Switching of packets entails end-to-end, connection-oriented sequential flow of packets. For historical reasons, switching is also associated with high-speed transmission of packets. The current technologies that comprise switching are Asynchronous Transfer Mode (ATM) and Multiprotocol Label Switching (MPLS) protocols.
ATM switches packets in layer 2 after it segments or fragments each IP packet. ATM segments each IP packet at the ATM network ingress node when the IP packet is larger than 48 Bytes and adds a 5 Byte ATM header that provides for ATM addressing and payload type. ATM reassembles the segmented packets into IP packets at the point where the ATM packets need to be converted to IP. This Segmentation and Re-assembly (SAR) process is generally considered too processing intensive and non-scalable at 2.4 Gbps and above. In this process of transmission and packet handling, ATM provides no security to the addressing fields and other contents of the packet through any encryption methodologies. Thus, anyone collecting the ATM packets can regroup the packets by ATM path identifiers and then by IP addresses to collect the information in the payloads of the original packets. ATM is now only associated with high-speed core networks and thus cannot provide end-to-end security.
The other mechanism for packet switching, Multiprotocol Label Switching (MPLS), switches packets by labeling each IP packet for a given type explicit-path associated with a flow. This path is set up end-router to end-router within a network. MPLS requires a processing-intensive label management system or server to allocate labels at each router, node or switch for each packet in each flow. The protocol does not solve the inherent problems of security in its packet switching methodology. MPLS does not provide any encryption methodologies and also has security issues due to the requirement of centralized label management and associated single-point-of failure risks. The explicit path set-ups are limited to the perimeter of a network of MPLS routers. This does not allow extending MPLS to the end-user devices from the network edge and therefore cannot deliver security all the way to the end devices.