O'Reilly logo

MPLS and VPN Architectures, Volume II by Jeff Apcar, Ivan Pepelnjak, Jim Guichard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Control of Routes That Are Injected into a VRF

An area that can cause DoS in an MPLS VPN network is an excessive number of routes being injected from the CE router to the VRF in the PE router, resulting in memory exhaustion and possible failure of the PE router. A VRF on a PE router can be populated with customer routes in several ways:

  • Through direct configuration into the VRF of static routes that the service provider enters

  • Through the use of a dynamic routing protocol between the CE router and the PE router

  • Through Multiprotocol BGP for exchange of VPNv4 routes between PE routers (including intranet, extranet, and Internet VPNs)

The use of static routing provides the greatest security because the service provider controls the destinations and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required