Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 4381
|
| Document |
Type |
|
RFC - Informational
(February 2006; No errata)
|
|
Last updated |
|
2018-12-20
|
|
Stream |
|
ISE
|
|
Formats |
|
plain text
pdf
htmlized
bibtex
|
| Stream |
ISE state
|
|
(None)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4381 (Informational)
|
|
Telechat date |
|
|
|
Responsible AD |
|
Alex Zinin
|
|
Send notices to |
|
(None)
|
Network Working Group M. Behringer
Request for Comments: 4381 Cisco Systems Inc
Category: Informational February 2006
Analysis of the Security of BGP/MPLS IP
Virtual Private Networks (VPNs)
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
IESG Note
The content of this RFC was at one time considered by the IETF, and
therefore it may resemble a current IETF work in progress or a
published IETF work. This RFC is not a candidate for any level of
Internet Standard. The IETF disclaims any knowledge of the fitness
of this RFC for any purpose, and in particular notes that the
decision to publish is not based on IETF review for such things as
security, congestion control or inappropriate interaction with
deployed protocols. The RFC Editor has chosen to publish this
document at its discretion. Readers of this RFC should exercise
caution in evaluating its value for implementation and deployment.
See RFC 3932 for more information.
Abstract
This document analyses the security of the BGP/MPLS IP virtual
private network (VPN) architecture that is described in RFC 4364, for
the benefit of service providers and VPN users.
The analysis shows that BGP/MPLS IP VPN networks can be as secure as
traditional layer-2 VPN services using Asynchronous Transfer Mode
(ATM) or Frame Relay.
Behringer Informational [Page 1]
RFC 4381 Security of BGP/MPLS IP VPNs February 2006
Table of Contents
1. Scope and Introduction ..........................................3
2. Security Requirements of VPN Networks ...........................4
2.1. Address Space, Routing, and Traffic Separation .............4
2.2. Hiding the Core Infrastructure .............................5
2.3. Resistance to Attacks ......................................5
2.4. Impossibility of Label Spoofing ............................6
3. Analysis of BGP/MPLS IP VPN Security ............................6
3.1. Address Space, Routing, and Traffic Separation .............6
3.2. Hiding of the BGP/MPLS IP VPN Core Infrastructure ..........7
3.3. Resistance to Attacks ......................................9
3.4. Label Spoofing ............................................11
3.5. Comparison with ATM/FR VPNs ...............................12
4. Security of Advanced BGP/MPLS IP VPN Architectures .............12
4.1. Carriers' Carrier .........................................13
4.2. Inter-Provider Backbones ..................................14
5. What BGP/MPLS IP VPNs Do Not Provide ...........................16
5.1. Protection against Misconfigurations of the Core
and Attacks 'within' the Core .............................16
5.2. Data Encryption, Integrity, and Origin Authentication .....17
5.3. Customer Network Security .................................17
6. Layer 2 Security Considerations ................................18
7. Summary and Conclusions ........................................19
8. Security Considerations ........................................20
9. Acknowledgements ...............................................20
10. Normative References ..........................................20
11. Informative References ........................................20
Behringer Informational [Page 2]
RFC 4381 Security of BGP/MPLS IP VPNs February 2006
1. Scope and Introduction
As Multiprotocol Label Switching (MPLS) is becoming a more widespread
technology for providing IP virtual private network (VPN) services,
the security of the BGP/MPLS IP VPN architecture is of increasing
concern to service providers and VPN customers. This document gives
an overview of the security of the BGP/MPLS IP VPN architecture that
is described in RFC 4364 [1], and compares it with the security of
traditional layer-2 services such as ATM or Frame Relay.
The term "MPLS core" is defined for this document as the set of
Provider Edge (PE) and provider (P) routers that provide a BGP/MPLS
IP VPN service, typically under the control of a single service
provider (SP). This document assumes that the MPLS core network is
trusted and secure. Thus, it does not address basic security
concerns such as securing the network elements against unauthorised
access, misconfigurations of the core, or attacks internal to the
core. A customer that does not wish to trust the service provider
network must use additional security mechanisms such as IPsec over
Show full document text