Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 4381
Document | Type | RFC - Informational (February 2006; No errata) | |
---|---|---|---|
Author | Michael Behringer | ||
Last updated | 2018-12-20 | ||
Stream | Independent Submission | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | ISE state | (None) | |
Consensus Boilerplate | Unknown | ||
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4381 (Informational) | |
Action Holders |
(None)
|
||
Telechat date | |||
Responsible AD | Alex Zinin | ||
Send notices to | (None) |
Network Working Group M. Behringer Request for Comments: 4381 Cisco Systems Inc Category: Informational February 2006 Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). IESG Note The content of this RFC was at one time considered by the IETF, and therefore it may resemble a current IETF work in progress or a published IETF work. This RFC is not a candidate for any level of Internet Standard. The IETF disclaims any knowledge of the fitness of this RFC for any purpose, and in particular notes that the decision to publish is not based on IETF review for such things as security, congestion control or inappropriate interaction with deployed protocols. The RFC Editor has chosen to publish this document at its discretion. Readers of this RFC should exercise caution in evaluating its value for implementation and deployment. See RFC 3932 for more information. Abstract This document analyses the security of the BGP/MPLS IP virtual private network (VPN) architecture that is described in RFC 4364, for the benefit of service providers and VPN users. The analysis shows that BGP/MPLS IP VPN networks can be as secure as traditional layer-2 VPN services using Asynchronous Transfer Mode (ATM) or Frame Relay. Behringer Informational [Page 1] RFC 4381 Security of BGP/MPLS IP VPNs February 2006 Table of Contents 1. Scope and Introduction ..........................................3 2. Security Requirements of VPN Networks ...........................4 2.1. Address Space, Routing, and Traffic Separation .............4 2.2. Hiding the Core Infrastructure .............................5 2.3. Resistance to Attacks ......................................5 2.4. Impossibility of Label Spoofing ............................6 3. Analysis of BGP/MPLS IP VPN Security ............................6 3.1. Address Space, Routing, and Traffic Separation .............6 3.2. Hiding of the BGP/MPLS IP VPN Core Infrastructure ..........7 3.3. Resistance to Attacks ......................................9 3.4. Label Spoofing ............................................11 3.5. Comparison with ATM/FR VPNs ...............................12 4. Security of Advanced BGP/MPLS IP VPN Architectures .............12 4.1. Carriers' Carrier .........................................13 4.2. Inter-Provider Backbones ..................................14 5. What BGP/MPLS IP VPNs Do Not Provide ...........................16 5.1. Protection against Misconfigurations of the Core and Attacks 'within' the Core .............................16 5.2. Data Encryption, Integrity, and Origin Authentication .....17 5.3. Customer Network Security .................................17 6. Layer 2 Security Considerations ................................18 7. Summary and Conclusions ........................................19 8. Security Considerations ........................................20 9. Acknowledgements ...............................................20 10. Normative References ..........................................20 11. Informative References ........................................20 Behringer Informational [Page 2] RFC 4381 Security of BGP/MPLS IP VPNs February 2006 1. Scope and Introduction As Multiprotocol Label Switching (MPLS) is becoming a more widespread technology for providing IP virtual private network (VPN) services, the security of the BGP/MPLS IP VPN architecture is of increasing concern to service providers and VPN customers. This document gives an overview of the security of the BGP/MPLS IP VPN architecture that is described in RFC 4364 [1], and compares it with the security of traditional layer-2 services such as ATM or Frame Relay. The term "MPLS core" is defined for this document as the set of Provider Edge (PE) and provider (P) routers that provide a BGP/MPLS IP VPN service, typically under the control of a single service provider (SP). This document assumes that the MPLS core network is trusted and secure. Thus, it does not address basic security concerns such as securing the network elements against unauthorised access, misconfigurations of the core, or attacks internal to the core. A customer that does not wish to trust the service provider network must use additional security mechanisms such as IPsec overShow full document text