5. Security Considerations
This document reviews forwarding behavior specified elsewhere and
points out compliance and performance requirements. As such, it
introduces no new security requirements or concerns.
Discussion of hardware support and other equipment hardening against
DoS attack can be found in Section 2.6.1. Section 3.6 provides a
list of questions regarding DoS to be asked of suppliers.
Section 4.6 suggests types of testing that can provide some assurance
of the effectiveness of a supplier's claims about DoS hardening.
Knowledge of potential performance shortcomings may serve to help new
implementations avoid pitfalls. It is unlikely that such knowledge
could be the basis of new denial of service, as these pitfalls are
already widely known in the service provider community and among
leading equipment suppliers. In practice, extreme data and packet
rates are needed to affect existing equipment and to affect networks
that may be still vulnerable due to failure to implement adequate
protection. The extreme data and packet rates make this type of
denial of service unlikely and make undetectable denial of service of
this type impossible.
Each normative reference contains security considerations. A brief
summarization of MPLS security considerations applicable to
1. MPLS encapsulation does not support an authentication extension.
This is reflected in the security section of [RFC3032].
Documents that clarify MPLS header fields such as TTL [RFC3443],
the explicit null label [RFC4182], renaming EXP to TC [RFC5462],
ECN for MPLS [RFC5129], and MPLS Ethernet encapsulation
[RFC5332] make no changes to security considerations in
2. Some cited RFCs are related to Diffserv forwarding. [RFC3270]
refers to MPLS and Diffserv security. [RFC2474] mentions theft
of service and denial of service due to mismarking. [RFC2474]
mentions IPsec interaction, but with MPLS, not being carried by
IP, the type of interaction in [RFC2474] is not relevant.
3. [RFC3209] is cited here due only to make-before-break forwarding
requirements. This is related to resource sharing and the
theft-of-service and denial-of-service concerns in [RFC2474]
4. [RFC4090] defines FRR, which provides protection but does not
add security concerns. RFC 4201 defines link bundling but
raises no additional security concerns.
5. Various OAM control channels are defined in [RFC4385] (PW CW),
[RFC5085] (VCCV), and [RFC5586] (G-Ach and GAL). These
documents describe potential abuse of these OAM control
6. [RFC4950] defines ICMP extensions when MPLS TTL expires and the
payload is IP. This provides MPLS header information that is of
no use to an IP attacker, but sending this information can be
suppressed through configuration.
7. GTSM [RFC5082] provides a means to improve protection against
high traffic volume spoofing as a form of DoS attack.
8. BFD [RFC5880] [RFC5884] [RFC5885] provides a form of OAM used in
MPLS and MPLS-TP. The security considerations related to the
OAM control channel are relevant. The BFD payload supports
authentication. The MPLS encapsulation, the MPLS control
channel, or the PW control channel, which BFD may be carried in,
do not support authentication. Where an IP return OAM path is
used, IPsec is suggested as a means of securing the return path.
9. Other forms of OAM are supported by [RFC6374] [RFC6375] (Loss
and Delay Measurement), [RFC6428] (Continuity Check/Verification
based on BFD), and [RFC6427] (Fault Management). The security
considerations related to the OAM control channel are relevant.
IP return paths, where used, can be secured with IPsec.
10. Linear protection is defined by [RFC6378] and updated by
[RFC7324]. Security concerns related to MPLS encapsulation and
OAM control channels apply. Security concerns reiterate
[RFC5920] as applied to protection switching.
11. The PW Flow Label [RFC6391] and MPLS Entropy Label [RFC6790]
affect multipath load balancing. Security concerns reiterate
[RFC5920]. Security impacts would be limited to load
MPLS security including data-plane security is discussed in greater
detail in [RFC5920] (MPLS/GMPLS Security Framework). The MPLS-TP
security framework [RFC6941] builds upon this, focusing largely on
the MPLS-TP OAM additions and OAM channels with some attention given
to using network management in place of control-plane setup. In both
security framework documents, MPLS is assumed to run within a
"trusted zone", defined as being where a single service provider has
total operational control over that part of the network.
If control-plane security and management-plane security are
sufficiently robust, compromise of a single network element may
result in chaos in the data plane anywhere in the network through
denial-of-service attacks, but not a Byzantine security failure in
which other network elements are fully compromised.
MPLS security, or lack thereof, can affect whether traffic can be
misrouted and lost, or intercepted, or intercepted and reinserted (a
man-in-the-middle attack), or spoofed. End-user applications,
including control-plane and management-plane protocols used by the
service provider, are expected to make use of appropriate end-to-end
authentication and, where appropriate, end-to-end encryption.
6. Organization of References Section
The References section is split into Normative and Informative
subsections. References that directly specify forwarding
encapsulations or behaviors are listed as normative. References that
describe signaling only, though normative with respect to signaling,
are listed as informative. They are informative with respect to MPLS
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
Encoding", RFC 3032, January 2001.
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, December 2001.
[RFC3270] Le Faucheur, F., Wu, L., Davie, B., Davari, S., Vaananen,
P., Krishnan, R., Cheval, P., and J. Heinanen, "Multi-
Protocol Label Switching (MPLS) Support of Differentiated
Services", RFC 3270, May 2002.
[RFC3443] Agarwal, P. and B. Akyol, "Time To Live (TTL) Processing
in Multi-Protocol Label Switching (MPLS) Networks", RFC
3443, January 2003.
[RFC4090] Pan, P., Swallow, G., and A. Atlas, "Fast Reroute
Extensions to RSVP-TE for LSP Tunnels", RFC 4090, May
[RFC4182] Rosen, E., "Removing a Restriction on the use of MPLS
Explicit NULL", RFC 4182, September 2005.
[RFC4201] Kompella, K., Rekhter, Y., and L. Berger, "Link Bundling
in MPLS Traffic Engineering (TE)", RFC 4201, October 2005.
[RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson,
"Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN", RFC 4385, February 2006.
[RFC4950] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, "ICMP
Extensions for Multiprotocol Label Switching", RFC 4950,
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C.
Pignataro, "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, October 2007.
[RFC5085] Nadeau, T. and C. Pignataro, "Pseudowire Virtual Circuit
Connectivity Verification (VCCV): A Control Channel for
Pseudowires", RFC 5085, December 2007.
[RFC5129] Davie, B., Briscoe, B., and J. Tay, "Explicit Congestion
Marking in MPLS", RFC 5129, January 2008.
[RFC5332] Eckert, T., Rosen, E., Aggarwal, R., and Y. Rekhter, "MPLS
Multicast Encapsulations", RFC 5332, August 2008.
[RFC5586] Bocci, M., Vigoureux, M., and S. Bryant, "MPLS Generic
Associated Channel", RFC 5586, June 2009.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, June 2010.
[RFC5884] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow,
"Bidirectional Forwarding Detection (BFD) for MPLS Label
Switched Paths (LSPs)", RFC 5884, June 2010.
[RFC5885] Nadeau, T. and C. Pignataro, "Bidirectional Forwarding
Detection (BFD) for the Pseudowire Virtual Circuit
Connectivity Verification (VCCV)", RFC 5885, June 2010.
[RFC6374] Frost, D. and S. Bryant, "Packet Loss and Delay
Measurement for MPLS Networks", RFC 6374, September 2011.
[RFC6375] Frost, D. and S. Bryant, "A Packet Loss and Delay
Measurement Profile for MPLS-Based Transport Networks",
RFC 6375, September 2011.
[RFC6378] Weingarten, Y., Bryant, S., Osborne, E., Sprecher, N., and
A. Fulignoli, "MPLS Transport Profile (MPLS-TP) Linear
Protection", RFC 6378, October 2011.
[RFC6391] Bryant, S., Filsfils, C., Drafz, U., Kompella, V., Regan,
J., and S. Amante, "Flow-Aware Transport of Pseudowires
over an MPLS Packet Switched Network", RFC 6391, November
[RFC6427] Swallow, G., Fulignoli, A., Vigoureux, M., Boutros, S.,
and D. Ward, "MPLS Fault Management Operations,
Administration, and Maintenance (OAM)", RFC 6427, November
[RFC6428] Allan, D., Swallow Ed. , G., and J. Drake Ed. , "Proactive
Connectivity Verification, Continuity Check, and Remote
Defect Indication for the MPLS Transport Profile", RFC
6428, November 2011.
[RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and
L. Yong, "The Use of Entropy Labels in MPLS Forwarding",
RFC 6790, November 2012.
[RFC7324] Osborne, E., "Updates to MPLS Transport Profile Linear
Protection", RFC 7324, July 2014.
7.2. Informative References
Zhang, L., Shenker, S., and D. Clark, "Observations and
Dynamics of a Congestion Control Algorithm: The Effects of
Two-Way Traffic", Proc. ACM SIGCOMM, ACM Computer
Communications Review (CCR) Vol. 21, No. 4, pp. 133-147.,
Xu, X., Sheth, N., Yong, L., Pignataro, C., and F.
Yongbing, "Encapsulating MPLS in UDP", Work in Progress,
[MRT] Atlas, A., Kebler, R., Bowers, C., Envedi, G., Csaszar,
A., Tantsura, J., Konstantynowicz, M., and R. White, "An
Architecture for IP/LDP Fast-Reroute Using Maximally
Redundant Trees", Work in Progress, July 2014.
Bryant, S., Filsfils, C., Previdi, S., Shand, M., and S.
Ning, "Remote LFA FRR", Work in Progress, May 2014.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474, December
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, December 1998.
[RFC2597] Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski,
"Assured Forwarding PHB Group", RFC 2597, June 1999.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
Label Switching Architecture", RFC 3031, January 2001.
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
of Explicit Congestion Notification (ECN) to IP", RFC
3168, September 2001.
[RFC3429] Ohta, H., "Assignment of the 'OAM Alert Label' for
Multiprotocol Label Switching Architecture (MPLS)
Operation and Maintenance (OAM) Functions", RFC 3429,
[RFC3471] Berger, L., "Generalized Multi-Protocol Label Switching
(GMPLS) Signaling Functional Description", RFC 3471,
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., and
G. Fairhurst, "The Lightweight User Datagram Protocol
(UDP-Lite)", RFC 3828, July 2004.
[RFC3985] Bryant, S. and P. Pate, "Pseudo Wire Emulation Edge-to-
Edge (PWE3) Architecture", RFC 3985, March 2005.
[RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
MPLS in IP or Generic Routing Encapsulation (GRE)", RFC
4023, March 2005.
[RFC4110] Callon, R. and M. Suzuki, "A Framework for Layer 3
Provider-Provisioned Virtual Private Networks (PPVPNs)",
RFC 4110, July 2005.
[RFC4124] Le Faucheur, F., "Protocol Extensions for Support of
Diffserv-aware MPLS Traffic Engineering", RFC 4124, June
[RFC4206] Kompella, K. and Y. Rekhter, "Label Switched Paths (LSP)
Hierarchy with Generalized Multi-Protocol Label Switching
(GMPLS) Traffic Engineering (TE)", RFC 4206, October 2005.
[RFC4221] Nadeau, T., Srinivasan, C., and A. Farrel, "Multiprotocol
Label Switching (MPLS) Management Overview", RFC 4221,
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340, March 2006.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, February 2006.
[RFC4377] Nadeau, T., Morrow, M., Swallow, G., Allan, D., and S.
Matsushima, "Operations and Management (OAM) Requirements
for Multi-Protocol Label Switched (MPLS) Networks", RFC
4377, February 2006.
[RFC4379] Kompella, K. and G. Swallow, "Detecting Multi-Protocol
Label Switched (MPLS) Data Plane Failures", RFC 4379,
[RFC4664] Andersson, L. and E. Rosen, "Framework for Layer 2 Virtual
Private Networks (L2VPNs)", RFC 4664, September 2006.
[RFC4817] Townsley, M., Pignataro, C., Wainner, S., Seely, T., and
J. Young, "Encapsulation of MPLS over Layer 2 Tunneling
Protocol Version 3", RFC 4817, March 2007.
[RFC4875] Aggarwal, R., Papadimitriou, D., and S. Yasukawa,
"Extensions to Resource Reservation Protocol - Traffic
Engineering (RSVP-TE) for Point-to-Multipoint TE Label
Switched Paths (LSPs)", RFC 4875, May 2007.
[RFC4928] Swallow, G., Bryant, S., and L. Andersson, "Avoiding Equal
Cost Multipath Treatment in MPLS Networks", BCP 128, RFC
4928, June 2007.
[RFC4960] Stewart, R., "Stream Control Transmission Protocol", RFC
4960, September 2007.
[RFC5036] Andersson, L., Minei, I., and B. Thomas, "LDP
Specification", RFC 5036, October 2007.
[RFC5286] Atlas, A. and A. Zinin, "Basic Specification for IP Fast
Reroute: Loop-Free Alternates", RFC 5286, September 2008.
[RFC5317] Bryant, S. and L. Andersson, "Joint Working Team (JWT)
Report on MPLS Architectural Considerations for a
Transport Profile", RFC 5317, February 2009.
[RFC5462] Andersson, L. and R. Asati, "Multiprotocol Label Switching
(MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic
Class" Field", RFC 5462, February 2009.
[RFC5470] Sadasivan, G., Brownlee, N., Claise, B., and J. Quittek,
"Architecture for IP Flow Information Export", RFC 5470,
[RFC5640] Filsfils, C., Mohapatra, P., and C. Pignataro, "Load-
Balancing for Mesh Softwires", RFC 5640, August 2009.
[RFC5695] Akhter, A., Asati, R., and C. Pignataro, "MPLS Forwarding
Benchmarking Methodology for IP Flows", RFC 5695, November
[RFC5704] Bryant, S., Morrow, M., and IAB, "Uncoordinated Protocol
Development Considered Harmful", RFC 5704, November 2009.
[RFC5714] Shand, M. and S. Bryant, "IP Fast Reroute Framework", RFC
5714, January 2010.
[RFC5715] Shand, M. and S. Bryant, "A Framework for Loop-Free
Convergence", RFC 5715, January 2010.
[RFC5860] Vigoureux, M., Ward, D., and M. Betts, "Requirements for
Operations, Administration, and Maintenance (OAM) in MPLS
Transport Networks", RFC 5860, May 2010.
[RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network
Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, June 2010.
[RFC5920] Fang, L., "Security Framework for MPLS and GMPLS
Networks", RFC 5920, July 2010.
[RFC6291] Andersson, L., van Helvoort, H., Bonica, R., Romascanu,
D., and S. Mansfield, "Guidelines for the Use of the "OAM"
Acronym in the IETF", BCP 161, RFC 6291, June 2011.
[RFC6310] Aissaoui, M., Busschbach, P., Martini, L., Morrow, M.,
Nadeau, T., and Y(J). Stein, "Pseudowire (PW) Operations,
Administration, and Maintenance (OAM) Message Mapping",
RFC 6310, July 2011.
[RFC6371] Busi, I. and D. Allan, "Operations, Administration, and
Maintenance Framework for MPLS-Based Transport Networks",
RFC 6371, September 2011.
[RFC6388] Wijnands, IJ., Minei, I., Kompella, K., and B. Thomas,
"Label Distribution Protocol Extensions for Point-to-
Multipoint and Multipoint-to-Multipoint Label Switched
Paths", RFC 6388, November 2011.
[RFC6424] Bahadur, N., Kompella, K., and G. Swallow, "Mechanism for
Performing Label Switched Path Ping (LSP Ping) over MPLS
Tunnels", RFC 6424, November 2011.
[RFC6425] Saxena, S., Swallow, G., Ali, Z., Farrel, A., Yasukawa,
S., and T. Nadeau, "Detecting Data-Plane Failures in
Point-to-Multipoint MPLS - Extensions to LSP Ping", RFC
6425, November 2011.
[RFC6426] Gray, E., Bahadur, N., Boutros, S., and R. Aggarwal, "MPLS
On-Demand Connectivity Verification and Route Tracing",
RFC 6426, November 2011.
[RFC6435] Boutros, S., Sivabalan, S., Aggarwal, R., Vigoureux, M.,
and X. Dai, "MPLS Transport Profile Lock Instruct and
Loopback Functions", RFC 6435, November 2011.
[RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label
for Equal Cost Multipath Routing and Link Aggregation in
Tunnels", RFC 6438, November 2011.
[RFC6478] Martini, L., Swallow, G., Heron, G., and M. Bocci,
"Pseudowire Status for Static Pseudowires", RFC 6478, May
[RFC6639] King, D. and M. Venkatesan, "Multiprotocol Label Switching
Transport Profile (MPLS-TP) MIB-Based Management
Overview", RFC 6639, June 2012.
[RFC6669] Sprecher, N. and L. Fang, "An Overview of the Operations,
Administration, and Maintenance (OAM) Toolset for MPLS-
Based Transport Networks", RFC 6669, July 2012.
[RFC6670] Sprecher, N. and KY. Hong, "The Reasons for Selecting a
Single Solution for MPLS Transport Profile (MPLS-TP)
Operations, Administration, and Maintenance (OAM)", RFC
6670, July 2012.
[RFC6720] Pignataro, C. and R. Asati, "The Generalized TTL Security
Mechanism (GTSM) for the Label Distribution Protocol
(LDP)", RFC 6720, August 2012.
[RFC6829] Chen, M., Pan, P., Pignataro, C., and R. Asati, "Label
Switched Path (LSP) Ping for Pseudowire Forwarding
Equivalence Classes (FECs) Advertised over IPv6", RFC
6829, January 2013.
[RFC6894] Papneja, R., Vapiwala, S., Karthik, J., Poretsky, S., Rao,
S., and JL. Le Roux, "Methodology for Benchmarking MPLS
Traffic Engineered (MPLS-TE) Fast Reroute Protection", RFC
6894, March 2013.
[RFC6941] Fang, L., Niven-Jenkins, B., Mansfield, S., and R.
Graveman, "MPLS Transport Profile (MPLS-TP) Security
Framework", RFC 6941, April 2013.
[RFC6981] Bryant, S., Previdi, S., and M. Shand, "A Framework for IP
and MPLS Fast Reroute Using Not-Via Addresses", RFC 6981,
[RFC7012] Claise, B. and B. Trammell, "Information Model for IP Flow
Information Export (IPFIX)", RFC 7012, September 2013.
[RFC7023] Mohan, D., Bitar, N., Sajassi, A., DeLord, S., Niger, P.,
and R. Qiu, "MPLS and Ethernet Operations, Administration,
and Maintenance (OAM) Interworking", RFC 7023, October
[RFC7074] Berger, L. and J. Meuric, "Revised Definition of the GMPLS
Switching Capability and Type Fields", RFC 7074, November
[RFC7079] Del Regno, N. and A. Malis, "The Pseudowire (PW) and
Virtual Circuit Connectivity Verification (VCCV)
Implementation Survey Results", RFC 7079, November 2013.
[RFC7274] Kompella, K., Andersson, L., and A. Farrel, "Allocating
and Retiring Special-Purpose MPLS Labels", RFC 7274, June
Davari, S., Oren, A., Bhatia, M., Roberts, P., and L.
Montini, "Transporting Timing messages over MPLS
Networks", Work in Progress, April 2014.
Appendix A. Acknowledgements
Numerous very useful comments have been received in private email.
Some of these contributions are acknowledged here, approximately in
Paul Doolan provided a brief review resulting in a number of
clarifications, most notably regarding on-chip vs. system buffering,
100 Gb/s link speed assumptions in the 150 Mpps figure, and handling
of large microflows. Pablo Frank reminded us of the sawtooth effect
in PPS vs. packet-size graphs, prompting the addition of a few
paragraphs on this. Comments from Lou Berger at IETF 85 prompted the
addition of Section 2.7.
Valuable comments were received on the BMWG mailing list. Jay
Karthik pointed out testing methodology hints that after discussion
were deemed out of scope and were removed but may benefit later work
Nabil Bitar pointed out the need to cover QoS (Differentiated
Services), MPLS multicast (P2MP and MP2MP), and MPLS-TP OAM. Nabil
also provided a number of clarifications to the questions and tests
in Sections 3 and 4.
Mark Szczesniak provided a thorough review and a number of useful
comments and suggestions that improved the document.
Gregory Mirsky and Thomas Beckhaus provided useful comments during
the review by the MPLS Review Team.
Tal Mizrahi provided comments that prompted clarifications regarding
timestamp processing, local delivery of packets, and the need for
hardware assistance in processing OAM traffic.
Alexander (Sasha) Vainshtein pointed out errors in Section 188.8.131.52
and suggested new text that, after lengthy discussion, resulted in
restating the summarization of requirements from PWE3 RFCs and more
clearly stating the benefits and drawbacks of packet resequencing
based on PW Sequence Number.
Loa Anderson provided useful comments and corrections prior to WGLC.
Adrian Farrel provided useful comments and corrections prior as part
of the AD review.
Discussion with Steve Kent during SecDir review resulted in expansion
of Section 5, briefly summarizing security considerations related to
forwarding in normative references. Tom Petch pointed out some
editorial errors in private email plus an important math error. Al
Morton during OpsDir review prompted clarification in the section
about the target audience, suggested more clear wording in places,
and found numerous editorial errors.
Discussion with Stewart Bryant and Alia Atlas as part of IESG review
resulted in coverage of IPFIX and improvements to document coverage
of MPLS FRR, and IP/LDP FRR, plus some corrections to the text
Curtis Villamizar (editor)
Outer Cape Cod Network Consulting, LLC
1 Infinite Loop
Cupertino, California 95014
7200-12 Kit Creek Road
Research Triangle Park, NC 27709