"Cisco MPLS-based VPNs" & BGP Stability
I thought this might be of interest to folks here, it looks strikingly similar to draft-behringer-mpls-security-00.txt, which has uni-directionally discussed on the IETF's PPVPN mailing list a while back. I think a more pragmatic approach could have actually been useful, however, this would likely require a non-commissioned perspective. IMO, things like "Hiding the Service Provider Core Network" aren't very practical. I'd also like to get feedback on how folks see things like MPLS/BGP VPNs impacting Internet route table stability and convergence. After all, simply because it's not necessarily envisioned (by some) to be deployed inter-domain, it does make heavy use of BGP, which clearly impacts unicast stuff as well. -danny ------- Forwarded Message Date: Tue, 17 Apr 2001 12:08:01 -0400 To: mpls-ops@mplsrc.com From: Christopher Lewis <chrlewis@cisco.com> Subject: Security on MPLS VPNs The Mier group released a report that showed MPLS VPNs offer the same level of security that frame relay and ATM networks do. That report is available at http://www.mier.com/reports/cisco/MPLS-VPNs.pdf - ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml ------- End of Forwarded Message
Danny,
which clearly impacts unicast stuff as well.
Not at all. Please provide data which would prove your "clearly" statement. Second I would say if there is any impact this is only implementation specific impact. In other words if your bgp implementation does not separate different address family processing, trie maintenance, allow for independent timers etc ... you may be right but I am not aware of any such implementation deployed anywhere so far :). As a matter of fact a lot of today's mpls-vpn deployments use different set of relflector's hardware for vpnv4 routes plus are using default route for providing internet access for mpls-vpn customers so I don't really see how those SPs/ISPs would impact with mpls-vpns any ipv4 bgp Internet infrastructure or bgp stability. Total AF isolation can be also easily achived even for inter-as mpls-vpns as well with correctly architected design. R.
Danny McPherson wrote:
I thought this might be of interest to folks here, it looks strikingly similar to draft-behringer-mpls-security-00.txt, which has uni-directionally discussed on the IETF's PPVPN mailing list a while back.
I think a more pragmatic approach could have actually been useful, however, this would likely require a non-commissioned perspective. IMO, things like "Hiding the Service Provider Core Network" aren't very practical.
I'd also like to get feedback on how folks see things like MPLS/BGP VPNs impacting Internet route table stability and convergence. After all, simply because it's not necessarily envisioned (by some) to be deployed inter-domain, it does make heavy use of BGP, which clearly impacts unicast stuff as well.
-danny
------- Forwarded Message
Date: Tue, 17 Apr 2001 12:08:01 -0400 To: mpls-ops@mplsrc.com From: Christopher Lewis <chrlewis@cisco.com> Subject: Security on MPLS VPNs
The Mier group released a report that showed MPLS VPNs offer the same level of security that frame relay and ATM networks do. That report is available at http://www.mier.com/reports/cisco/MPLS-VPNs.pdf
- ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
------- End of Forwarded Message
participants (2)
-
Danny McPherson
-
Robert Raszuk