1 / 6

Security Framework for MPLS and GMPLS Networks draft-fang-mpls-gmpls-security-framework-00.txt

Security Framework for MPLS and GMPLS Networks draft-fang-mpls-gmpls-security-framework-00.txt. Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le Roux Raymond Zhang Paul Knight Yaakov Stein Nabil Bitar Jerry Ash Monique Morrow March 19, 2007 68 IETF, Prague, Czech Republic.

garran
Download Presentation

Security Framework for MPLS and GMPLS Networks draft-fang-mpls-gmpls-security-framework-00.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Framework for MPLS and GMPLS Networksdraft-fang-mpls-gmpls-security-framework-00.txt Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le Roux Raymond Zhang Paul Knight Yaakov Stein Nabil Bitar Jerry Ash Monique Morrow March 19, 2007 68 IETF, Prague, Czech Republic

  2. Status Update • IETF 67 - San Diego • Project first proposed at MPLS WG. • Design team formed (members are list in the front page). • IETF 68 - Prague • 00 draft posted in March 2007 before the meeting. • 00 draft presented at MPLS WG and CCAMP WG. • Background info on the motivation of this draft • Security questions raised by Security ADs and reviewers with several recent drafts in MPLS and CCAMP WGs. • A single document, MPLS/GMPLS Security Framework, to address MPLS/GMPLS general security issues would be useful. • Other draft in MPLS/GMPLS WGs may reference this framework document, and must address the security considerations specific to the individual spec.

  3. Objectives and Plans • To provide general security implications, requirements and guidelines for MPLS/GMPLS, especially Inter-provider MPLS/GMPLS. • Quickly gather feedback from MPLS WG, GMPLS WG, Security ADs/Chairs, and anyone in IETF interested in the topic. • Deliver subsequent revisions and working toward Informational RFC to meet the needs of MPLS and CCAMP WGs.

  4. Document Scope • In scope: • MPLS/GMPLS network protocol and operation related security issues, e.g. • Using LDP, RSVE-TE, PCE, P2MP with LDP with P2MP, MPLS L2 and L3 VPN, PW, MPLS Inter-Provider options, etc. • Operation of MPLS network – MPLS network should be less secure than non-MPLS networks • Core protection • isolation, filtering, authentication, resource (e.g. LSP) limitation, etc. • MPLS related attacks and mitigation • MPLS inter-provider security threats and network protection best practice • Out of the Scope • Attack to a router or a network which is not MPLS/GMPLS enabled • General Security considerations and Internet best practice guidelines

  5. Outline of the 00 draft • Introduction • Security Reference Model • Trusted Zone: Provider A MPSL/GMPLS network • Trusted Zone, Trusted neighbor, Authorized but untrusted neighbor • Security Threats – Intra-AS, Inter-AS, and Inter-provider • Attacks on the Data Plane • Attacks on the Control Plane • Defensive Techniques for MPLS/GMPLS Networks • Authentication • Cryptographic techniques • Anti-label spoofing • Monitoring, Detection, and Reporting of Security Attacks • Service Provider General Security Requirements • Protection within the Core • Protection on the User Access Link • Inter-provider Security Requirements • Control Plane Protection • Data Plane Protection • References

  6. Next Steps • Getting feedbacks from MPLS and CCAMP WG meetings, mailing list, meeting with Routing and Security Ads/Chairs/participants. • Design team to refine the work, reflect the feedback, issue new revision before IETF 69. • Asking for to be adapted as Working Group work item. • We appreciate your feedback and your support to move this work forward.

More Related