Summary

In this chapter, we defined common requirements that VPN users have for a VPN service and examined MPLS IP VPNs against these requirements.

The result is that, based on the architecture described in RFC 2547bis, MPLS IP VPNs can be provided securely, meaning that:

• VPNs are separated (addressing and traffic).

• The core cannot be easily attacked.

• VPN spoofing is impossible.

• The core is invisible to the VPN user.

MPLS VPNs provide mostly equivalent security compared to traditional Layer 2 VPNs such as ATM and Frame Relay.

We have also examined Inter-AS and Carrier's Carrier architectures on their architectural security. While CsC networks are quite secure, care must be taken with Inter-AS scenarios when connecting different carriers: not all architectures provide the same level of security between providers.

There are also a number of issues that MPLS VPNs do not address. Among those are the internal security of a VPN, attacks from the Internet into a VPN, and VPN data confidentiality. These issues are independent of MPLS and have to be solved separately.

MPLS VPN networks are only secure when the network implementation is correct and when the network is operated correctly. How to control operations is discussed in Chapter 8, "Secure Operation and Maintenance of an MPLS Core." How to design and implement an MPLS core such that VPN services are secure is the subject of the next chapter.