1. Home
  2. Networking
  3. Mpls VPN security

Summary

While the RFC 2547 architecture is very secure, real deployments are usually quite complex. Increasing complexity, however, for example in the various Inter-AS scenarios, is usually a challenge for security. Not all security problems can be solved with features on a single router: the overall design of a network must be secure, on all layers.

This chapter discussed various network design options and discussed their implications for security. For example, Internet connectivity can be provided in various ways, with different security levels. DoS attacks are an increasing concern as well, and an MPLS VPN design must take this into consideration. When connecting several service providers' networks to provide VPN capabilities across them, new challenges arise: not all available architectures are suitable for a secure deployment today.

The practical examples in this chapter show that it is important to consider security at the time of designing the network because some design decisions can make an entire network insecure. However, when properly designed and secured, an MPLS VPN network can provide a secure service.



    		Part I: MPLS VPN and Security Fundamentals
    		Part II: Advanced MPLS VPN Security Issues
    		Chapter 3. MPLS Security Analysis
    		Chapter 4. Secure MPLS VPN Designs
    		Internet Access
    		Extranet Access
    		MPLS VPNs and Firewalling
    		Designing DoS-Resistant Networks
    		Inter-AS Recommendations and Traversing Multiple Provider Trust Model Issues
    		Carriers' Carrier
    		Layer 2 Security Considerations
    		Multicast VPN Security
    		Summary
    		Footnotes
    		Chapter 5. Security Recommendations
    		Part III: Practical Guidelines to MPLS VPN Security
    		Part IV: Case Studies and Appendixes