MPLS and VLAN info

Irwin Lazar ILazar at tbg.com
Tue Feb 20 02:06:54 UTC 2001 

Michael,
Network Magazine just ran a fairly lengthy article on various approaches to
VPN's, including network-based versus CPE approaches.  You can find it at:
http://www.networkmagazine.com/article/NMG20010125S0013

If memory serves me correctly, they did address the security issues of MPLS
vs. encrypted VLANs.  In a nutshell, MPLS VPN's, from a security aspect,
aren't all that different from other PVC based services such as Frame Relay
and ATM.  Traffic is basically isolated into the MPLS label switch path (or
PVC).  IPsec-based VPNs provide additional security by encrypting the
traffic that rides on top fo the MPLS LSP.  Depending on where the
encryption occurs, it is quite possible to run IPsec over an MPLS-VPN.  The
real benefit to MPLS-VPNs is the elimination of the need for dedicated
intelligent CPE, which "in-theory" should make it easier and cheaper for
service providers to roll out IP-VPN services.

In terms of VLAN security, have a look through the archives of the firewall
wizards mailing list at http://www.nfr.com/pipermail/firewall-wizards/.
This topic has been addressed quite a bit in the past.

You might also want to check out my MPLS site at www.mplsrc.com for links to
articles & drafts on MPLS topics.

Irwin

------
Irwin Lazar, Senior Consultant
The Burton Group - www.tbg.com
ilazar at tbg.com
703-742-9659 (office)
703-402-4119 (cell)
The Ultimate Resource For Network Architects


> -----Original Message-----
> From: Michael Long [mailto:mlong at sac.verio.net]
> Sent: Monday, February 19, 2001 8:00 PM
> To: nanog at merit.edu
> Subject: MPLS and VLAN info
> 
> 
> 
> 
> I need to educate some coworkers (who aren't all that familiar with
> networks) and my boss on the security advantages of MPLS and VLAN's. I
> guess I don't seem to be communiating it very well because 
> they just don't
> get it. Can anyone point me to some good technical docs that 
> specifically
> deal with some of the benefints of MPLS and VLAN's. 
> Specifically security
> related would help.
> 
> TIA,
> 
> Michael Long
> 
>

More information about the NANOG mailing list