[mpls-linux-general] security in the MPLS label's?
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
[mpls-linux-general] security in the MPLS label's?
|
From: Ramesh M. <ra...@bo...> - 2002-11-26 14:32:43
|
Hi, I have been discussing the pro's and con's of MPLS and someone mentioned about the security in the network. And i am not sure about the answer. What if i am able to recreate the label used in the MPLS? - this can result in the mis-use of the QoS in a MPLS network? And we do not want to add any security to the MPLS label as it is "light weight" and dont wanna overload it. So is there a RFC which deals with this issue? If the MPLS is on the back-bone network i guess it shouldnt be a problem, but if it is on a VPN(which is not on the backbone) then wouldnt be a serious security hole? So can someone help me out with this question? thanks in advance Ramesh On Tue, 26 Nov 2002, alexb wrote: > Hi > > IMHO if a table with MPLS labels on P router is addressed by received label > value than > it should be much faster then doing IP lookup on a IP search tree > > alex > > > Hi, > > > > I guess it will be faster on the P router...... > > > > mainly coz now you dont switch on "destn IP " lookups on ur Forwarding > Table > > (FT), u switch on labels... > > > > and labels are 20 bit not 24 bit.. > > > > seperating signalling (routing) from forwarding does help.. > > > > its simple, is the router noticeably faster when you have a seperate "FT"? > > surely you cant dispute that..... > > > > if yes..now comes features and scalability..RSVP-TE stuff to be done (how > > would you do it with only 8 queues in diffserv?)... > > and how do you make "VPNs"? > > > > so it has to be looked at not in terms of "raw switching" but "features + > > raw switching" being faster... > > > > -rgds > > Alok > > > > ----- Original Message ----- > > From: <st...@ne...> > > To: <as...@ci...> > > Cc: <ro...@no...>; <mpl...@mp...> > > Sent: Tuesday, November 26, 2002 3:12 PM > > Subject: Re: Fwd: [MPLS-OPS]: basic question on MPLS > > > > > > > > At least it is not noticeably faster :) And of course > > > > imposition/disposition is in fact slower than plain IP. IMHO it is > > > > the decoupling of forwarding and routing that allows apps like > > > > TE/VPNs that makes MPLS more attractive. > > > > > > Agreed. I'm simply wondering why people are still talking about > > > MPLS being faster when that is one of the *least* interesting > > > things about MPLS *if it ever was true). > > > > > > We are using MPLS for the VPN capabilities. > > > > > > Steinar Haug, Nethelp consulting, st...@ne... > > > > > > ------- > > > The MPLS-OPS Mailing List > > > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > > > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > > > > ------- > > The MPLS-OPS Mailing List > > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > ------- > The MPLS-OPS Mailing List > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > |
