Ethernet over MPLS (EoMPLS) is being increasingly deployed in environments where the service provider (SP) does not wish to participate in the management of the customer's Layer 3 routing mechanisms and wishes only to provide a Layer 2 solution similar to traditional Frame Relay and ATM service offerings. Alternatively, some customers may not wish to offload their Layer 3 operations to a service provider, preferring to maintain control over that aspect of their networks themselves. In either of these scenarios, the Layer 2 VPN can meet the applicable network requirements.
In order to protect customer networks, the SP's access network and backbone, and to ensure that service-level expectations can be met, the security considerations of the network must be addressed.
Security in MPLS networks can be viewed from a Layer 2 and Layer 3 perspective. SPs need to concern themselves with securing the network from both layers in order to assure service integrity. In addition, customers need to ensure the security of their own networks, be they L2 implementations or L3-oriented designs. In this section, we introduce generic Layer 2 security issues with a focus on Ethernet, which links Layer 2 with emerging architectures such as Virtual Private LAN Service (VPLS) and Virtual Private Wire Service (VPWS), which will be discussed in the next sections of this chapter.
The main security issue behind Layer 2 security is that on a shared Layer 2 medium, for example an Ethernet switch, there is often no control over which side the packets are coming from?whether it be from the customer or other Internet service providers, for example?and consequently, this lack of control permits insertion of traffic from a third party allowing for spoofing of Layer 3 information such as IP addresses. While the control protocols such as routing can be secured via Message Digest-5 (MD-5) mechanisms, the data plane usually is not. So, for example, there may be two CEs connected to a single PE over a shared Ethernet medium, and the security risk is to have all Layer 3 security subverted.
Therefore, it is recommended not to implement this example and to be very cognizant of these issues associated with a shared Ethernet switch example.