The MPLS-OPS Archive

Cell Relay Retreat>MPLS-OPS Archive>month:2002-Aug> msg00077



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

IPSEC in the MLPS core

  • From: <cros_m@tsm.es>
  • Date: Wed, 14 Aug 2002 12:29:34 +0200
  • Resent-Date: Wed, 14 Aug 2002 07:39:05 -0400
  • To: mpls-ops@mplsrc.com
  • X-MIME-Autoconverted: from quoted-printable to 8bit by host.secure4-hosting.net id g7EATbT26859
  • X-MIMETrack: Serialize by Router on abantos/TSM(Release 5.0.9a |January 7, 2002) at 14/08/200212:29:35


We are considering the option to segregate the internal IP network
in my company, with MPLS L3-VPN (RFC2547). Our customers would be the
different departments. Some of them, are concerned with confidentiality
issues and are asking for encryption of specific information flows
across the IP network.

¿ Is it possible to create IPSEC tunnels in the PE routers so that the
traffic in the MLPS Core goes encrypted ?

CE === PE ===== P ... P ====== PE ==== CE
        <---- IPSEC tunnel ---->
                 over
        <-MPLS labelled packet->

Only an small portion of the traffic would need to be encrypted. The
IPSEC would start and finish in the PE. The CE-PE connection would
transport the traffic in clear-text, but it is an assumed risk, because
in many cases it would be implemented throguh a local 802.1Q interface.
We need a kind of "IPSEC per VRF" functionality.

¿ Does anyone knows if the following drafts are being implemented by
the main vendors ?
http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-ipsec-2547-01.txt
http://www.ietf.org/internet-drafts/draft-tsenevir-smpls-02.txt


Thanks

      Miguel



-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml