OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dave Piscitello (daveCORECOM.COM)
Date: Sun Jan 07 2001 - 19:49:34 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Think of an MPLS VPN as the same sort of virtual network
    arrangement with an Internet (IP) service provider as you
    have when you run IP over ATM or Frame Relay in a virtual
    network with, say, MCI/Worldcom (the service used to be
    called HyperStream). Service providers use MPLS to create
    tunnels across their infrastructure that provide certain
    QOS assurances, just like ATM or Frame Relay PVCs provide
    QOS guarantees.

    With this model, and with the add'l info from the URLs
    already provided, you should be able to get a good idea
    about what MPLs does. Mostly, it's about traffic
    engineering for IP networks--the "P" is really not
    "private as in Secure..." but "private" as in "closed
    community paying a premium for better than best effort
    delivery"

    At 04:42 PM 1/3/01 -0500, you wrote:
    > > I am searching for information on vulnerabilities in the Multi-protocol
    > > Label Switching (MPLS) protocol. I have been unable to gather information
    > > by searching on the common search engines, as the majority of the hits are
    > > related to the RFC's.
    > >
    > > I have organized several questions to better understand the subject: Are
    > > there any big holes that could lead to a security compromise? What is the
    > > difference between MPLS and MPLS VPN? I realize that plain MPLS does not
    > > provide confidentiality, integrity, and authentication by itself unless it
    > > is used along with IPSec. How is the route negotiated between the PE's
    > > (provider edge routers)? Can the route negotiation be compromised in any
    > > manner? What happens with traffic if one of the PE routers goes offline?
    > >
    > > I realize that these are difficult questions and the answers are likely to
    > > be lengthy. Any information will be greatly appreciated.
    > >
    > > Thanks
    > >
    >Mike Ruscher
    >Communications Security Establishment
    >mgruschercse-cst.gc.ca
    > >
    > >
    > >
    > >

                                David M. Piscitello
                 Core Competence, Inc. (http://www.corecom.com) and
          The Internet Security Conference (http://tisc.corecom.com)
         ~~ The Internet has security problems. We have answers. ~~

    3 Myrtle Bank Lane davecorecom.com
    Hilton Head, SC 29926 1.843.683-9988

    PGP Fingerprint: 070A 9F01 C35C 4D41 A460 EF2C 2992 2F12 11D2 02DC