Neighbor Authentication

Many points of vulnerability in an MPLS VPN network can be minimized through the use of neighbor authentication. This type of authentication prevents a router from receiving fraudulent updates from a routing neighbor and can also be used to verify updates it receives from a label distribution peer.

If routing protocol authentication is not enabled between neighbors, then security of the network could be compromised by the introduction of bogus routes. An unauthorised router could inject routes to divert traffic toward a monitoring point, where the data in the IP packets could be analyzed. Routes could also be introduced for no other reason than to disrupt the network and cause DoS.

In Cisco IOS, neighbor authentication ...

Get MPLS and VPN Architectures, Volume II now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.