Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM

The purpose of this white paper is to present discussion and findings that conclude that Cisco MPLS-based VPNs are as secure as their layer 2 counterparts such as FrameRelay and ATM. This document details a series of tests were carried out on a Cisco router test bed validating that MPLS based VPNs (MPLS-VPN) provide the same security as Frame-Relay or ATM. ATM and Frame-Relay have a reputation in the industry as being secure foundations for enterprise connectivity. Essential items that make ATM and Frame-Relay a secure network were considered and tested on an MPLS-VPN. • Address and routing separation equivalent to layer 2 models • A service provider core network that is not visible to the outside world • A network that is resistant to attacks The test results show that MPLS-VPNs provide the previous features at or above the level of a layer 2 VPN such as Frame-Relay or ATM. As described in greater detail through out this paper a test bed of 22 Cisco routers was used, includingtwo 1200 GSRs, two 7505s, four 7206 VXRs, five 3640s, five 2611s, and four 1750s running IOS version (12.0) and (12.1) to implement the necessary functions to provide a stable and secure MPLS core.