Security Analysis of the MPLS Label Distribution Protocol

Since its inception more than a decade ago, multiprotocol label switching (MPLS) has become one of the fastest-growing telecommunications infrastructure technologies. The speed, flexibility, sophisticated traffic management and cost savings offered by MPLS have prompted service providers to converge existing and new technologies onto common MPLS backbones. Indeed, much of the world’s data, voice communications, video traffic and military applications traverse an MPLS core at some point. The rapid adoption of MPLS raises significant concerns – primarily because of the dependence of critical communication services on a technology that has yet to undergo significant security testing. This paper examines security issues associated with the Label Distribution Protocol (LDP), which is the primary route construction protocol in MPLS networks. Our analysis has identified ten attacks that exploit weaknesses in the LDP specification: six attacks that disrupt service and four that divert traffic from intended routes. Details of the attacks are presented along with suggested mitigation strategies and security postures.