Defending the Enterprise Against Network Infrastructure Threats. DefCamp Paul Coggin Senior Principal Cyber Security

Size: px
Start display at page:

Download "Defending the Enterprise Against Network Infrastructure Threats. DefCamp 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin"

Transcription

1 Defending the Enterprise Against Network Infrastructure Threats DefCamp 2015 Paul Coggin Senior Principal Cyber Security V## Goes Here 1

2 SNMP Blow Defeat SNMP w/ ACL $ snmpblow.pl -s <NetMgt IP> -d <Target IP> -t <TFTP IP> -f cfg.txt < communities.txt Attacker Network Target Network Internet SNMP Dictionary Attack with IP spoof R&S SNMP ACL Filtered TFTP Server Upon guessing the SNMP community string the configuration file is downloaded to the attacker TFTP server Trusted Device Layer 2 and L3 Anti-spoof protection with a complex SNMP community string is recommended. SNMPv3 is highly encouraged. Reference: 2

3 Policy Routing Override IP Routing Table ISP A Internet ISP B -Comprised A Route Map can over ride IP routing table and redirect specific traffic flows Scenario 1 Redirect Outbound Internet Rouge 4G router Scenario 2 Redirect Traffic of interest out 4G or other RF network for undetected exfiltration Si Scenario 3 Redirect Traffic of interest to enable a layer 3 Man in the Middle Attack Attacker System - Packet Sniffer - IP Forwarding Vlan 2 Vlan 3 Vlan 4 Reference 3

4 GRE Tunnel Utilized to Sniff Across WAN Target Network Hacked Router Internet Attacker Network Packet Analyzer - GRE Tunnel is configured on the hacked router and the attacker s router - GRE Tunnel interfaces must be in common subnet - Configure ACL to define traffic of interest on the hacked router - Define a route map with the ACL and set the next hop to the attacker s GRE tunnel interface IP address - Similarly define an ACL & route map on the attacker router to redirect traffic to the packet analyzer Reference: 4

5 ERSPAN Enable Packet Capture Across Routed Network Target Network Hacked Router Internet Attacker Network Exfiltration of packet captures ERSPAN sends traffic over a GRE tunnel Packet Analyzer monitor session < session ID > type erspan-source source interface GigabitEthernet1/0/1 rx source interface GigabitEthernet1/0/2 tx source interface GigabitEthernet1/0/3 both destination erspan-id < erspan-flow-id > ip address < remote ip > origin ip address < source IP > monitor session < session ID > type erspan-destination Source ip address < source IP > erspan-id < erspan-flow-id > destination interface GigabitEthernet2/0/1 References: 5

6 Tunnel IPv6 over IPv4 using DLSw If a router can be compromised with software that supports DLSw a host may be able to tunnel IPv6 traffic across the IPv4 routed Internet. This is not a documented or supported capability by Cisco. dlsw local-peer peer-id dlsw remote-peer 0 tcp dlsw bridge-group 1! interface Serial0/0 Ip address ! interface FastEthernet0/0 ip address bridge-group 1!! bridge 1 protocol ieee IPv4 Routed Backbone dlsw local-peer peer-id dlsw remote-peer 0 tcp promiscuous dlsw bridge-group 1! Interface serial0/0 Ip address ! Interface FastEthernet 0/0 ip address bridge-group 1! bridge 1 protocol ieee References: 6

7 Target Network Hacked Router L2TPv3 MITM Across the Internet Internet Attacker Network L2TPv3 Tunnel ARP Poison across the Internet Common Layer 2 Network l2tp-class l2tp-defaults retransmit initial retries 30 cookie-size 8 pseudowire-class ether-pw encapsulation l2tpv3 protocol none ip local interface Loopback0 interface Ethernet 0/0 xconnect encapsulation l2tpv3 manual pw-class ether-pw l2tp id l2tp cookie local l2tp cookie remote l2tp hello l2tp-defaults l2tp-class l2tp-defaults retransmit initial retries 30 cookie-size 8 pseudowire-class ether-pw encapsulation l2tpv3 protocol none ip local interface Loopback0 interface Ethernet 0/0 xconnect encapsulation l2tpv3 manual pw-class ether-pw l2tp id l2tp cookie local l2tp cookie remote l2tp hello l2tp-defaults Reference: 7

8 Lawful Intercept Overview Voice-Call Agent Data-Radius, AAA Configuration Commands Intercepting Control Element (ICE) Router \ Switch Service Provider Request IRI Request LI Administration Function Mediation Device Content Mediation Device Law Enforcement Agency (LEA) Collection Function SNMPv3 UDP Transport for Delivery Reference: 8

9 Lawful Intercept Exploit Scenario Target Network Hacked Router Internet Destination Network LI SNMP Trap Attacker Network Duplicate Copy of All Packets of Interest Packet Analyzer Snmp-server view <view-name> ciscotap2mib included Snmp-server view <view-name> ciscoiptapmib included Snmp-server group <group-name> v3 auth read <view-name> write <view-name) notify <view-name> Snmp-server host <ip-address> traps version 3 priv <username> udp-port <port-number> Snmp-server user <mduser-id> <groupname> v3 auth md5 <md-password> References: 9

10 Two-way Connection via NAT Pivot to Target Cloud Provider Managed IPTV Service Provider Attacking System Internet IPTV Head End Default Route (MCAST RPF) Billing System Integration Target is the SAT IPTV Head End. Attacker is trying to pivot from Service Provider Network. Servers have route pointing back to SAT with no route to Internet. If the attacker can compromise the HE router then configure NAT two-way communication to the servers can be established. TV C M STB Message On- Line Network Menu Guide Ch Up Select Power NLC 3 Ch Dn Fiber Node SM downstream upstream RF Combiner Routers Cable Modem Termination System (CMTS) Cable Routers Head End Router Multicast Video Setup Static NAT Translation No Route Middleware IPTV Video On Demand Services Pivot off Servers and Exploit Trust to target Cloud IPTV Provider 10

11 Hack the Network via OSPF DR External Network BGP, EIGRP, ISIS Area 1 BDR Autononynmous System Border Router (ASBR) Area Border Router (ABR) Area 0 ABR Area 2 OSPF Exploit Tools - Quagga - NRL Core(Network Simulator) - Nemesis - Loki - G3SN\Dynamips - Buy a router on ebay - Hack a router and reconfigure - Code one with Scapy - IP Sorcery( IP Magic) - Cain & Able to crack OSPF MD5 - MS RRAS - NetDude - Collasoft - Phenoelit IRPAS OSPF typically is implemented without any thought to security. LSA s are mul@cast on the spoke LAN for any user to sniff without MD5. OSPF Attack Vectors - Take over as DR - Inject routes to mask source of attack - DoS - Inject routes for MITM - Add new routes to hacked router - Change interface bandwidth or use IP OSPF Cost for Traffic Engineering on hacked router 11

12 BGP Hijacking in the News 2008 Pakistan Telecom accidentally hijacks 2011 Chinanet accidentally hijacks In 2010 China Telecom accidentally hijacked 50,000 blocks of IP addresses 20 minutes Renesys reported a major BGP hijacking in Belaruse and Iceland ISP s possibly compromised - A software bug blamed

13 AS 5 Hijack IP subnet /24 BGP IP Prefix and AS Hijacking Route Reflector AS 1 Route Reflector AS 6 IBGP AS 7 EBGP EBGP EBGP L2 Cross Connect AS 2 AS 3 AS 4 Hijack AS 4 & IP subnet /24 The Longest IP Prefix Wins 13

14 BGP Hijacking in the News 2008 Pakistan Telecom accidentally hijacks 2011 Chinanet accidentally hijacks In 2010 China Telecom accidentally hijacked 50,000 blocks of IP addresses 20 minutes Renesys reported a major BGP hijacking in Belaruse and Iceland ISP s possibly compromised - A software bug blamed

15 Virtual Private Networks Virtual Networks Virtual Private Networks Virtual Dialup Networks Virtual LANs Overlay VPN Peer-to-Peer VPN Layer-2 VPN Layer-3 VPN Access lists (Shared router) Split routing (Dedicated router) MPLS/VPN X.25 F/R ATM GRE IPSec MPLS VPN is not encrypted unless encrypted separately 15

16 MPLS and the OSI and TCP/IP Model OSI Model MPLS Label Stack TCP/IP Model 7 Application 6 Presentation Application 5 4 Session Transport Own the Label Transport 3 Network OSI 2.5 VPN Label LDP Label Internet 2 1 Data Link Physical TE Label Frame Header Network Interface 16

17 MPLS Label PCAP 32-bit MPLS Label Format Label : 20-bit EXP : 3-bit Bottom-of-Stack : 1-bit TTL : 8-bit Source: 17

18 MPLS Architecture Overview VPN_A VPN_B VPN_A VPN_B CE CE CE CE P ibgp sessions P P P CE CE CE VPN_A VPN_A VPN_B P Routers (LSRs) are in the Core of the MPLS Cloud Routers (Edge LSRs or LERs) Use MPLS with the Core and Plain IP with CE Routers P and Routers Use the Same IGP Routing Protocol Routers are MP-iBGP Fully-meshed Service provider may accidentally or intentionally misconfigure VPN s Utilize IPSEC VPN over MPLS VPN to insure security 18

19 CLI - VRF configuration ip vrf cust_a rd 200:1 route-target export 200:1 route-target import 200:1 ip vrf cust_b rd 200:2 route-target export 200:2 route-target import 200:2 Interface Serial2/0 ip vrf forwarding cust_a Interface Serial2/1 ip vrf forwarding cust_b 1" MP-BGP! P P" OSPF \ ISIS and LDP 2" ip vrf cust_a rd 200:1 route-target export 200:1 route-target import 200:1 ip vrf cust_b rd 200:2 route-target export 200:2 route-target import 200:2 Interface Serial2/0 ip vrf forwarding cust_a Interface Serial2/1 ip vrf forwarding cust_b Static, BGP, OSPF, EIGRP, RIP Cust-A! Cust-B! Cust-A! Cust-B! MPLS Trust Relationship Customer Trusts Service Providers 19

20 MPLS Routing Table Global Routing Table Cust_A MPLS VPN Routing Table Cust_B MPLS VPN Routing Table 3 Routing Tables on 1 Router Separated by MPLS VRF 20

21 MPLS MP-BGP VPN 21

22 Think Like the Threat to Develop Security Strategy Transport Network Infrastructure Network and System Architecture - Centralized, Distributed, Redundant - Physical and Logical - Transport Network (RF, Fiber, Copper) Attack Tree Network Infrastructure Attack Vectors Network Protocols - Rou@ng, Switching, Redundancy - Apps, Client/Server HW, SW, Apps, RDBMS - Open Source - Commercial Trust RelaEonships Internet, BSS, OSS, NMS, Net - Network Management and Network Devices - Billing, Middleware, Provisioning - Vendor remote access - (VPT) - Tech staff remote access - Self Provisioning - Physical access - Trusted Insider - Cross connect - CE in- band management - Physical access to CE configura@on setngs SNMP Community String Dictionary Attack with Spoofing to Download Router\ Switch Configuration Build New Router Configuration File to enable further privilege escation Upload New Configuration File Using Comprimised SNMP RW String Own Network Infrastructure Telnet\SSH Dictionary Attack Router\Switches\ NetMgt Server Build New Router Configuration File to enable further privilege escation Own Network Infrastructure Exploit ACL Trust Relationship Attack SNMP\Telnet\SSH UNIX NetMgt Server Running NIS v1 Ypcat -d <domain> <server IP> passwd Grab shadow file hashes Crack Passwords Access Server Directly Discover Backup HW Configs Crack Passwords Own Network Infrastructure Find NetMgt passwords and SNMP config files MITM ARP Poisoning Sniffing Capture SNMP Community Strings and Unencrypted Login\Passwords, Protocol Passwords Inject New Routes Or Bogus Protocol Packets Configure Device for Further Privilege Escalation Own Network Infrastructure Network Mgt Application Attempt to Login Using Default Login\Password Reconfigure Router or Switch Own Network Infrastructure Execute OS CMDs from Oracle PL/SQL Attack Network from DB Further Enumerate Oracle SID s to Identify Default DBA System Level Accts\Passwords HP OpenView Server Enumerate Oracle TNS Listener to Identify Default SID s Login to Oracle DB with Discovered DBA Privilege Account Run Oracle SQL CMDs Execute OS CMDs Find NetMgt Passwords, SNMP info, OS password files Crack Passwords Own Network Infrastructure Further Enumerate Oracle SID s to Identify User Accts. Perform Dictionary Attack Run Oracle SQL CMDs Execute OS CMDs Add New Privileged OS Account Use New Privileged OS account to Escalate Privileged Access to Network 22

23 Service Provider MPLS Network Global Internet Central Office/ POP Central Office/ POP Label IP Internet & MPLS VPN VPN Label CE Data IP Data IP CE P Data MPLS VPN Static, BGP Internet & MPLS VPN CE P CE MPLS VPN Insider Threat - Add VPN router - Layer 2 attacks - L2TPv3 - ERSPAN - Lawful Intercept - GRE tunnel - Co-location cross connect Evil Cloud 23

24 Network Management Architecture Remote VPN NetMgt User \ Vendor AAA NOC Reports Database OSS Provisioning SQL OSS Internet Network Operations Security Strategy - Secure against exploited CE - Secure trust relationship to NOC - NOC to P,, CE, VPN s pivoting SNMP Agent - Internal, IPTV, VoIP, Internet\BGP, Vendor access,transport networks Alarms, Traps, Reports, Backup Cust -1 CE Cust-2 CE Cust-1 CE Cust-2 CE P P IP DWDM MPLS CORE NMS, EMS, MOM Servers TL1 Gateway (TL1 to/from SNMP) TL1 Configuration Provisioning, Control, Software Download P P OSS Cust-2 CE Cust-1 CE Cust-1 CE Physical Access - In-band Mgt - Disable password recovery - Secure Trust Relationships - SNMP, ACL s, Accts - Protocols - AAA, NetMgt IP s 24

25 Transit Between MPLS-VPN backbones Packet Capture Inject routes into VPN Denial of Service Join VPN MITM Cross-connect Inject labeled packets Traffic Engineering Disable IP TTL Carrier Backbone 2 running IGP and LDP -1 Label Label P1 IP MP-iBGP for VPN-IPv4 OSPF or ISIS LDP Data -2 MPLS Label\Prefix Recon - ERSPAN - Lawful Intercept Attacker Network Monitoring Infrastructure Carrier Backbone 1 running IGP and LDP -1 OSPF or ISIS LDP Label IP P1 L2 IXP Data MP-eBGP for VPN-IPv4 MP-eBGP for VPN-IPv4 OSPF or ISIS LDP Label IP P2 Carrier Backbone 3 running IGP and LDP Data L2 IXP MP-iBGP for VPN-IPv4 -ASBR1 -ASBR2 MP-iBGP for VPN-IPv4-2 IP CE-1 Data If BGP is being hijacked why not MPLS? Secure Visualization and Instrumentation & Encryption IP Data CE-2 25

26 BGP Route Monitoring Monitor Your IP Prefixes Monitor Your Business Partner IP Prefixes Monitor Industry Peers for Intel to Predict Future Attack 26

27 MPLS Security Recommendations Monitor for New Unexpected Route Advertisements Know Your Network! Utilize Encryption over MPLS VPN Links; SP - IPSEC Whitelist the Network Trust Relationships including Routing Protocols Whitelist Trusted Information Flows in Monitoring Utilize Separate VRF for In-band Management Dedicated Out-of-band Network Management with Un-attributable Internet IP for VPN AAA with separation of roles and responsibilities for operations and security monitoring Configuration Management and Monitoring Log all changes!! 2 Factor Authentication! 27

28 References Internet Routing Architectures, Halabi, Cisco Press MPLS VPN Security, Michael H. Behringer, Monique J. Morrow, Cisco Press ISP Essentials, Barry Raveendran Greene, Philip Smith, Cisco Press Router Security Strategies Securing IP Network Traffic Planes, Gregg Schudel, David J. Smith, Cisco Press MPLS and VPN Architectures, Jim Guichard, Ivan Papelnjak, Cisco Press MPLS Configuration on Cisco IOS Software, Lancy Lobo, Umesh Lakshman, Cisco Press Traffic Engineering with MPLS, Eric Osborne, Ajay Simha, Cisco Press LAN Switch Security What Hackers Know About Your Switches, Eric Vyncke, Christopher Paggen, Cisco Press RFC 2547 RFC 2547bis RFC 2917 RFC 4364 Attack Trees, Bruce Schneier, Phenoelit Papers and Resources, ERNW Papers and Resources, Ivan PepeInjak, Papers and Resources,

29 @PaulCoggin 29

BSides Nashville 2014

BSides Nashville 2014 Bending and Twisting Networks BSides Nashville 2014 Paul Coggin Internetwork Consulting Solutions Architect @PaulCoggin www.dynetics.com V## Goes Here 1 SNMP Blow Defeat SNMP w/ ACL $ snmpblow.pl -s

More information

HIJACKING LABEL SWITCHED NETWORKS IN THE CLOUD. BSides Asheville 2014

HIJACKING LABEL SWITCHED NETWORKS IN THE CLOUD. BSides Asheville 2014 HIJACKING LABEL SWITCHED NETWORKS IN THE CLOUD BSides Asheville 2014 aul Coggin Internetwork Consulting Solutions Architect @aulcoggin www.dynetics.com V## Goes Here 1 BG Hijacking in the News 2008 akistan

More information

Why Is MPLS VPN Security Important?

Why Is MPLS VPN Security Important? MPLS VPN Security An Overview Monique Morrow Michael Behringer May 2 2007 Future-Net Conference New York Futurenet - MPLS Security 1 Why Is MPLS VPN Security Important? Customer buys Internet Service :

More information

MPLS Security Considerations

MPLS Security Considerations MPLS Security Considerations Monique J. Morrow, Cisco Systems [email protected] November 1 2004 MPLS JAPAN 2004 1 Acknowledgments Michael Behringer, Cisco Systems 2 Why is MPLS Security Important? Customer

More information

SEC-370. 2001, Cisco Systems, Inc. All rights reserved.

SEC-370. 2001, Cisco Systems, Inc. All rights reserved. SEC-370 2001, Cisco Systems, Inc. All rights reserved. 1 Understanding MPLS/VPN Security Issues SEC-370 Michael Behringer SEC-370 2003, Cisco Systems, Inc. All rights reserved. 3

More information

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin Exploiting First Hop Protocols to Own the Network Rocket City TakeDownCon 2015 Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin www.dynetics.com V## Goes Here 1 OSI and TCP/IP Model OSI

More information

MPLS VPN Security in Service Provider Networks. Peter Tomsu Michael Behringer Monique Morrow

MPLS VPN Security in Service Provider Networks. Peter Tomsu Michael Behringer Monique Morrow MPLS VPN Security in Service Provider Networks Peter Tomsu Michael Behringer Monique Morrow 1 About this Presentation Advanced level advanced MPLS concepts and architectures. Target Audience: Service provider!!

More information

Introducing Basic MPLS Concepts

Introducing Basic MPLS Concepts Module 1-1 Introducing Basic MPLS Concepts 2004 Cisco Systems, Inc. All rights reserved. 1-1 Drawbacks of Traditional IP Routing Routing protocols are used to distribute Layer 3 routing information. Forwarding

More information

How Routers Forward Packets

How Routers Forward Packets Autumn 2010 [email protected] MULTIPROTOCOL LABEL SWITCHING (MPLS) AND MPLS VPNS How Routers Forward Packets Process switching Hardly ever used today Router lookinginside the packet, at the ipaddress,

More information

Introduction to MPLS-based VPNs

Introduction to MPLS-based VPNs Introduction to MPLS-based VPNs Ferit Yegenoglu, Ph.D. ISOCORE [email protected] Outline Introduction BGP/MPLS VPNs Network Architecture Overview Main Features of BGP/MPLS VPNs Required Protocol Extensions

More information

MPLS VPN Security BRKSEC-2145

MPLS VPN Security BRKSEC-2145 MPLS VPN Security BRKSEC-2145 Session Objective Learn how to secure networks which run MPLS VPNs. 100% network focus! Securing routers & the whole network against DoS and abuse Not discussed: Security

More information

How To Make A Network Secure

How To Make A Network Secure 1 2 3 4 -Lower yellow line is graduate student enrollment -Red line is undergradate enrollment -Green line is total enrollment -2008 numbers are projected to be near 20,000 (on-campus) not including distance

More information

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Multiprotocol Label Switching Layer 3 Virtual Private Networks with Open ShortestPath First protocol PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Abstract This paper aims at implementing

More information

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009 MikroTik RouterOS Introduction to MPLS Prague MUM Czech Republic 2009 Q : W h y h a v e n 't y o u h e a r d a b o u t M P LS b e fo re? A: Probably because of the availability and/or price range Q : W

More information

For internal circulation of BSNLonly

For internal circulation of BSNLonly E3-E4 E4 E&WS Overview of MPLS-VPN Overview Traditional Router-Based Networks Virtual Private Networks VPN Terminology MPLS VPN Architecture MPLS VPN Routing MPLS VPN Label Propagation Traditional Router-Based

More information

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software The MPLS VPNs over IP Tunnels feature lets you deploy Layer 3 Virtual Private Netwk (L3VPN) services, over an IP ce netwk, using L2TPv3 multipoint

More information

MPLS-based Layer 3 VPNs

MPLS-based Layer 3 VPNs MPLS-based Layer 3 VPNs Overall objective The purpose of this lab is to study Layer 3 Virtual Private Networks (L3VPNs) created using MPLS and BGP. A VPN is an extension of a private network that uses

More information

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at: http://networksims.com/i01.

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at: http://networksims.com/i01. MPLS Cisco MPLS MPLS Introduction The most up-to-date version of this test is at: http://networksims.com/i01.html Cisco Router Challenge 227 Outline This challenge involves basic frame-mode MPLS configuration.

More information

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track** Course: Duration: Price: $ 3,695.00 Learning Credits: 37 Certification: Implementing Cisco Service Provider Next-Generation Edge Network Services Implementing Cisco Service Provider Next-Generation Edge

More information

Implementing MPLS VPNs over IP Tunnels

Implementing MPLS VPNs over IP Tunnels Implementing MPLS VPNs over IP Tunnels The MPLS VPNs over IP Tunnels feature lets you deploy Layer 3 Virtual Private Netwk (L3VPN) services, over an IP ce netwk, using L2TPv3 multipoint tunneling instead

More information

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network. Where MPLS part I explains the basics of labeling packets, it s not giving any advantage over normal routing, apart from faster table lookups. But extensions to MPLS allow for more. In this article I ll

More information

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre The feature overcomes the requirement that a carrier support multiprotocol label switching (MPLS) by allowing you to provide MPLS connectivity between networks that are connected by IP-only networks. This

More information

- Multiprotocol Label Switching -

- Multiprotocol Label Switching - 1 - Multiprotocol Label Switching - Multiprotocol Label Switching Multiprotocol Label Switching (MPLS) is a Layer-2 switching technology. MPLS-enabled routers apply numerical labels to packets, and can

More information

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb MP PLS VPN MPLS VPN Prepared by Eng. Hussein M. Harb Agenda MP PLS VPN Why VPN VPN Definition VPN Categories VPN Implementations VPN Models MPLS VPN Types L3 MPLS VPN L2 MPLS VPN Why VPN? VPNs were developed

More information

Security of the MPLS Architecture

Security of the MPLS Architecture WHITE PAPER Security of the MPLS Architecture Scope and Introduction Many enterprises are thinking of replacing traditional Layer 2 VPNs such as ATM or Frame Relay (FR) with MPLS-based services. As Multiprotocol

More information

Designing and Developing Scalable IP Networks

Designing and Developing Scalable IP Networks Designing and Developing Scalable IP Networks Guy Davies Telindus, UK John Wiley & Sons, Ltd Contents List of Figures List of Tables About the Author Acknowledgements Abbreviations Introduction xi xiii

More information

Kingston University London

Kingston University London Kingston University London Thesis Title Implementation and performance evaluation of WAN services over MPLS Layer-3 VPN Dissertation submitted for the Degree of Master of Science in Networking and Data

More information

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0 COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.

More information

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN MPLS VPN Peer to Peer VPN s Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) CE-PE OSPF Routing CE-PE Static Routing CE-PE RIP Routing

More information

MPLS Implementation MPLS VPN

MPLS Implementation MPLS VPN MPLS Implementation MPLS VPN Describing MPLS VPN Technology Objectives Describe VPN implementation models. Compare and contrast VPN overlay VPN models. Describe the benefits and disadvantages of the overlay

More information

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP Telfor Journal, Vol. 2, No. 1, 2010. 13 Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP Aleksandar Cvjetić and Aleksandra Smiljanić Abstract The paper analyzes implementations

More information

RFC 2547bis: BGP/MPLS VPN Fundamentals

RFC 2547bis: BGP/MPLS VPN Fundamentals White Paper RFC 2547bis: BGP/MPLS VPN Fundamentals Chuck Semeria Marketing Engineer Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2001 or 888 JUNIPER www.juniper.net

More information

MPLS VPN Security in Service Provider Networks

MPLS VPN Security in Service Provider Networks MPLS VPN Security in Service Provider Networks Michael H. Behringer 1 HOUSEKEEPING We value your feedback, don t forget to complete your online session evaluations after each session and complete the Overall

More information

MPLS Virtual Private Network (VPN) Security

MPLS Virtual Private Network (VPN) Security MPLS Virtual Private Network () Security An MFA Forum Sponsored Tutorial Monique Morrow MFA Forum Ambassador CTO Consulting Engineer Cisco Systems Slide 1 MPLS Security - Agenda Analysis of the Architecture

More information

s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ] s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ] Cisco 400-201 : Practice Test Question No : 1 Which two frame types are correct when configuring T3 interfaces?

More information

"Charting the Course...

Charting the Course... Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content

More information

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE) IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE) COURSE OVERVIEW: Implementing Cisco IP Routing (ROUTE) v2.0 is an instructor-led five day training course developed to help students prepare for Cisco CCNP _

More information

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor 642-902 Route: Implementing Cisco IP Routing Course Introduction Course Introduction Module 01 - Planning Routing Services Lesson: Assessing Complex Enterprise Network Requirements Cisco Enterprise Architectures

More information

How To Learn Cisco Cisco Ios And Cisco Vlan

How To Learn Cisco Cisco Ios And Cisco Vlan Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Course Description Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2.0 is a 60-hour instructor-led

More information

Brocade to Cisco Comparisons

Brocade to Cisco Comparisons 1 2 3 Console cables - The console cables are not interchangeable between Brocade and Cisco. Each vendor provides their console cable with each manageable unit it sells. Passwords - Neither Cisco or Brocade

More information

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001 The leading edge in networking information White Paper Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM March 30, 2001 Abstract: The purpose of this white paper is to present discussion

More information

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

IMPLEMENTING CISCO MPLS V3.0 (MPLS) IMPLEMENTING CISCO MPLS V3.0 (MPLS) COURSE OVERVIEW: Multiprotocol Label Switching integrates the performance and traffic-management capabilities of data link Layer 2 with the scalability and flexibility

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

MPLS Concepts. Overview. Objectives

MPLS Concepts. Overview. Objectives MPLS Concepts Overview This module explains the features of Multi-protocol Label Switching (MPLS) compared to traditional ATM and hop-by-hop IP routing. MPLS concepts and terminology as well as MPLS label

More information

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $2035.00

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $2035.00 Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $2035.00 This fee includes the following exams: Cisco Certified Network Associate (CCNA) 100-101 ICND1 and 200-101 ICND2

More information

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič IPv4/IPv6 Transition Mechanisms Luka Koršič, Matjaž Straus Istenič IPv4/IPv6 Migration Both versions exist today simultaneously Dual-stack IPv4 and IPv6 protocol stack Address translation NAT44, LSN, NAT64

More information

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the

More information

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling Release: 1 ICTTEN6172A Design and configure an IP-MPLS network with virtual private network tunnelling Modification

More information

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6) Cisco Certified Network Associate Exam Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and

More information

DD2491 p2 2011. MPLS/BGP VPNs. Olof Hagsand KTH CSC

DD2491 p2 2011. MPLS/BGP VPNs. Olof Hagsand KTH CSC DD2491 p2 2011 MPLS/BGP VPNs Olof Hagsand KTH CSC 1 Literature Practical BGP: Chapter 10 MPLS repetition, see for example http://www.csc.kth.se/utbildning/kth/kurser/dd2490/ipro1-11/lectures/mpls.pdf Reference:

More information

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) 100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.

More information

MPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005

MPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005 MPLS over IP-Tunnels Mark Townsley Distinguished Engineer 21 February 2005 1 MPLS over IP The Basic Idea MPLS Tunnel Label Exp S TTL MPLS VPN Label Exp S TTL MPLS Payload (L3VPN, PWE3, etc) MPLS Tunnel

More information

IPv6 Migration Challenges for Large Service Providers

IPv6 Migration Challenges for Large Service Providers IPv6 Migration Challenges for Large Service Providers Aruna P General manager Network Operation Agenda Airtel Overview Drivers of IPV6 Migration challenges Design Considerations Deployment plan Airtel

More information

IOS NAT Load Balancing for Two ISP Connections

IOS NAT Load Balancing for Two ISP Connections IOS NAT Load Balancing for Two ISP Connections Document ID: 100658 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify Troubleshoot

More information

Introduction Inter-AS L3VPN

Introduction Inter-AS L3VPN Introduction Inter-AS L3VPN 1 Extending VPN services over Inter-AS networks VPN Sites attached to different MPLS VPN Service Providers How do you distribute and share VPN routes between ASs Back- to- Back

More information

HP Networking BGP and MPLS technology training

HP Networking BGP and MPLS technology training Course overview HP Networking BGP and MPLS technology training (HL046_00429577) The HP Networking BGP and MPLS technology training provides networking professionals the knowledge necessary for designing,

More information

Cisco CCNP 642 825 Implementing Secure Converged Wide Area Networks (ISCW)

Cisco CCNP 642 825 Implementing Secure Converged Wide Area Networks (ISCW) Cisco CCNP 642 825 Implementing Secure Converged Wide Area Networks (ISCW) Course Number: 642 825 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: Cisco CCNP

More information

S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006

S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006 S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006 Original version: Johanna Nieminen and Timo Viipuri (2005) Modified: Timo-Pekka Heikkinen, Juha Järvinen and Yavor Ivanov (2006) Task

More information

MPLS VPN Security. Intelligent Information Network. Klaudia Bakšová Systems Engineer, Cisco Systems [email protected]

MPLS VPN Security. Intelligent Information Network. Klaudia Bakšová Systems Engineer, Cisco Systems kbaksova@cisco.com Intelligent Information Network MLS VN Security Klaudia Bakšová Systems Engineer, Cisco Systems [email protected] Agenda Analysis of MLS/VN Security Inter-AS VNs rovider Edge DoS possibility Secure MLS

More information

Enterprise Network Simulation Using MPLS- BGP

Enterprise Network Simulation Using MPLS- BGP Enterprise Network Simulation Using MPLS- BGP Tina Satra 1 and Smita Jangale 2 1 Department of Computer Engineering, SAKEC, Chembur, Mumbai-88, India [email protected] 2 Department of Information Technolgy,

More information

Implementing Cisco MPLS

Implementing Cisco MPLS Implementing Cisco MPLS Course MPLS v2.3; 5 Days, Instructor-led Course Description This design document is for the refresh of the Implementing Cisco MPLS (MPLS) v2.3 instructor-led training (ILT) course,

More information

Course Contents CCNP (CISco certified network professional)

Course Contents CCNP (CISco certified network professional) Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,

More information

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S& Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

More information

Understanding Virtual Router and Virtual Systems

Understanding Virtual Router and Virtual Systems Understanding Virtual Router and Virtual Systems PAN- OS 6.0 Humair Ali Professional Services Content Table of Contents VIRTUAL ROUTER... 5 CONNECTED... 8 STATIC ROUTING... 9 OSPF... 11 BGP... 17 IMPORT

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: [email protected]

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com RA-MPLS VPN Services Kapil Kumar Network Planning & Engineering Data E-mail: [email protected] Agenda Introduction Why RA MPLS VPNs? Overview of RA MPLS VPNs Architecture for RA MPLS VPNs Typical

More information

Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis)

Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis) MEE09:44 BLEKINGE INSTITUTE OF TECHNOLOGY School of Engineering Department of Telecommunication Systems Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions

More information

Quidway MPLS VPN Solution for Financial Networks

Quidway MPLS VPN Solution for Financial Networks Quidway MPLS VPN Solution for Financial Networks Using a uniform computer network to provide various value-added services is a new trend of the application systems of large banks. Transplanting traditional

More information

IP Routing Configuring RIP, OSPF, BGP, and PBR

IP Routing Configuring RIP, OSPF, BGP, and PBR 13 IP Routing Configuring RIP, OSPF, BGP, and PBR Contents Overview..................................................... 13-6 Routing Protocols.......................................... 13-6 Dynamic Routing

More information

Table of Contents. Cisco Configuring a Basic MPLS VPN

Table of Contents. Cisco Configuring a Basic MPLS VPN Table of Contents Configuring a Basic MPLS VPN...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Related Products...2 Conventions...2 Configure...3 Network Diagram...3 Configuration

More information

BGP-MPLS IP VPN Network Security

BGP-MPLS IP VPN Network Security Network Working Group M. Behringer Request for Comments: 4381 Cisco Systems Inc Category: Informational February 2006 Status of This Memo Analysis of the Security of BGP/MPLS IP Virtual Private Networks

More information

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr. 2006 Cisco Systems, Inc. All rights reserved.

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr. 2006 Cisco Systems, Inc. All rights reserved. MPLS WAN Topologies 1 Multiprotocol Label Switching (MPLS) IETF standard, RFC3031 Basic idea was to combine IP routing protocols with a forwarding algoritm based on a header with fixed length label instead

More information

CCNP: Implementing Secure Converged Wide-area Networks

CCNP: Implementing Secure Converged Wide-area Networks CCNP: Implementing Secure Converged Wide-area Networks Cisco Networking Academy Version 5.0 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document

More information

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

IMPLEMENTING CISCO MPLS V2.3 (MPLS) IMPLEMENTING CISCO MPLS V2.3 (MPLS) COURSE OVERVIEW: The course will enable learners to gather information from the technology basics to advanced VPN configuration. The focus of the course is on VPN technology

More information

Interconnecting Cisco Networking Devices Part 2

Interconnecting Cisco Networking Devices Part 2 Interconnecting Cisco Networking Devices Part 2 Course Number: ICND2 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: 640 816: ICND2 Course Overview This course

More information

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life Overview Dipl.-Ing. Peter Schrotter Institute of Communication Networks and Satellite Communications Graz University of Technology, Austria Fundamentals of Communicating over the Network Application Layer

More information

l.cittadini, m.cola, g.di battista

l.cittadini, m.cola, g.di battista MPLS VPN l.cittadini, m.cola, g.di battista motivations customer s problem a customer (e.g., private company, public administration, etc.) has several geographically distributed sites and would like to

More information

GregSowell.com. Mikrotik Routing

GregSowell.com. Mikrotik Routing Mikrotik Routing Static Dynamic Routing To Be Discussed RIP Quick Discussion OSPF BGP What is Routing Wikipedia has a very lengthy explanation http://en.wikipedia.org/wiki/routing In the context of this

More information

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles. Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described

More information

IPv6 over IPv4/MPLS Networks: The 6PE approach

IPv6 over IPv4/MPLS Networks: The 6PE approach IPv6 over IPv4/MPLS Networks: The 6PE approach Athanassios Liakopoulos Network Operation & Support Manager ([email protected]) Greek Research & Technology Network (GRNET) III Global IPv6 Summit Moscow, 25

More information

Campus LAN at NKN Member Institutions

Campus LAN at NKN Member Institutions Campus LAN at NKN Member Institutions RS MANI [email protected] 1/7/2015 3 rd Annual workshop 1 Efficient utilization Come from: Good Campus LAN Speed Segregation of LANs QoS Resilient Access Controls ( L2 and

More information

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS Computer Network Architectures and Multimedia Guy Leduc Chapter 2 MPLS networks Chapter based on Section 5.5 of Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley,

More information

Virtual Privacy vs. Real Security

Virtual Privacy vs. Real Security Virtual Privacy vs. Real Security Certes Networks at a glance Leader in Multi-Layer Encryption Offices throughout North America, Asia and Europe Growing installed based with customers in 37 countries Developing

More information

Internet Infrastructure Security Technology Details. Merike Kaeo [email protected]

Internet Infrastructure Security Technology Details. Merike Kaeo merike@doubleshotsecurity.com Internet Infrastructure Security Technology Details Merike Kaeo [email protected] Securing The Device Agenda Item Think of ALL Devices The following problem was reported last year and affects

More information

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division Tackling the Challenges of MPLS VPN ing Todd Law Product Manager Advanced Networks Division Agenda Background Why test MPLS VPNs anyway? ing Issues Technical Complexity and Service Provider challenges

More information

Chapter 1 Personal Computer Hardware------------------------------------------------ 7 hours

Chapter 1 Personal Computer Hardware------------------------------------------------ 7 hours Essential Curriculum Networking Essentials Total Hours: 244 Cisco Discovery 1: Networking for Home and Small Businesses 81.5 hours teaching time Chapter 1 Personal Computer Hardware------------------------------------------------

More information

Approach to build MPLS VPN using QoS capabilities

Approach to build MPLS VPN using QoS capabilities International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 7, Issue 8 (June 2013), PP. 26-32 Approach to build MPLS VPN using QoS capabilities

More information

Tech Note Cisco IOS SNMP Traps Supported and How to Conf

Tech Note Cisco IOS SNMP Traps Supported and How to Conf Tech Note Cisco IOS SNMP Traps Supported and How to Conf Table of Contents Cisco IOS SNMP Traps Supported and How to Configure Them...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

Provisioning Cable Services

Provisioning Cable Services CHAPTER 10 This chapter describes how to provision MPLS VPN cable in IP Solutions Center (ISC). It contains the following sections: Overview of MPLS VPN Cable, page 10-1 in ISC, page 10-5 Creating the

More information

Configuring MPLS VPN & Remote Access. 12- ian- 2010

Configuring MPLS VPN & Remote Access. 12- ian- 2010 Configuring MPLS VPN & Remote Access 12- ian- 2010 What this lecture is about: Quick recap of MPLS and MPLS VPN. MPLS VPN configurahon. Cable technologies. DSL technologies. 3 MPLS VPN Reminder First,

More information

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang [email protected] AT&T

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang luyuanfang@att.com AT&T Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang [email protected] AT&T 1 Outline! BGP/MPLS VPN (RFC 2547bis)! Setting up LSP for VPN - Design Alternative Studies! Interworking of LDP / RSVP

More information

Layer 3 Multiprotocol Label Switching Virtual Private Network

Layer 3 Multiprotocol Label Switching Virtual Private Network i Zelalem Temesgen Weldeselasie Layer 3 Multiprotocol Label Switching Virtual Private Network Technology and Communication 2014 1 VAASAN AMMATTIKORKEAKOULU UNIVERSITY OF APPLIED SCIENCES Information Technology

More information

Interconnecting Cisco Network Devices 1 Course, Class Outline

Interconnecting Cisco Network Devices 1 Course, Class Outline www.etidaho.com (208) 327-0768 Interconnecting Cisco Network Devices 1 Course, Class Outline 5 Days Interconnecting Cisco Networking Devices, Part 1 (ICND1) v2.0 is a five-day, instructorled training course

More information

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie )

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie ) CCNA Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie ) Inform about ccna its basic course of networking Emergence

More information

Cisco Networking Professional-6Months Project Based Training

Cisco Networking Professional-6Months Project Based Training Cisco Networking Professional-6Months Project Based Training Core Topics Cisco Certified Networking Associate (CCNA) 1. ICND1 2. ICND2 Cisco Certified Networking Professional (CCNP) 1. CCNP-ROUTE 2. CCNP-SWITCH

More information