The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

IPSEC in the MLPS core

From: CROS_M <CROS_M@teleline.es>
Date: Wed, 14 Aug 2002 12:15:53 +0200
Resent-Date: Wed, 14 Aug 2002 07:29:43 -0400
To: mpls-ops@mplsrc.com
X-MIME-Autoconverted: from quoted-printable to 8bit by host.secure4-hosting.net id g7EAFpT25066

We are considering the option to segregate the internal IP network
in my company, with MPLS L3-VPN (RFC2547). Our customers would be the 
different departments. Some of them, are concerned with confidentiality 
issues and are asking for encryption of specific information flows 
across the IP network.

¿ Is it possible to create IPSEC tunnels in the PE routers so that the 
traffic in the MLPS Core goes encrypted ?

CE === PE ===== P ... P ====== PE ==== CE
        <---- IPSEC tunnel ---->
                 over 
        <-MPLS labelled packet->

Only an small portion of the traffic would need to be encrypted. The 
IPSEC would start and finish in the PE. The CE-PE connection would 
transport the traffic in clear-text, but it is an assumed risk, because
in many cases it would be implemented throguh a local 802.1Q interface.
We need a kind of "IPSEC per VRF" functionality.

¿ Does anyone knows if the following drafts are being implemented by 
the main vendors ?
http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-ipsec-2547-01.txt 
http://www.ietf.org/internet-drafts/draft-tsenevir-smpls-02.txt


Thanks

      Miguel




-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

Follow-Ups:
- Re: IPSEC in the MLPS core
  - From: "alok" <alok.dube@apara.com>