Michael, Network Magazine just ran a fairly lengthy article on various approaches to VPN's, including network-based versus CPE approaches. You can find it at: http://www.networkmagazine.com/article/NMG20010125S0013 If memory serves me correctly, they did address the security issues of MPLS vs. encrypted VLANs. In a nutshell, MPLS VPN's, from a security aspect, aren't all that different from other PVC based services such as Frame Relay and ATM. Traffic is basically isolated into the MPLS label switch path (or PVC). IPsec-based VPNs provide additional security by encrypting the traffic that rides on top fo the MPLS LSP. Depending on where the encryption occurs, it is quite possible to run IPsec over an MPLS-VPN. The real benefit to MPLS-VPNs is the elimination of the need for dedicated intelligent CPE, which "in-theory" should make it easier and cheaper for service providers to roll out IP-VPN services. In terms of VLAN security, have a look through the archives of the firewall wizards mailing list at http://www.nfr.com/pipermail/firewall-wizards/. This topic has been addressed quite a bit in the past. You might also want to check out my MPLS site at www.mplsrc.com for links to articles & drafts on MPLS topics. Irwin ------ Irwin Lazar, Senior Consultant The Burton Group - www.tbg.com ilazar@tbg.com 703-742-9659 (office) 703-402-4119 (cell) The Ultimate Resource For Network Architects
-----Original Message----- From: Michael Long [mailto:mlong@sac.verio.net] Sent: Monday, February 19, 2001 8:00 PM To: nanog@merit.edu Subject: MPLS and VLAN info
I need to educate some coworkers (who aren't all that familiar with networks) and my boss on the security advantages of MPLS and VLAN's. I guess I don't seem to be communiating it very well because they just don't get it. Can anyone point me to some good technical docs that specifically deal with some of the benefints of MPLS and VLAN's. Specifically security related would help.
TIA,
Michael Long