VPN users have certain expectations and requirements for their VPN service. In a nutshell, they want their service to be both private and secure. In other words, they want their VPN to be as secure as with dedicated circuits while gaining the scalability benefits of a shared infrastructure. Both concepts, of privacy and security, are not black and white, and need to be defined for a real world implementation.

This chapter defines typical VPN security requirements, based on the threat model developed in the previous chapter, and discusses in detail how MPLS can fulfill them. The typical VPN security requirements are: VPN separation (addressing and traffic), robustness against attacks, hiding of the core infrastructure, and protection against VPN spoofing.

We also explain which security features MPLS VPNs do not provide, and compare the security capabilities of MPLS VPNs with Layer 2-based VPN services such as ATM and Frame Relay.

Reproduced from the book MPLS VPN Security. Copyright © 2005, Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.