Security of frame relay vs. L2TPv3

Discussion in 'Cisco' started by Bill Friedman, May 11, 2004.

  1. Looking for opinions or facts regarding this statement from Sprint about
    their new Frame product that is actually switched over their IP backbone.

    "L2TPv3 provides two, different layers of security that provide security
    that could be argued to exceed that of traditional Frame Relay.

    The L2TPv3 header consists of:
    1) Tunnel identifier: Uniquely identifies the tunnel for the SprintLink
    port that receives the traffic and is responsible for encapsulation and
    forwarding to the customer CPE.
    2) Security tag: An 8-octet signature that is shared between the two
    endpoints of an L2TPv3 tunnel. This signature provides a second layer
    of security above and beyond the Tunnel Identifier. It is configured at
    the source and destination routers and must match, or the data will be
    dropped."

    I'm thinking sniffing, man in the middle, etc, are a lot easier to
    achieve on an ip network than an atm/frame network, no?
     
    Bill Friedman, May 11, 2004
    #1
    1. Advertising

  2. In article <>,
    Bill Friedman <> wrote:

    > I'm thinking sniffing, man in the middle, etc, are a lot easier to
    > achieve on an ip network than an atm/frame network, no?


    I don't see why. Either way, the perpetrator needs control of one of
    the devices that the traffic passes through (i.e. the backbone routers
    or switches) or physical access to one of the backbone links.

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
     
    Barry Margolin, May 11, 2004
    #2
    1. Advertising

  3. Bill Friedman

    Bill F Guest

    upon further reading the inherent security in l2tpv3 is a session id and
    a cookie. With traditional frame there's just the dlci, the equivalent
    of session id, right?

    Barry Margolin wrote:
    > In article <>,
    > Bill Friedman <> wrote:
    >
    >
    >>I'm thinking sniffing, man in the middle, etc, are a lot easier to
    >>achieve on an ip network than an atm/frame network, no?

    >
    >
    > I don't see why. Either way, the perpetrator needs control of one of
    > the devices that the traffic passes through (i.e. the backbone routers
    > or switches) or physical access to one of the backbone links.
    >
     
    Bill F, May 11, 2004
    #3
  4. On Tue, 11 May 2004 06:35:36 GMT, Bill Friedman
    <> wrote:

    >Looking for opinions or facts regarding this statement from Sprint about
    >their new Frame product that is actually switched over their IP backbone.
    >
    >"L2TPv3 provides two, different layers of security that provide security
    >that could be argued to exceed that of traditional Frame Relay.
    >
    >The L2TPv3 header consists of:
    >1) Tunnel identifier: Uniquely identifies the tunnel for the SprintLink
    >port that receives the traffic and is responsible for encapsulation and
    >forwarding to the customer CPE.
    >2) Security tag: An 8-octet signature that is shared between the two
    >endpoints of an L2TPv3 tunnel. This signature provides a second layer
    >of security above and beyond the Tunnel Identifier. It is configured at
    >the source and destination routers and must match, or the data will be
    >dropped."
    >
    >I'm thinking sniffing, man in the middle, etc, are a lot easier to
    >achieve on an ip network than an atm/frame network, no?


    IP VPNs via L2TP or MPLS or the like have thusfar been just as
    "secure" as layer-2 virtual circuits like ATM and FR. It's also worth
    keeping in mind that more and more layer-2 circuits these days are
    being transported over an IP core anyway. The trend now is towards
    converged IP backbones -- just because the customer handoff is ATM/FR
    doesn't necessarily mean it's ATM/FR in the core.

    -Terry
     
    Terry Baranski, May 11, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jose E. Calderon
    Replies:
    0
    Views:
    650
    Jose E. Calderon
    Oct 23, 2003
  2. wr
    Replies:
    0
    Views:
    614
  3. Replies:
    8
    Views:
    560
    Scooby
    Nov 18, 2003
  4. davidb
    Replies:
    0
    Views:
    2,484
    davidb
    Dec 23, 2004
  5. Vimokh
    Replies:
    3
    Views:
    5,704
    Vimokh
    Sep 6, 2006
Loading...

Share This Page