1. Home
  2. Networking
  3. Mpls VPN security

P-Specific Router Security

Provider (P) devices are trusted; that is, these devices do not interface to any untrusted platforms. Consequently, the P exposure is rather limited. Provider devices must be fully secured, using measures as described under the section "Generic Router Security Measures," earlier in this chapter. The key security point is that if a P node is compromised (for example, via internal exploits), the security of the PEs and the attached VPNs may also be compromised as a consequence.

NOTE

Best practice access for P nodes, as for any other router, is out-of-band security, and it must be tightly secured because access is often possible via the public telephone system.


Like with PE routers, P routers must be located in physically secure locations to avoid password recovery using a console connection.



    		Part I: MPLS VPN and Security Fundamentals
    		Part II: Advanced MPLS VPN Security Issues
    		Chapter 3. MPLS Security Analysis
    		Chapter 4. Secure MPLS VPN Designs
    		Chapter 5. Security Recommendations
    		General Router Security
    		CE-Specific Router Security and Topology Design Considerations
    		PE-Specific Router Security
    		PE Data Plane Security
    		PE-CE Connectivity Security Issues
    		P-Specific Router Security
    		Securing the Core
    		Routing Security
    		CE-PE Routing Security Best Practices
    		Internet Access
    		Sharing End-to-End Resources
    		LAN Security Issues
    		IPsec: CE to CE
    		MPLS over IP Operational Considerations: L2TPv3
    		Securing Core and Routing Check List
    		Summary
    		Part III: Practical Guidelines to MPLS VPN Security
    		Part IV: Case Studies and Appendixes