SlideShare a Scribd company logo

MPLS VPN Security Assessment Tool Checks Network Configurations

Download as PPT, PDF
I
innyspencer

This document discusses security concerns regarding MPLS VPN configurations and proposes methods to check MPLS VPN configurations for errors and compliance. Key points that should be checked include VPN access points, VRF configurations, route distinguishers (RD), route targets (RT), routes, and administrative/service VPN configurations. A tool is proposed to collect configuration data from provider edge (PE) routers periodically and check for obvious errors, inconsistencies, and non-compliance between actual and allocated configurations across all VPNs in the network. Results would be provided to both network operators and VPN owners.

1 of 31
MPLS VPN Security assessment C. Anselme-Moizan [email_address]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
MPLS VPN ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
MPLS VPN vs. FR full mesh MPLS VPN security assessment
MPLS ,[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
MPLS : label distribution (LDP) MPLS VPN security assessment PE PE PE CE CE P 1 1 0 128.89 171.69 Label 7 for 171.69 Label 9 for 128.89 Label 4 for 128.89 Label 5 for 171.69 0 In Tag Prefix Out Iface Out Tag - 128.89 1 4 - 171.69 1 5 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 4 128.89 0 9 5 171.69 1 7 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 9 128.89 0 - … .. … .. … .. … .
MPLS : label switching (no VPN) MPLS VPN security assessment PE PE PE CE CE P 1 1 0 128.89 171.69 CE 128.89.25.4 data 128.89.25.4 data 128.89.25.4 data 0 4 128.89.25.4 data 9 In Tag Prefix Out Iface Out Tag - 128.89 1 4 - 171.69 1 5 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 4 128.89 0 9 5 171.69 1 7 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 9 128.89 0 - … .. … .. … .. … .
VRF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
MP-iBGP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
VRF configuration example ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
VRF configuration example ,[object Object],[object Object],[object Object],MPLS VPN security assessment
MPLS/VPN ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Route Reflector ,[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment PE PE PE PE PE PE PE PE PE PE PE PE RR RR
Extranet ,[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Admin/Service VPN ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Admin/Service VPN MPLS VPN security assessment 9999:0001 9999:0002 9999:20000 9999:20000 9999:30000 9999:30000 Management Green Red
Import map, Export map ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Import map, Export map ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Security concerns ,[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Security concerns ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
What to check about MPLS/VPN configuration ? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
How to check ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
How to check ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
How to check ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Results exploitation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
Results exploitation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment
MPLS VPN security assessment
MPLS VPN security assessment
MPLS VPN security assessment
MPLS VPN security assessment
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MPLS VPN security assessment

Recommended

VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)Netwax Lab
 
MPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf TrafficMPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf Trafficalco
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
Unknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping PollersUnknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping PollersAPNIC
 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
 
FreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open developmentFreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open developmentAPNIC
 
Juniper L2 MPLS VPN
Juniper L2 MPLS VPNJuniper L2 MPLS VPN
Juniper L2 MPLS VPNmehrdad1981
 
214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deployment214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deploymentcoolboyasif
 

Recommended

VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)Netwax Lab
 
MPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf TrafficMPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf Trafficalco
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
Unknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping PollersUnknown Unicast Traffic and Ping Pollers
Unknown Unicast Traffic and Ping PollersAPNIC
 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
 
FreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open developmentFreeRangeRouting - A new Quagga fork with more open development
FreeRangeRouting - A new Quagga fork with more open developmentAPNIC
 
Juniper L2 MPLS VPN
Juniper L2 MPLS VPNJuniper L2 MPLS VPN
Juniper L2 MPLS VPNmehrdad1981
 
214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deployment214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deploymentcoolboyasif
 
Mpls Services
Mpls ServicesMpls Services
Mpls ServicesKristof De Brouwer
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentBangladesh Network Operators Group
 
Internet technology unit 2
Internet technology unit 2Internet technology unit 2
Internet technology unit 2WE-IT TUTORIALS
 
MPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - ServicesMPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - ServicesEricsson
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guideabhijitgnbbl
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringAPNIC
 
CCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationCCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationDsunte Wilson
 
CCNA Router and IOS Basics
CCNA Router and IOS BasicsCCNA Router and IOS Basics
CCNA Router and IOS BasicsDsunte Wilson
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheetaromal4frnz
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGPPrivate
 
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...Vishal Sharma, Ph.D.
 
Session 3
Session 3Session 3
Session 3ahmed elmeghiny
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchAruba, a Hewlett Packard Enterprise company
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
Bgp
BgpBgp
BgpFebrian ‎
 
Session 2
Session 2Session 2
Session 2ahmed elmeghiny
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
Chap 11
Chap 11Chap 11
Chap 11north gujarat university,patan
 
Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)NetProtocol Xpert
 
Mpls security - Venice 2014
Mpls security - Venice 2014 Mpls security - Venice 2014
Mpls security - Venice 2014 Wardner Maia
 
The known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondThe known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondSiddharth Rao
 

More Related Content

What's hot

Internet technology unit 2
Internet technology unit 2Internet technology unit 2
Internet technology unit 2WE-IT TUTORIALS
 
MPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - ServicesMPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - ServicesEricsson
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringAPNIC
 
CCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationCCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationDsunte Wilson
 
CCNA Router and IOS Basics
CCNA Router and IOS BasicsCCNA Router and IOS Basics
CCNA Router and IOS BasicsDsunte Wilson
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheetaromal4frnz
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGPPrivate
 
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...Vishal Sharma, Ph.D.
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)NetProtocol Xpert
 

What's hot (20)

Mpls Services
Mpls ServicesMpls Services
Mpls Services
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN Deployment
 
Internet technology unit 2
Internet technology unit 2Internet technology unit 2
Internet technology unit 2
 
MPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - ServicesMPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - Services
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guide
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
 
CCNA Router Startup and Configuration
CCNA Router Startup and ConfigurationCCNA Router Startup and Configuration
CCNA Router Startup and Configuration
 
CCNA Router and IOS Basics
CCNA Router and IOS BasicsCCNA Router and IOS Basics
CCNA Router and IOS Basics
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
 
Ccna cheat sheet
Ccna cheat sheetCcna cheat sheet
Ccna cheat sheet
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGP
 
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...
Internet Routing Protocols: Fundamental Concepts of Distance-Vector and Link-...
 
Session 3
Session 3Session 3
Session 3
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
 
Bgp
BgpBgp
Bgp
 
Session 2
Session 2Session 2
Session 2
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network Operators
 
Chap 11
Chap 11Chap 11
Chap 11
 
Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)Virtual Routing and Forwarding, (VRF-lite)
Virtual Routing and Forwarding, (VRF-lite)
 

Viewers also liked

Mpls security - Venice 2014
Mpls security - Venice 2014 Mpls security - Venice 2014
Mpls security - Venice 2014 Wardner Maia
 
The known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondThe known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondSiddharth Rao
 
Telco Business & Technology
Telco Business & TechnologyTelco Business & Technology
Telco Business & TechnologySARCCOM
 
Evolving the service provider architecture to unleash the potential of IoT - ...
Evolving the service provider architecture to unleash the potential of IoT - ...Evolving the service provider architecture to unleash the potential of IoT - ...
Evolving the service provider architecture to unleash the potential of IoT - ...FrenchWeb.fr
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkP1Security
 
Telco-OTT: infrastructure challenges and solutions
Telco-OTT: infrastructure challenges and solutionsTelco-OTT: infrastructure challenges and solutions
Telco-OTT: infrastructure challenges and solutionsVictor Pascual Ávila
 
The Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudThe Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudMarco Rodrigues
 
Telco 4.0 Business Operating Model Value Proposition Overview
Telco 4.0 Business Operating Model Value Proposition OverviewTelco 4.0 Business Operating Model Value Proposition Overview
Telco 4.0 Business Operating Model Value Proposition OverviewNigel Tebbutt
 

Viewers also liked (8)

Mpls security - Venice 2014
Mpls security - Venice 2014 Mpls security - Venice 2014
Mpls security - Venice 2014
 
The known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondThe known unknowns of SS7 and beyond
The known unknowns of SS7 and beyond
 
Telco Business & Technology
Telco Business & TechnologyTelco Business & Technology
Telco Business & Technology
 
Evolving the service provider architecture to unleash the potential of IoT - ...
Evolving the service provider architecture to unleash the potential of IoT - ...Evolving the service provider architecture to unleash the potential of IoT - ...
Evolving the service provider architecture to unleash the potential of IoT - ...
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
 
Telco-OTT: infrastructure challenges and solutions
Telco-OTT: infrastructure challenges and solutionsTelco-OTT: infrastructure challenges and solutions
Telco-OTT: infrastructure challenges and solutions
 
The Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudThe Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco Cloud
 
Telco 4.0 Business Operating Model Value Proposition Overview
Telco 4.0 Business Operating Model Value Proposition OverviewTelco 4.0 Business Operating Model Value Proposition Overview
Telco 4.0 Business Operating Model Value Proposition Overview
 

Similar to MPLS VPN Security Assessment Tool Checks Network Configurations

Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.ripfarhanica
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
ODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptmarwan76
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccnarobertoxe
 
MPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfMPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfHuynh MVT
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Jisc
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsThomas Morin
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.Kapil Sabharwal
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
CisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecCisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecAreaNetworking.it
 
Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPN Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPNThomas Morin
 
Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...Ashish Tanwer
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answersccna4discovery
 

Similar to MPLS VPN Security Assessment Tool Checks Network Configurations (20)

Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
ODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).pptODA000017 MPLS VPN(L3).ppt
ODA000017 MPLS VPN(L3).ppt
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
Mpls
MplsMpls
Mpls
 
MPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdfMPLS-based Layer 3 VPNs.pdf
MPLS-based Layer 3 VPNs.pdf
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNs
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Mpls vpn
Mpls vpnMpls vpn
Mpls vpn
 
IIR VPN London
IIR VPN LondonIIR VPN London
IIR VPN London
 
CisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecCisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsec
 
Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPN Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPN
 
Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...Cube2012 high capacity service provider design using gpmls for ip next genera...
Cube2012 high capacity service provider design using gpmls for ip next genera...
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answers
 

MPLS VPN Security Assessment Tool Checks Network Configurations

  • 1. MPLS VPN Security assessment C. Anselme-Moizan [email_address]
  • 2.
  • 3.
  • 4. MPLS VPN vs. FR full mesh MPLS VPN security assessment
  • 5.
  • 6. MPLS : label distribution (LDP) MPLS VPN security assessment PE PE PE CE CE P 1 1 0 128.89 171.69 Label 7 for 171.69 Label 9 for 128.89 Label 4 for 128.89 Label 5 for 171.69 0 In Tag Prefix Out Iface Out Tag - 128.89 1 4 - 171.69 1 5 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 4 128.89 0 9 5 171.69 1 7 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 9 128.89 0 - … .. … .. … .. … .
  • 7. MPLS : label switching (no VPN) MPLS VPN security assessment PE PE PE CE CE P 1 1 0 128.89 171.69 CE 128.89.25.4 data 128.89.25.4 data 128.89.25.4 data 0 4 128.89.25.4 data 9 In Tag Prefix Out Iface Out Tag - 128.89 1 4 - 171.69 1 5 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 4 128.89 0 9 5 171.69 1 7 … .. … .. … .. … . In Tag Prefix Out Iface Out Tag 9 128.89 0 - … .. … .. … .. … .
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Admin/Service VPN MPLS VPN security assessment 9999:0001 9999:0002 9999:20000 9999:20000 9999:30000 9999:30000 Management Green Red
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. MPLS VPN security assessment
  • 28. MPLS VPN security assessment
  • 29. MPLS VPN security assessment
  • 30. MPLS VPN security assessment
  • 31.