A scheme to enhance the security of BGP/MPLS VPN

BGP/MPLS VPN provides users with security which is beyond or at least equal to the security of Layer 2 Virtual Private Network(L2VPN) which uses frame relay or Asynchronous Transfer Mode(ATM) by realizing separation of address space and routes hiding the Core Infrastructure and resistance to attacks. However, it is still confronted with many problems such as illegal access misconfiguration and internal attacks. This paper analyzes the principle of BGP/MPLS VPN´s route forwarding and brings forward a new VPN membership-authentication scheme based on Customer Edge(CE) router.This scheme can detect misconfiguration or deliberate interconnection of different VPNs so that the warning can be launched.