ISSN : 1796-2056
Volume : 2    Issue : 5    Date : September 2007

Enhanced Security Strategies for MPLS Signaling
Francesco Palmieri and Ugo Fiore
Page(s): 1-13
Full Text:
PDF (617 KB)

In an increasingly hostile environment, the need for security in network infrastructure is stronger
than ever, especially for Multi-Protocol Label Switching (MPLS), widely used to provide most of the
new-generation network infrastructure-level services in the Internet. Unfortunately, the MPLS control
plane lacks scalable verification for the authenticity and legitimacy of signaling messages and
communication between peer routers is subject to active and passive forgery, hijacking and
wiretapping activities. In this paper, we propose a robust framework for MPLS-based network
survivability against security threats. The security of MPLS control plane protocols can be greatly
enhanced by requiring digital signature of all the signaling messages, in accordance with a
common security paradigm valid for all the protocols. Our design goals include integrity
safeguarding, protection against replay attacks, and gradual deployment, with routers not
supporting authentication breaking the trust chain but operating undisturbed under any other

Index Terms
MPLS, strong authentication, integrity, label distribution, signaling