nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: MPLS and VLAN info

From: Irwin Lazar <ILazar () tbg com>
Date: Mon, 19 Feb 2001 19:06:54 -0700

Michael,
Network Magazine just ran a fairly lengthy article on various approaches to
VPN's, including network-based versus CPE approaches.  You can find it at:
http://www.networkmagazine.com/article/NMG20010125S0013

If memory serves me correctly, they did address the security issues of MPLS
vs. encrypted VLANs.  In a nutshell, MPLS VPN's, from a security aspect,
aren't all that different from other PVC based services such as Frame Relay
and ATM.  Traffic is basically isolated into the MPLS label switch path (or
PVC).  IPsec-based VPNs provide additional security by encrypting the
traffic that rides on top fo the MPLS LSP.  Depending on where the
encryption occurs, it is quite possible to run IPsec over an MPLS-VPN.  The
real benefit to MPLS-VPNs is the elimination of the need for dedicated
intelligent CPE, which "in-theory" should make it easier and cheaper for
service providers to roll out IP-VPN services.

In terms of VLAN security, have a look through the archives of the firewall
wizards mailing list at http://www.nfr.com/pipermail/firewall-wizards/.
This topic has been addressed quite a bit in the past.

You might also want to check out my MPLS site at www.mplsrc.com for links to
articles & drafts on MPLS topics.

Irwin

------
Irwin Lazar, Senior Consultant
The Burton Group - www.tbg.com
ilazar () tbg com
703-742-9659 (office)
703-402-4119 (cell)
The Ultimate Resource For Network Architects



-----Original Message-----
From: Michael Long [mailto:mlong () sac verio net]
Sent: Monday, February 19, 2001 8:00 PM
To: nanog () merit edu
Subject: MPLS and VLAN info




I need to educate some coworkers (who aren't all that familiar with
networks) and my boss on the security advantages of MPLS and VLAN's. I
guess I don't seem to be communiating it very well because 
they just don't
get it. Can anyone point me to some good technical docs that 
specifically
deal with some of the benefints of MPLS and VLAN's. 
Specifically security
related would help.

TIA,

Michael Long
Previous By Date Next
Previous By Thread Next

Current thread: