The purpose of the RD is to allow the entire IPv4 space to be used in different contexts (for VPNs, in our example). On a given router, a single RD can define a VPN routing/forwarding instance (VRF), in which the entire IPv4 address space may be used independently.
To be able to distinguish between addresses from different VPNs, RFC 2547bis does not use standard IPv4 (or IPv6) addressing on the control plane for VPNs on the core. Instead, the standard introduces the concept of the VPN-IPv4 or VPN-IPv6 address family. A VPN-IPv4 address consists of an 8-byte route distinguisher (RD) followed by a 4-byte IPv4 address, as shown in . Similarly, a VPN-IPv6 address consists of an 8-byte route distinguisher (RD) followed by a 16-byte IPv6 address.
Again, this chapter assumes that the network is securely implemented and operated, and the analysis concentrates completely on the standard.
In other words, a given VPN must be completely separate from other VPNs or the core in terms of traffic separation and address space separation. We will now analyze how the standard, RFC 2547bis, meets these requirements. In the first section, we see how it achieves address space separation, and in the following section how data and control traffic are kept architecturally separateвЂ"between VPNs, but also between a VPN and the core.
The service provider has the requirement that the core remain separate from the VPNs in the sense that the address space in use does not conflict with any VPN and that VPN traffic remains separate on the core from the control plane traffic on the core.
The CE-PE links belong logically to the VPN, even though they are usually addressed with provider address space. The reason provider address space is used is that management from the NOC requires unique CE addresses.
Another requirement is that each VPN be able to use the complete IP address space without affecting or being affected by other VPNs or the core.
The most important security requirement for VPN users is typically that their traffic be kept separate from other VPN traffic and core traffic. This refers to both its traffic not being seen in other VPNs, and also other VPNs traffic or core traffic not intruding into their VPN. Referring to the threat model from the previous chapter, this section analyses a threat against a VPN, specifically intrusions into and from other VPNs.
Комментариев нет:
Отправить комментарий