An IPSec Mediation Approach for Safe Establishment of Inter-domain VPNs
In this paper we propose a new solution to increase the security of BGP/MPLS IP VPNs established across multiple domains. In general, layer 3 VPNs already present a number of security risks when used in single domain scenarios, since they are vulnerable to attacks originated inside the provider backbone. In order to overcome these risks, IPSec tunnels are recommended. In multi-domain scenarios, however, the safe establishment of such IPSec tunnels is much more difficult, due to need to set up proper Security Associations in an open environment. The solution we present in this paper not only solves this problem but also improves the dynamic composition of multi-domain VPNs, thus reducing the effort and time required to provide such VPNs.
KeywordsInter-domain VPN IPSec BGP/MPLS SOA Business Layer
Unable to display preview. Download preview PDF.
- 1.Rosen, E., et al.: BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4364 (2006)Google Scholar
- 2.Matos, A.V., Matos, F.M., Simões, P., Monteiro, E.: A Framework for the Establishment of Inter-Domain, On-Demand VPNs. In: 11th IEEE/IFIP Network Operations and Management Symposium – NOMS, pp. 232–239 (2008)Google Scholar
- 3.Behringer, M.: Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4381 (2006)Google Scholar
- 4.Rekhter, Y., Bonica, R., Rosen, E.: Use of Provider Edge to Provider Edge (PE-PE) Generic Routing Encapsulation (GRE) or IP in BGP/MPLS IP Virtual Private Networks. RFC 4797 (2007)Google Scholar
- 5.Rosen, E.: Applicability Statement for BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4365 (2006)Google Scholar
- 6.Alateras, J. (ed.): IPsphere Framework Technical Specification – Release 1 (2007), http://www.ipsphereforum.org/Files/IPSF_R1_Spec.pdf
- 7.Ren, R., Feng, D., Ma, K.: A detailed implement and analysis of MPLS VPN based on IPSec. In: Proceedings of International Conference on Machine Learning and Cybernetics, vol. 5, pp. 2779–2783 (2004)Google Scholar
- 8.Pezeshki, J., et al.: Performance Implications of Instantiating IPsec over BGP Enabled RFC 4364 VPNs. In: IEEE Military Communications Conference - MILCOM, pp. 1–7 (2007)Google Scholar
- 9.Li, Q., Xu, M., Xu, K.: Toward A Practical Scheme for IPSec Management. In: International Conference on Information Networking - ICOIN, pp. 1–5 (2008)Google Scholar
- 12.Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P.: Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS Standard Specification (2006)Google Scholar
- 13.Apache WSS4J, http://ws.apache.org/wss4j/