Análise dos Aspectos de Segurança das VPNs MPLS

Marcos A. de Siqueira; Marcel C. de Castro; Emílio T. Nakamura

doi:10.5753/sbseg.2003.21254

Marcos A. de Siqueira CPqD Telecom & IT Solutions / UNICAMP
Marcel C. de Castro CPqD Telecom & IT Solutions / UNICAMP
Emílio T. Nakamura CPqD Telecom & IT Solutions

DOI: https://doi.org/10.5753/sbseg.2003.21254

Abstract

This paper presents the MPLS VPN architecture focusing its security aspects. The possible threats are classified in two visions: the user side and the provider side. The possible kinds of attacks from/to both sides are discussed, as well as new and well known solutions for attack prevention. Finally, some attack simulations are performed over a testbed network providing MPLS-BGP VPN services.

Keywords: PPVPN, MPLS, Segurança de Redes

References

E. C. Rosen, et al., BGP/MPLS VPNs (RFC2547bis), IETF Internet Draft, Outubro 2002.

R. Callon, M. Suzuki, A Framework for Layer 3 Provider Provisioned Virtual Private Networks, IETF Internet Draft, Março 2003.

B. Fox, B. Gleeson, Virtual Private Networks Identifier, IETF RFC 2685, Setembro 1999.

T. Bates, Y. Rekhter, R. Chandra, D. Katz, Multiprotocol Extensions for BGP-4, IETF RFC 2858, Junho 2000.

T. Senevirathne, Secure MPLS Encryption and Authentication of MPLS payloads, IETF Internet Draft, Julho 2002.

E. C. Rosen, J. D. Clercq, O. Paridaens, Y. T'Joens, C. Sargor, Use of PE-PE IPsec in RFC2547 VPNs, IETF Internet Draft, Fevereiro 2003.

M. Behringer, Analysis of the Security of the MPLS Architecture, IETF Internet Draft, Outubro 2002.

Michael Behringer, Jim Guichard, MPLS VPN Import/Export Verification, IETF Internet Draft, Janeiro 2002.

R. Bonica, Y. Rekhter, R. Raszuk, E. Rosen, D. Tappan, CE-to-CE Member Verification for Layer 3 VPNs, IETF Internet Draft, Fevereiro 2003.