Copyright 2001, Miercom
410 Hightstown Road
All rights reserved
Princeton Junction, NJ 08550
609-490-0200; fax 609-490-0610
info@mier.com www.mier.com
The leading edge in networking information
White Paper
Cisco MPLS based VPNs:
Equivalent to the security of Frame
Relay and ATM
March 30, 2001
Abstract: The purpose of this white paper is to present discussion and findings that conclude
that Cisco MPLS-based VPNs are as secure as their layer 2 counterparts such as Frame-
Relay and ATM. This document details a series of tests were carried out on a Cisco router test
bed validating that MPLS based VPNs (MPLS-VPN) provide the same security as Frame-Relay
or ATM.
ATM and Frame-Relay have a reputation in the industry as being secure foundations for
enterprise connectivity. Essential items that make ATM and Frame-Relay a secure network
were considered and tested on an MPLS-VPN.
• Address and routing separation equivalent to layer 2 models
• A service provider core network that is not visible to the outside world
• A network that is resistant to attacks
The test results show that MPLS-VPNs provide the previous features at or above the level
of a layer 2 VPN such as Frame-Relay or ATM.
As described in greater detail through out this paper a test bed of 22 Cisco routers was
used, including- two Cisco 12000 series Internet routers, two 7505s, four 7206 VXRs, five
3640s, five 2611s, and four 1750s running IOS version (12.0) and (12.1) to implement the
necessary functions to provide a stable and secure MPLS core.
Miercom
2
30 March 01
Copyright 2001, All rights reserved
Introduction
Today, business customers accept the level of security that Frame-Relay and ATM
offer as layer 2 VPNs, however they might have concerns about the level of security that
an MPLS based VPN offers. The goal of this paper is to answer those questions and
provide proof with test results that an MPLS based VPN solution is as secure as a
comparable