The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] And another thought Re: MPLS VPN
Aleezah: One further thought: if you really don't trust your Service Provider, well then it would be best to implement IPsec VPN between your CPEs. If someone were smart enough to subvert the SP's equipment, they could easily get copies of the crypto keys from the PEs, etc. So PE-to-PE encryption isn't a very good idea. I suspect that's why nothing has developed on that front. happy new year, --Wulf At 05:02 AM 12/31/02 +0000, aleezah khan wrote: >I know MPLS VPN are implemented by Service Providers for the purpose of >TE, But what if I want to provide both TE and security in MPLS VPNs… >MPLS VPNS certainly is no less secure than a Frame Relay PVC or an ATM PVC >they only thing which really is lacking is that MPLS VPN seeks to ensure >data confidentiality by defining a single path between physical sites on a >service provider network. This prevents attackers from accessing >transmitted data unless they place sniffers on the service provider >network. MPLS itself also does not provide encryption. >Can anyone suggest me a way to implement encryption also on PE… >What will be the counter measures of implementing encryption at PE. >Cant we make MPLS VPN an IPSec alternative by providing both secure LSP >and encryption.. > > > > >_________________________________________________________________ >The new MSN 8: smart spam protection and 3 months FREE*. >http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU= >http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_smartspamprotection_3mf > >------- >The MPLS-OPS Mailing List >Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|