The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Basic LDP Question
Shahram Davari wrote: > > This is not about OAM debate. It is about security. If you are allergic to this name let's call it "maintenance" or "X" or anything you like. What will you do in your VPN network to make sure that a customer's traffic is not forwarded to wrong destination? You need "X" don't you? You need this both for LDP LSP as well for any IP tunneling as well to make sure your PE-PE tunnel whatever it can be is up & running and your VPN customers can in fact communicate. Sure we could argue long about that one but I don't think this is really significant issue any more. See lsp-ping draft if you have doubts :). As to the original question from the real deployment point of view there are three main reasons: A) performance and availability of MPLS encapsulation versus IP encapsulation. AFAIK most widely shipping boxes require an extra hardware to do IP encapsulation at an acceptable rate while MPLS encapsulation is supported at line rate much wider. B) Overhead 20 bytes (or more if key is used) versus 4 is from a practical point of view a big difference. Even with extra 4 bytes the headache of MTU problems still exists. C) Loadbalancing in the core ... See when you encapsulate all of your PE-PE traffic in one IP header, the FIB hash will be identical to all VPN customers residing on those PEs hence all the packets will take the same path. This is very bad indeed. In MPLS we can build the hash based on labels or even look higher at the original VPN IP packet so the distribution of VPN flows in the core is much more larger. D) Security or I should rather say protection of data integrity. Rgs, R.
|
|