1 / 8

Constraints on Automated Key Management for Routing Protocols

Constraints on Automated Key Management for Routing Protocols. Ross Callon IETF 71 March 2008, Philadelphia. AKM for Routing Protocols. Link State protocol constraints Bootstrapping the routing protocol Operation over Broadcast Media Don’t take down the network

gerard
Download Presentation

Constraints on Automated Key Management for Routing Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Constraints on Automated Key Managementfor Routing Protocols Ross Callon IETF 71 March 2008, Philadelphia

  2. AKM for Routing Protocols • Link State protocol constraints • Bootstrapping the routing protocol • Operation over Broadcast Media • Don’t take down the network • Simplicity and Comprehensibility

  3. Link State Protocol Constraints • OSPF & IS-IS work because every router in an area has an identical view of the topology • And runs identical route computation • Authentication can be used to decide whether to bring up a link • Or whether two neighbors exchange IGP traffic • Authentication must not effect whether I believe the advertisement from a router across the area • Different routers may get different results

  4. Bootstrapping the Routing Protocol • If something goes wrong with routing (or with security), there has to be a way to recover • If the routing protocol depends upon AKM, then AKM can’t depend upon the routing protocol • For OSPF & IS-IS, AKM **must** only operate between directly attached devices, using link layer • You can’t depend on IP to an arbitrary address • BGP can depend upon the IGP being up • But can’t depend on a priori inter-domain routes • For BGP, authentication probably only effects the preference of routes (in some sense)

  5. Broadcast Media • OSPF / IS-IS / RIP operate over broadcast media (eg, Ethernet) • A router on a broadcast LAN uses link layer multicast to send one packet to multiple other routers on the same LAN • AKM will need to operate over the LAN • And provide a key that one router can use to send a single packet to multiple other routers

  6. Don’t Break the Network • The point is to keep the network up • Authentication has to be more likely to keep things up, than to take the network down • It has to be simple, understandable, resilient to mistakes • Some configuration is allowed • A router has to know which IGP to run • Probably one pre-shared secret is okay also • But: Keep it simple

  7. Simplicity, Comprehensibility • Many router experts are not security experts (and vice versa) • This is not a complete mutual understanding • Security is much more likely to be deployed if it is understood • Including what it protects against, failure modes, and how to deal with problems.

  8. Summary • It has to work • It (AKM for RPs) has to bootstrap • It has to work over broadcast LANs • It has to be simple, foolproof • It has to solve a perceived problem • Requirements may differ by protocol (OSPF, IS-IS, RSVP, LDP, UDP, TCP for BGP, TCP for not-BGP, …)

More Related