CE-to-CE Authentication

An area that is currently being addressed in the IETF is that of CE-to-CE authentication. When a CE router is connected to a PE router, mechanisms are available to ensure that the direct connection to the network is validated. These include PPP authentication and neighbor authentication using MD5. However, no mechanism is presently available to verify that the CE router and the customer network are indeed connected to the correct VPN in the MPLS network.

The basic premise is that the customer can expect to be connected to the correct VPN by the service provider, and that the customer's traffic will not be transported outside the VPN. Furthermore, it is assumed that unauthorized traffic will not be allowed into the customer's ...

Get MPLS and VPN Architectures, Volume II now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.