The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

Re: IPSEC in the MLPS core

From: "alok" <alok.dube@apara.com>
Date: Wed, 14 Aug 2002 16:28:17 +0530
Resent-Date: Wed, 14 Aug 2002 08:11:35 -0400
To: <mpls-ops@mplsrc.com>

why dont u originate the IPSEC tunnels at the CE....?

----- Original Message -----
From: CROS_M <CROS_M@teleline.es>
To: <mpls-ops@mplsrc.com>
Sent: Wednesday, August 14, 2002 3:45 PM
Subject: [MPLS-OPS]: IPSEC in the MLPS core

We are considering the option to segregate the internal IP network
in my company, with MPLS L3-VPN (RFC2547). Our customers would be the
different departments. Some of them, are concerned with confidentiality
issues and are asking for encryption of specific information flows
across the IP network.

¿ Is it possible to create IPSEC tunnels in the PE routers so that the
traffic in the MLPS Core goes encrypted ?

CE === PE ===== P ... P ====== PE ==== CE
        <---- IPSEC tunnel ---->
                 over
        <-MPLS labelled packet->

Only an small portion of the traffic would need to be encrypted. The
IPSEC would start and finish in the PE. The CE-PE connection would
transport the traffic in clear-text, but it is an assumed risk, because
in many cases it would be implemented throguh a local 802.1Q interface.
We need a kind of "IPSEC per VRF" functionality.

¿ Does anyone knows if the following drafts are being implemented by
the main vendors ?
http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-ipsec-2547-01.txt
http://www.ietf.org/internet-drafts/draft-tsenevir-smpls-02.txt

Thanks

      Miguel

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

References:
- IPSEC in the MLPS core
  - From: CROS_M <CROS_M@teleline.es>