Chapter 3. MPLS Security Analysis

In this chapter, you learn about the following:

  • How MPLS provides security (VPN separation, robustness against attacks, core hiding, and spoofing protection)

  • How the different Inter-AS and Carrier's Carrier models work, and how secure they are compared to each other

  • Which security mechanisms the MPLS architecture does not provide

  • How MPLS VPNs compare in security to ATM or Frame Relay VPNs.

VPN users have certain expectations and requirements for their VPN service. In a nutshell, they want their service to be both private and secure. In other words, they want their VPN to be as secure as with dedicated circuits while gaining the scalability benefits of a shared infrastructure. Both concepts, of privacy and security, are not black and white, and need to be defined for a real world implementation.

This chapter defines typical VPN security requirements, based on the threat model developed in the previous chapter, and discusses in detail how MPLS can fulfill them. The typical VPN security requirements are

  • VPN separation (addressing and traffic)

  • Robustness against attacks

  • Hiding of the core infrastructure

  • Protection against VPN spoofing

We also explain which security features MPLS VPNs do not provide, and compare the security capabilities of MPLS VPNs with Layer 2?based VPN services such as ATM and Frame Relay.


This chapter analyses the architecture of MPLS/VPN networks, that is, how the standards define the architecture and protocols. In other words, for this chapter, we assume that the MPLS core is configured and operated correctly. Implementation issues are discussed in Chapter 4, "Secure MPLS VPN Designs," and Chapter 5, "Security Recommendations." Operational aspects are covered in Chapter 8, "Secure Operation and Maintenance of an MPLS Core."