The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

Re: Flooding in MPLS

From: Ajay Simha <asimha@cisco.com>
Date: Sat, 11 Jan 2003 10:33:41 -0500
Cc: mpls-ops@mplsrc.com
Resent-Date: Sat, 11 Jan 2003 12:10:06 -0500
To: Mehwish Ahmed <mehwishkhurshid@yahoo.com>
User-Agent: Mutt/1.4i

On Fri Jan 10 20:22:24 2003, Mehwish Ahmed wrote:
> 
>    How can we address flooding  attacks in MPLS ??
>    
>    An attacker cannot be prevented from finding a way to flood the router
>    with bogus routing messages.Flooding the PE router from a CE can not
>    break security as far as the MPLS mechanisms are concerned .

Why is this a concern? If this happens more than once the SP gets rid of this customer - period. :)

Also no SP I know would want to run IGP instance (other than vrf) towards the CE. You also
have knobs like max routes per vrf (at least on Cisco) to offer some protection.

-ajay
>    
>    
>    
>      _________________________________________________________________
>    
>    Do you Yahoo!?
>    [1]Yahoo! Mail Plus - Powerful. Affordable. [2]Sign up now
> 
> References
> 
>    1. http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com
>    2. http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

Follow-Ups:
- Re: Flooding in MPLS
  - From: Ajay Simha <asimha@cisco.com>

References:
- Flooding in MPLS
  - From: Mehwish Ahmed <mehwishkhurshid@yahoo.com>
- Flooding in MPLS
  - From: Mehwish Ahmed <mehwishkhurshid@yahoo.com>