- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Insightful analysis by consultants Steve Taylor and Jim Metzler, plus links to the latest WAN news headlines
In the last newsletter, we discussed the inconvenience of router misconfiguration and the percentage of problems it causes for outages in IP-based networks. In order to look at the security impact of this misconfiguration, let's start with a quick overview of MPLS-based VPNs.
In most MPLS implementations, traffic passes from a customer edge (CE) router to a provider edge (PE) router. Then it traverses the internal network of the service provider.
All the traffic leaving a particular customer premise from a CE router belongs to that particular customer. However, the PE router is a shared resource that handles information from many customers. And, in the words of the bard, there's the rub.
As stressed in a recent briefing by route-analytics company Packet Design, a routing misconfiguration in the PE router can have serious impact in at least three areas:
1) Since the PE routers are the network interface, the routing prefixes must be distributed to each PE router to which the CE routers are connected.
2) The prefixes must be distributed according to the proper policy.
3) The PE routers must be configured in a fashion that precludes routing prefixes from one customer's CE routers being shared with another customer's CE routers.
Addressing these three problems was the focus of a recent announcement by Packet Design. The company expanded the capabilities of its Route Explorer appliance, which is designed primarily for detecting and diagnosing routing problems in enterprise IP networks, to include detecting and diagnosing problems in service providers' MPLS VPN networks.
In particular, the focus is on making sure that the PE routers in the networks are properly maintaining the integrity of each individual network.
Read more about lans & wans in Network World's LANs & WANs section.