The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

Re: security of MPLS VPN

From: Robert Raszuk <raszuk@cisco.com>
Date: Sun, 25 Mar 2001 23:03:50 -0800
CC: "mpls-ops@mplsrc.com" <mpls-ops@mplsrc.com>
Organization: Signature: http://www.employees.org/~raszuk/sig/
Resent-Date: Mon, 26 Mar 2001 03:18:38 -0500
To: "christi.m" <christi.m@263.net>


> When someone sends a fallacious IP address package to the PE, as PE just assigns the RD and label by the IP address information, one can enter the VPN easily.

Not true at all. The VPN membership is not based on the IP address in
the packet but hardcoded and based on the interface the packet is
comming from. 

By the way pls read rfc2547bis one more time. The RD is not added to the
data packets at all. 

R.

> "christi.m" wrote:
> 
> hi, all,
> 
> i am new to such a research field.
> 
> i just read something about MPLS VPN of Cisco.and want to know, why they claim the MPLS VPN is secure.i think that it is vulnerable at the PE.
> 
> When someone sends a fallacious IP address package to the PE, as PE just assigns the RD and label by the IP address information, one can enter the VPN easily.
> 
> thanks a lot for your answer.
> 
>             christi.m
>             christi.m@263.net
> 
> -------
> The MPLS-OPS Mailing List
> Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

References:
- security of MPLS VPN
  - From: "christi.m" <christi.m@263.net>