[mpls-linux-general] Re: [MPLS-OPS]: security in the MPLS label's?
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
[mpls-linux-general] Re: [MPLS-OPS]: security in the MPLS label's?
|
From: Luc De G. <lde...@ci...> - 2002-11-26 15:32:11
|
Ramesh, You might want to start here : draft-behringer-mpls-security-03.txt Analysis of the Security of the MPLS Architecture Luc > Hi, > I have been discussing the pro's and con's of MPLS and someone > mentioned about the security in the network. > And i am not sure about the answer. > > What if i am able to recreate the label used in the MPLS? > - this can result in the mis-use of the QoS in a MPLS network? > > And we do not want to add any security to the MPLS label as it is "light > weight" and dont wanna overload it. > > So is there a RFC which deals with this issue? > > If the MPLS is on the back-bone network i guess it shouldnt be a problem, > but if it is on a VPN(which is not on the backbone) then wouldnt be a > serious security hole? > > So can someone help me out with this question? > > thanks in advance > Ramesh > > > On Tue, 26 Nov 2002, alexb wrote: > > > Hi > > > > IMHO if a table with MPLS labels on P router is addressed by received label > > value than > > it should be much faster then doing IP lookup on a IP search tree > > > > alex > > > > > Hi, > > > > > > I guess it will be faster on the P router...... > > > > > > mainly coz now you dont switch on "destn IP " lookups on ur Forwarding > > Table > > > (FT), u switch on labels... > > > > > > and labels are 20 bit not 24 bit.. > > > > > > seperating signalling (routing) from forwarding does help.. > > > > > > its simple, is the router noticeably faster when you have a seperate "FT"? > > > surely you cant dispute that..... > > > > > > if yes..now comes features and scalability..RSVP-TE stuff to be done (how > > > would you do it with only 8 queues in diffserv?)... > > > and how do you make "VPNs"? > > > > > > so it has to be looked at not in terms of "raw switching" but "features + > > > raw switching" being faster... > > > > > > -rgds > > > Alok > > > > > > ----- Original Message ----- > > > From: <st...@ne...> > > > To: <as...@ci...> > > > Cc: <ro...@no...>; <mpl...@mp...> > > > Sent: Tuesday, November 26, 2002 3:12 PM > > > Subject: Re: Fwd: [MPLS-OPS]: basic question on MPLS > > > > > > > > > > > At least it is not noticeably faster :) And of course > > > > > imposition/disposition is in fact slower than plain IP. IMHO it is > > > > > the decoupling of forwarding and routing that allows apps like > > > > > TE/VPNs that makes MPLS more attractive. > > > > > > > > Agreed. I'm simply wondering why people are still talking about > > > > MPLS being faster when that is one of the *least* interesting > > > > things about MPLS *if it ever was true). > > > > > > > > We are using MPLS for the VPN capabilities. > > > > > > > > Steinar Haug, Nethelp consulting, st...@ne... > > > > > > > > ------- > > > > The MPLS-OPS Mailing List > > > > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > > > > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > > > > > > > ------- > > > The MPLS-OPS Mailing List > > > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > > > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > > > > ------- > > The MPLS-OPS Mailing List > > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > > ------- > The MPLS-OPS Mailing List > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > |
