Wednesday, February 11, 2009

PE-CE Labels Security In MPLSVPN

Yesterday I was asked a very good question from the security team that if any of the customer sends the labeled packet by spoofing it then what will happen in that case? I answered quickly that in such cases customer can forward only ip packet not a labeled packet because mpls ip is not configured on that interface and because of this PE is not going to accept the label packet. So no more label spoofing from CE end. But what about if CE sends the spoof ip packet in that case only CE vrf will be affected.

shivlu jain

People who read this post also read :

No comments: