Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 4381

Document Type RFC - Informational (February 2006; No errata)
Last updated 2013-03-02
Stream ISE
Formats plain text pdf html
Stream ISE state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4381 (Informational)
Telechat date
Responsible AD Alex Zinin
Send notices to (None)
Network Working Group                                       M. Behringer
Request for Comments: 4381                             Cisco Systems Inc
Category: Informational                                    February 2006

                Analysis of the Security of BGP/MPLS IP
                    Virtual Private Networks (VPNs)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

IESG Note

   The content of this RFC was at one time considered by the IETF, and
   therefore it may resemble a current IETF work in progress or a
   published IETF work.  This RFC is not a candidate for any level of
   Internet Standard.  The IETF disclaims any knowledge of the fitness
   of this RFC for any purpose, and in particular notes that the
   decision to publish is not based on IETF review for such things as
   security, congestion control or inappropriate interaction with
   deployed protocols.  The RFC Editor has chosen to publish this
   document at its discretion.  Readers of this RFC should exercise
   caution in evaluating its value for implementation and deployment.
   See RFC 3932 for more information.

Abstract

   This document analyses the security of the BGP/MPLS IP virtual
   private network (VPN) architecture that is described in RFC 4364, for
   the benefit of service providers and VPN users.

   The analysis shows that BGP/MPLS IP VPN networks can be as secure as
   traditional layer-2 VPN services using Asynchronous Transfer Mode
   (ATM) or Frame Relay.

Behringer                    Informational                      [Page 1]
RFC 4381              Security of BGP/MPLS IP VPNs         February 2006

Table of Contents

   1. Scope and Introduction ..........................................3
   2. Security Requirements of VPN Networks ...........................4
      2.1. Address Space, Routing, and Traffic Separation .............4
      2.2. Hiding the Core Infrastructure .............................5
      2.3. Resistance to Attacks ......................................5
      2.4. Impossibility of Label Spoofing ............................6
   3. Analysis of BGP/MPLS IP VPN Security ............................6
      3.1. Address Space, Routing, and Traffic Separation .............6
      3.2. Hiding of the BGP/MPLS IP VPN Core Infrastructure ..........7
      3.3. Resistance to Attacks ......................................9
      3.4. Label Spoofing ............................................11
      3.5. Comparison with ATM/FR VPNs ...............................12
   4. Security of Advanced BGP/MPLS IP VPN Architectures .............12
      4.1. Carriers' Carrier .........................................13
      4.2. Inter-Provider Backbones ..................................14
   5. What BGP/MPLS IP VPNs Do Not Provide ...........................16
      5.1. Protection against Misconfigurations of the Core
           and Attacks 'within' the Core .............................16
      5.2. Data Encryption, Integrity, and Origin Authentication .....17
      5.3. Customer Network Security .................................17
   6. Layer 2 Security Considerations ................................18
   7. Summary and Conclusions ........................................19
   8. Security Considerations ........................................20
   9. Acknowledgements ...............................................20
   10. Normative References ..........................................20
   11. Informative References ........................................20

Behringer                    Informational                      [Page 2]
RFC 4381              Security of BGP/MPLS IP VPNs         February 2006

1.  Scope and Introduction

   As Multiprotocol Label Switching (MPLS) is becoming a more widespread
   technology for providing IP virtual private network (VPN) services,
   the security of the BGP/MPLS IP VPN architecture is of increasing
   concern to service providers and VPN customers.  This document gives
   an overview of the security of the BGP/MPLS IP VPN architecture that
   is described in RFC 4364 [1], and compares it with the security of
   traditional layer-2 services such as ATM or Frame Relay.

   The term "MPLS core" is defined for this document as the set of
   Provider Edge (PE) and provider (P) routers that provide a BGP/MPLS
   IP VPN service, typically under the control of a single service
   provider (SP).  This document assumes that the MPLS core network is
   trusted and secure.  Thus, it does not address basic security
   concerns such as securing the network elements against unauthorised
Show full document text