/routers/ps368/products_configuration_guide_chapter09186a0080161137.html -
IOS XR Layer 2 internetworking and layer 2 local switching
I have 12410 with iox 3.6.1 and sip 501 with spa-5GE I want to configure layer 2 vpns for internetworking and layer 2 local switching. I search in the command reference and I didnt find the connect command nor internetwork ip under the PW class. can any one tell me how to configure it
Hi,
Here is an example for local switching:
RP/0/1/CPU0:router(config-if)#l2vpn
RP/0/1/CPU0:router(config-l2vpn)#xconnect group local
RP/0/1/CPU0:router(config-l2vpn-xc)#p2p ac1
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#interface gi0/3/0/0
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#interface gi0/3/0/1
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#commit
RP/0/1/CPU0:router(config-l2vpn-xc-p2p)#end
Any-2-Any connection type required 3.8
HTH
Laurent. -
L2VPN on 7600 with 10GE interfaces
It is my understanding that SIP-200/400 or OSMs are required for L2VPN on 7600.
- Is there a way to run L2VPNs on a 7600 having only 10GEs and GEs interfaces? What options are there available for L2 VFIs at these speeds?
-WMy recommendation would be to use the new ES-20 Line cards for L2VPN. SIP-200 and SIP-400 or the OSM dont support 10G and have their own VPN restrictions. ES-20 gives the option of 20 X 1G interfaces or 2 X 10G interfaces per slot and should suit your requirement.
-
How to terminate a vlan on ASR 9000 and bridge it to a port on asr 9000
hi guys;
so here is another issue i have.
Scenario:
a switch in the north is trunking a VLAN for a client at our central site. The switch in north site is a 3560 and central site node is ASR 9000.
This vlan is extended along with few others to distribution switch (7609) and from there teh same VLAN is trunked to a 2960 device at the same site as that of ASR. The idea is to carry the vlan from teh reote site to teh ASR at our central site and then bridge it to a seperate port on ASR and hook this port up to our fibre patch panel, hence providing a service to the client connecting to us at our northern site and then getting connected to teh internet service provider via teh patch panel.
Since we can not make a port on ASR an access port, i am not sure how we can do the above mentioned interconnect.
please assisst.
regardsHello Jalal,
Here the configuration example:
interface GigabitEthernet0/0/0/0.100 l2transport
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/1
l2transport
l2vpn
bridge group cust1
bridge-domain cust1
interface GigabitEthernet0/0/0/0.100
interface GigabitEthernet0/0/0/1
GigabitEthernet0/0/0/1 is the access port (untagged).
interface GigabitEthernet0/0/0/0.100 accepts tagged frames with vlan 100.
L2vpn bridge-domain cust1 connects both interfaces together.
GigabitEthernet0/0/0/0.100 has tag rewrite operation. Removing tag on ingress, so sending untagged to GigabitEthernet0/0/0/1, and pushing tag 100 on egress, so untagged frames from gi0/0/0/1 got tagged.
Regards,
/A -
Inter-AS L2VPN security concern
hi all,
i want to know what is the security concern when we have Inter-AS L2VPN between two Service Provider as the attached configuration (just one service provider side configuration for the ASBR & PE the other Service Provider is the same pointing to our service provider), and how we can mitigate the risk and what is the most secure option, we need to know the advantage and disadvantage.Hi Ahmad
Looking at your configuration it seems the setup is as below
CE1_ISP1---------xconnect---PE_ISP1-----ISP1MPLSBB----ASBR_ISP1-----IP_Link---ASBR_ISP2-----ISP2MPLSBB----PE_ISP2------xconnect---CE2_ISP1
Is that correct ?
In my personal opinion from Security Point of View already only the required loopbacks are being allowed which is good to do. And I believe the SNMP Traps and Remote Access to your ASBR would be a protected and limited access.
Apart from these there might be some other standard security features which others can suggest to be taken care of but the above two should be surely taken care of as I think.
Hope this helps you.
Regards
Varma
Maybe you are looking for
-
How do I show table paragraph styles in keynote 6.1 (mac)?
Hi community, I am tryying to apply changes to paragraph styles in keynote 6.1 (mac). But in the list which opens when i click in the triangle only the basis paragraph styles are seen. Any ideas how and whre i can find theses styles. Thanks slyrs
-
I was trying to download a PDF file & got steered to a "must have" download and the next thing I knew my PC went haywire & I ended up married to Yahoo! somehow and can't get rid of it. It sure made a mess of my Mozilla Firefox. The icons are still th
-
Please, please, please make ICC profile info available for RGB files.
I know, I know, I know - if everything's working properly one should never care what the icc profile is that's being used to interpret the colors in a file. And good people shouldn't get killed by falling tree branches... but stuff happens, and somet
-
How to open a "printable" version of a pdf file which has embedded a swf file?
I've got a project that consist of a pdf file that has a swf inside, it's all managed by a .nav file, a navigator. The thing is, since the Flash Player is not a part of the pdf file (I think it was a part before), and it has to be downloaded and inst
-
Copy text (from ID or Word) = image
If I try to paste text either from Word or ID sometimes (20%) appears as a graphic (the anchor icon) And sometimes pasting inside a frame with fake text solves the problem. What is wrong in my procedures?