1. Home
  2. Networking
  3. Mpls VPN security

Multicast VPN Security

At the time of writing this book, the architecture for multicast VPNs (MVPNs) has not been completely defined yet by the L3VPN working group of the IETF. However, already at this stage, some observations about MVPN security can be made:

  • The MVPN architecture is being specified with the goal that a VPN has the same security properties independently of whether it is using multicast over the VPN or not. Therefore, it should make no difference to a VPN user from a security point of view whether this service includes multicast or not.

  • The service-provider network must be equally resistant to attacks from VPNs or the Internet, independently of whether multicast is offered on this MPLS core or not.

When examining the security properties of MVPN, additional protocols must be taken into considerations?specifically Protocol Independent Multicast (PIM). PIM must be secured on the PE such that the PE cannot be attacked with PIM protocol messages.

In addition, it is recommended to keep resource intensive processes off PE routers. The rendezvous point (RP) is such a service; it can receive significant load, therefore, it is preferable to not have an RP on a PE.

For more information on how to secure multicast, please refer to Developing IP Multicast Networks, Volume I, by Beau Williamson (ISBN 1578700779).



    		Part I: MPLS VPN and Security Fundamentals
    		Part II: Advanced MPLS VPN Security Issues
    		Chapter 3. MPLS Security Analysis
    		Chapter 4. Secure MPLS VPN Designs
    		Internet Access
    		Extranet Access
    		MPLS VPNs and Firewalling
    		Designing DoS-Resistant Networks
    		Inter-AS Recommendations and Traversing Multiple Provider Trust Model Issues
    		Carriers' Carrier
    		Layer 2 Security Considerations
    		Multicast VPN Security
    		Summary
    		Footnotes
    		Chapter 5. Security Recommendations
    		Part III: Practical Guidelines to MPLS VPN Security
    		Part IV: Case Studies and Appendixes