PE-CE Labels Security In MPLSVPN

Yesterday I was asked a very good question from the security team that if any of the customer sends the labeled packet by spoofing it then what will happen in that case? I answered quickly that in such cases customer can forward only ip packet not a labeled packet because mpls ip is not configured on that interface and because of this PE is not going to accept the label packet. So no more label spoofing from CE end. But what about if CE sends the spoof ip packet in that case only CE vrf will be affected.


Share on facebook
Share on twitter
Share on linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

Become a member

Full Access to 739 Lessons. New Lessons Added Every Week!

Awesome Deal! Get 2 Months for FREE!

No Obligations. Cancel At Any Time!