1 / 7

Confidential Path Segments

Confidential Path Segments. draft-rbradfor-ccamp-confidential-segment-00.txt R. Bradford, JP Vasseur, A. Farrel. Objective. CPS I-D preserves optimal/diverse paths without compromising confidentiality. Why PCE WG?. Adds Privacy to complete EROs returned by PCE

curry
Download Presentation

Confidential Path Segments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Confidential Path Segments draft-rbradfor-ccamp-confidential-segment-00.txt R. Bradford, JP Vasseur, A. Farrel

  2. Objective • CPS I-D preserves optimal/diverse paths without compromising confidentiality Why PCE WG? Adds Privacy to complete EROs returned by PCE Allows PCE to return Diverse Paths without discarding the details which make them diverse (i.e. Loose-Hops) Current ID may need to be split into CCAMP and PCE specific drafts.

  3. AS1 AS2 Issues with loose hops for inter-domain Paths • Issue 1: Expanding Loose Hop the first LSP might prevent a second non-diverse route • Issue 2: Expanded Loose Hop might not be as optimal Multi-PCE allows computation of optimal (shortest) inter-domain paths and sets of diverse inter-domain TE LSPs. To preserve confidentiality, paths are returned as loose hops Data Links LSP1 Succeeds LSP2 Fails

  4. How do Confidential Path Segments Help? Routes are encoded, not stripped Only selected nodes can decode (e.g. members of same AS) Encoded Routes are carried in the ERO (works with existing LSR implementations) LSRs outside the AS cannot read the encoded subObject. LSRs within the AS decode the subObject as a special case of loose hop expansion. CPS could also be used in RRO and PathErr

  5. How are CPSs Encoded? Two Alternatives: Path Key SubObject PCE replaces the CPS with a key. PCE maintains database tokensCPSs LSR Queries PCE during LSP Setup. Private Route SubObject PCE (or LSR) Encrypts the CPS LSR Decrypts the CPS during LSP Setup

  6. Each has (dis)advantages: Why two different Methods? PKS (Path Key SubObject) Adds Temporary State to the PCE Requires an extra PCE query during LSP Setup Requires PCE support on boundry LSRs (not just HE LSRs). Simplest to configure PRS (Private Route SubObject) Requires Key Configuration or Distribution Requires to use encryption on boundary LSRs Adds no state to PCE Does not require PCE Query during LSP Setup Can work without a PCE (E.G. Diverse ERO through a carrier)

  7. Next Steps Is this of interest to WG? If so, is this a good solution? Will need to decide whether to continue with both solutions or focus on one. Questions?

More Related