| Since the appearance of MPLS, it has aroused wide attention. Many manufacturers have successively devoted themselves to the research and exploration of MPLS. As the different programs entail different focuses, it will inevitably bring different benefits. But at least one point is certain, that is, the quick forwarding of MPLS will be beneficial to the operators and the big-scale enterprises. The internal and external operators and big-scale enterprises have begun to make use of MPLS in the interior of the backbone webs to enhance the utility rate of the Internet resources. As the key technology of the big-scale Internet operator in the future, MPLS can bring the following benefits to the operators or the big enterprises: ·Functional independence. According to MPLS, the forwarding function and the routing function are separated. The core of MPLS as such simply carries out the forwarding function while it does not need the full content of the watchdog. Thus this will permit the implement of the choice of one-time path and strategy in the network edge. ·Functional Optimization. MPLS combines the high efficiency of the second layer exchange and the flexibility of the third route. It not only simplifies the operation of IP route, but also makes full use of the network resources. Thus the functions of the network are optimized. ·Resources Control. MPLS can control the resources. Through the different COS, it can provide the IP increment business that cannot be realized originally. ·Network Evolution. MPLS has been evolving into a strong backbone network. In this network, as the only protocol operating on the basis of assorted second-layer media, it will become a key technology to carry out the third layer business (IP). Of course, MPLS have many other benefits. With the gradual maturity of the MPLS technology, it is believed that there will be more commercial values to be explored. MPLS VPN has combined the advantages of ATM and IP technologies. One important application of MPLS involves the second and third layer MPLS VPN, among which MPLS BPN is equal to the second layer special line VPN of ATM/FR imitated from the internet while the third layer MPLS VPN transmits the processing function of the enterprise routing table to the network edge router of the operator. The BGP/MPLS VPN implemented by the operators all over the world nowadays belongs to the third layer MPLS VPN. In the applied practice of the group network, MPLS VPN carries out businesses by making use of the IP network infrastructure facilities spread all over the world through Internet. It entails the advantages of the simple and flexible network disposition, less one-time money investment, low cost of the management and maintenance. It can make good use of the quick forwarding ability of the internet router and the width of the net transport strip at a low price to satisfy the applied need of the wider transport strip of the customers, such as the unified transport of video frequency, voice and data. As for the customers who organize their network by MPLS VPN, the operators have actually carried out the complicated WAN maintenance with high-tech containment. Therefore, what customers need to maintain is simple equipment with simple management, little workload and low technology containment. The customers can devote most of their attention to the construction and maintenance of the LAN. The main difference between MPLS VPN and the traditional special line network organization manner lies in that it greatly enhance the management efficiency of the network users and lower the cost of the users in this aspect as well. Besides, MPLS VPN can also provide the users the integrated internet connecting ability, which is very fit for the mid-sized and small enterprises that lack of the special technicians, who want to save money, who take the connection of the internet in the first place and take the visits of the interior network of the companies as the second place.In a word, since MPLS VPN entails very high theoretical and commercial values, it not only represents one direction of the development of the network, but also brings high economic values to the enterprises that use MPLS VPN. This article briefly introduces the significance, the basic principle, the signaling manner, network composition and the main technological characteristics of the appearance of MPLS. It also introduces the basic principle, the classification type, the traditional network organization and the main security protocol referred to; it describes the principles of MPLS VPN, including the basic principle, the classification type and the security function of MPLS VPN. The security of MPLS VPN is the focus of this article. It proposes the improvement program by analyzing the nowadays network security status quo and the existing problems. People have misunderstood the security of the MPLS technology on several points. The biggest misunderstanding is: MPLS based on IP is not secure. As a matter of fact, to enhance the security, MPLS has added many functions to the local IP network, including path seclusion, data separation, group filtering and the network concealment mechanism etc. Another misunderstanding is: service providers and customers can mutually invade the VPN of the other side. In fact, it is impossible, for the MPLS VPN of different customers is secluded. The third misunderstanding is: MPLS VPN can easily be assaulted by the external DOS. This is wrong. The pure MPLS VPN network is very secure. If the provider edge router only offers VPN input, the MPLS core that offers the Internet input in the meanwhile can effectively prevent the assault of DOS. Another common problem is: even though the special provider edge router facilitates the VPN service, it is liable to be assaulted by DOS. Though theoretically right, the real application never encounters such problems, for the connection with the invaders is easy to be found out and be disconnected in real application. This article analyses the above-mentioned problems in detail and puts forward the suggestions to enhance the network security of MPLS VPN. |
PDF Full Text Request