Skip Links

Watch for misconfigured MPLS VPNs

Security impact of router misconfigs

Wide Area Networking Alert By Steve Taylor and Joanie Wexler, Network World
October 25, 2004 12:04 PM ET
Sign up for this newsletter now!

Insightful analysis by consultants Steve Taylor and Jim Metzler, plus links to the latest WAN news headlines

In the last newsletter, we discussed the inconvenience of router misconfiguration and the percentage of problems it causes for outages in IP-based networks.  In order to look at the security impact of this misconfiguration, let's start with a quick overview of MPLS-based VPNs.

In most MPLS implementations, traffic passes from a customer edge (CE) router to a provider edge (PE) router.  Then it traverses the internal network of the service provider.

All the traffic leaving a particular customer premise from a CE router belongs to that particular customer.  However, the PE router is a shared resource that handles information from many customers.  And, in the words of the bard, there's the rub.

As stressed in a recent briefing by route-analytics company Packet Design, a routing misconfiguration in the PE router can have serious impact in at least three areas:

1) Since the PE routers are the network interface, the routing prefixes must be distributed to each PE router to which the CE routers are connected. 

2) The prefixes must be distributed according to the proper policy. 

3) The PE routers must be configured in a fashion that precludes routing prefixes from one customer's CE routers being shared with another customer's CE routers.

Addressing these three problems was the focus of a recent announcement by Packet Design.  The company expanded the capabilities of its Route Explorer appliance, which is designed primarily for detecting and diagnosing routing problems in enterprise IP networks, to include detecting and diagnosing problems in service providers' MPLS VPN networks. 

In particular, the focus is on making sure that the PE routers in the networks are properly maintaining the integrity of each individual network.

Read more about lans & wans in Network World's LANs & WANs section.

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler & Associates.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News