At the time of writing this book, the architecture for multicast VPNs (MVPNs) has not been completely defined yet by the L3VPN working group of the IETF. However, already at this stage, some observations about MVPN security can be made:
The MVPN architecture is being specified with the goal that a VPN has the same security properties independently of whether it is using multicast over the VPN or not. Therefore, it should make no difference to a VPN user from a security point of view whether this service includes multicast or not.
The service-provider network must be equally resistant to attacks from VPNs or the Internet, independently of whether multicast is offered on this MPLS core or not.
When examining the security properties of MVPN, additional protocols must be taken into considerations?specifically Protocol Independent Multicast (PIM). PIM must be secured on the PE such that the PE cannot be attacked with PIM protocol messages.
In addition, it is recommended to keep resource intensive processes off PE routers. The rendezvous point (RP) is such a service; it can receive significant load, therefore, it is preferable to not have an RP on a PE.
For more information on how to secure multicast, please refer to Developing IP Multicast Networks, Volume I, by Beau Williamson (ISBN 1578700779).