Yesterday I was asked a very good question from the security team that if any of the customer sends the labeled packet by spoofing it then what will happen in that case? I answered quickly that in such cases customer can forward only ip packet not a labeled packet because mpls ip is not configured on that interface and because of this PE is not going to accept the label packet. So no more label spoofing from CE end. But what about if CE sends the spoof ip packet in that case only CE vrf will be affected.
regards
shivlu jain
Wednesday, February 11, 2009
PE-CE Labels Security In MPLSVPN
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment