07-16-2006 11:19 PM
As in IP sec we can secure VPN with some encryption,But in MPLS how should i provide
Secure VPN.
07-17-2006 09:42 AM
MPLS VPN are already secured be seperating VPNs from each other. However, if desired, you can still configure IPSec from one CE to another CE for additional security. The MPLS core does not deny you this capability.
07-17-2006 11:24 PM
Thanks....for reply.
But if i configured IPSec form Ce to Ce it will be like overrealy VPN...Correct.
Than in this case no role of MPLS.is it ?
07-18-2006 07:04 AM
See this culled from the RFC (4364). I think it explains it.
1.6. Security
VPNs of the sort being discussed here, even without making use of
cryptographic security measures, are intended to provide a level of
security equivalent to that obtainable when a layer 2 backbone (e.g.,
Frame Relay) is used. That is, in the absence of misconfiguration or
deliberate interconnection of different VPNs, it is not possible for
systems in one VPN to gain access to systems in another VPN. Of
course, the methods described herein do not by themselves encrypt the
data for privacy, nor do they provide a way to determine whether data
has been tampered with en route. If this is desired, cryptographic
measures must be applied in addition. (See, e.g., [MPLS/BGP-IPsec].)
Security is discussed in more detail in Section 13.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide