IPSec over MPLS
Generally, the MPLS-VPN service provider must be trusted to some extent to fully secure the network. However, there might be an occasion where a customer requires total control over traffic that passes through the core. You cannot control the service provider portion of the network after traffic has left the CE router. For customers who have a requirement for a high level of security, consider the use of IPSec tunnels over the MPLS core.
View IPSec as an overlay network to the MPLS-VPN network. The MPLS infrastructure is not aware of the IPSec layer, nor is the IPSec layer aware of the MPLS-VPN network. IPSec merely requires IP connectivity between two endpoints in the customer network. An IPSec tunnel could be provisioned between ...
Get MPLS and VPN Architectures, Volume II now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
