The MPLS WG Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

Secure MPLS

From: "Tissa Senevirathne" <tsenevir@hotmail.com>
Date: Tue, 30 Jul 2002 20:55:32 +0000
X-OriginalArrivalTime: 30 Jul 2002 20:55:32.0990 (UTC) FILETIME=[721A09E0:01C2380B]
X-Originating-IP: [66.7.144.1]

Hi Ron

  It depends based on what purpose the MPLS tunnel is used. if you take the 
case of VPLS, it is a LAN network with multi points of LSP. So there is no 
easy way you could provide an upper layer encryption.

However if you are using Encryption at the MPLS level the encryption is an 
attribute between two adjacent PE.

As an example instead of providing a costly VPLS service that requires 
encryption on all tunnels, one may choose to encrypt the tunnels across some 
untrusted domains,

On the other hand can this be provided as a value added service to the 
customer ?

>From: Ron Bonica <Ronald.P.Bonica@wcom.com>
>To: Tissa Senevirathne <tsenevir@hotmail.com>, mpls@uu.net
>Subject: RE: Secure MPLS
>Date: Tue, 30 Jul 2002 14:22:32 -0400
>
>Tissa,
>
>Given that the upper layers are capable of encryption using mechanisms like
>IPSEC, why would a service provider want to encrypt the contents of an MPLS
>LSP?
>
>Wouldn't you want to push the encryption function higher in the protocol
>stack and closer to the network edges?
>
>                                                     Ron
>
>
> > -----Original Message-----
> > From: ppvpn-owner@ppvpn.francetelecom.com
> > [mailto:ppvpn-owner@ppvpn.francetelecom.com]On Behalf Of Tissa
> > Senevirathne
> > Sent: Monday, July 29, 2002 11:03 PM
> > To: pwe3@ietf.org; mpls@uu.net; ppvpn@ppvpn.francetelecom.com
> > Subject: Secure MPLS
> >
> >
> >
> >
> >
> > At Yokhoma during PWe3 session, it was indicated that hackers are 
>waiting
> > for the day that L2 VPN get exposed in the WAN.
> >
> > In light of that I thought to restart the discussion on Secure MPLS.
> >
> > The link below is Secure MPLS ID. This ID present how MPLS
> > payloads can be
> > encrypted in a similar manner like IPsec when upper layers does not have
> > security capabilities. Or on links between PE to PE that are exposed to
> > public networks.
> >
> > http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-02.txt
> >
> > For those who are lot in to Security the DOI (Domain of
> > Interpretation) for
> > Secure MPLS can be found in
> >
> > http://search.ietf.org/internet-drafts/draft-tsenevir-smpls-doi-01.txt
> >
> > Could you provide comments and feedback.
> >
> > Thanks
> >
> > Tissa
> >
> > _________________________________________________________________
> > MSN Photos is the easiest way to share and print your photos:
> > http://photos.msn.com/support/worldwide.aspx
> >
> >




_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

Follow-Ups:
- Secure MPLS
  - From: Ben Black <ben@layer8.net>