Can anyone tell me some of the vulnerabilities of running MPLS between remote locations without using the site to site VPN?
Well, what you are doing is basically outsourcing your L3 domain to a provider. It gives you less leverage over the routing environment - ie, path selection, failover and redundancy.
Given today's robust service provider networks and the ubiquity of enterprise customers who rely on MPLS, I wouldn't be too concerned about these issues.
Security, however, is an issue that is [sort of] hotly discussed and debated in network security circles. Proponents of MPLS VPNs swear by its impenetrable and incorruptible routing architecture due to its ability to leverage ipv4 routing extensions which allow them to isolate routing instances across the MPLS backbone.
On the other hand, the skeptics cite the fact that MPLS VPNs are an extension of L3 domains and consist of IP addresses, which leave them vulnerable to typical DoS attacks and spoofing. Moreover, legacy site-to-site VPNs use IPSec encryption, which affords maximum security that MPLS alone can never match.
Some time back I read this pretty good article from Cisco.
Check it out.
Please rate all helpful posts.
It really comes down to how much you trust the provider of the MPLS network. Just as with frame-relay/ATM you are relying on the provider to
1) not make a mistake in the configuration so that your traffic becomes visible to other companies
2) not to look at your traffic. Any provider has the ability to do this but if they did they would soon find they weren't getting much business :-).
It also depends on the security level of the company you work for. A lot of enterprises will accept MPLS without encryption but then again if you work for the Ministry of Defence or the equivalent in your country you might well decide the data you are dealing with is sensitive enough to need encryption.
Always bear in mind that MPLS/ATM/frame-relay, even dedicated P2P links are vulnerable to a provider.