Detecting MPLS L3 VPN misconfiguration with the MINA algorithm

Traditional L2 VPNs such as Frame Relay and ATM offer private network service over shared infrastructure. These services are customarily provided on leased-lines or dedicated circuit-switched backbones. Customers of network service providers regard these traditional services as a secure and reliable method to interconnect geographically dispersed sites. However, these services are being rapidly replaced by service providers with MPLS L3 VPNs running over IP based networks. Customers expect MPLS VPNs to provide the same level of privacy as traditional L2 VPNs. The MPLS L3 VPN architecture has been shown to be secure if and only if the MPLS infrastructure is correctly configured. In this paper we examine how misconfigurations of the MPLS architecture may lead to privacy violations and demonstrate the MINA algorithm is capable of discovering when the MPLS network is misconfigured.