Service Provider MPLS VPN Security Considerations (Sponsored Research)

Multi-Protocol Labeled Switching (MPLS) has become a foundational protocol component of many service provider networks; MPLS enables enhanced quality of service, flexible redundancy, and provides traffic isolation within IP routing domains. That isolation capability has become an increasingly popular service offering to customers looking to interconnect their private networks with a provider managed MPLS VPN (Virtual Private Network) in which traffic is tunneled across the provider backbone between two MPLS enabled endpoints. Although these types of tunnels often are considered “private” connectivity, these circuits offer customers no degree of confidentiality if the transmission path of the circuit, physical links in intermediate facilities, or administrative domain of the service provider can be compromised.

This sponsored report examines the security of an externally managed MPLS L3 VPN circuit typical of service provider offerings from the customer perspective.