1. Home
  2. Networking
  3. Mpls VPN security

Chapter 4. Secure MPLS VPN Designs

In this chapter, you learn about the following:

  • How to design an MPLS core for Internet access

  • How to provision secure extranet access and firewalling

  • How to design a DoS-resistant core

  • How to secure Inter-AS and CsC solutions

The previous chapters analyzed MPLS VPN security from an abstract point of view based on the architectural standards. However, the requirements of VPN users often go beyond simple architectures:

  • The MPLS core should support Internet access.

  • Several independent VPN users need to access a common extranet.

  • A VPN user's network spans several countries and involves several service providers.

  • An Internet service provider (ISP) wants to resell MPLS VPN services.

All of these more complex designs have a number of security implications, and sometimes a small design change affects security significantly. This chapter discusses their security properties and gives guidance on how to build advanced MPLS VPN designs securely.



    		Part I: MPLS VPN and Security Fundamentals
    		Part II: Advanced MPLS VPN Security Issues
    		Chapter 3. MPLS Security Analysis
    		Chapter 4. Secure MPLS VPN Designs
    		Internet Access
    		Extranet Access
    		MPLS VPNs and Firewalling
    		Designing DoS-Resistant Networks
    		Inter-AS Recommendations and Traversing Multiple Provider Trust Model Issues
    		Carriers' Carrier
    		Layer 2 Security Considerations
    		Multicast VPN Security
    		Summary
    		Footnotes
    		Chapter 5. Security Recommendations
    		Part III: Practical Guidelines to MPLS VPN Security
    		Part IV: Case Studies and Appendixes