Download
1 / 10
100 likes | 212 Views
The TRILL RBridge Channel Tunnel Protocol facilitates the transmission of typed messages between TRILL switches, as specified in the draft-ietf-trill-rbridge-channel standard. This protocol also allows communication between end stations and TRILL switches on the same link through native RBridge channel messages. Key features include the capability to encapsulate various payload formats, including Ethernet frames and TRILL Data packets. Security considerations address potential risks, emphasizing the necessity for authentication and cautious handling of tunneled payloads to prevent system vulnerabilities.
E N D
RBridge ChannelTunnel Protocol draft-eastlake-trill-channel-tunnel Donald E. Eastlake, 3rd Huawei Technologies d3e3e3@gmail.com TRILL: RBridge Channel Protocol
The RBridge Channel Protocol • A way to send typed messages between TRILL Switches. Specified in draft-ietf-trill-rbridge-channel which is a Proposed Standard. • Can also be usedbetween end stations and a TRILL switch on the same link: Native RBridge Channel Messages • Used as the way to envelope BFD (Bi-directional Forwarding Detection, RFC 5880) between TRILL Switches: draft-ietf-trill-rbridge-bfd which is a Proposed Standard. TRILL: RBridge Channel Protocol
The RBridge Channel Protocol • RBridge Channel messages between TRILL switches look like TRILL Data packets. • Native RBridge Channel messages don’t have a TRILL Header. LinkHeader TRILLHeader RBridge Channel Header Type SpecificPayload LinkTrailer Message Type EthernetHeader RBridge Channel Header Type SpecificPayload FCS TRILL: RBridge Channel Protocol
What’s Missing? • A way to tunnel standard payloads such as RBridge Channel messages, native frames, TRILL Data packets, etc. • Security features. • A way to send an RBridge Channel message between an end station and a TRILL switch not on the same link or between two end stations not on the same link. TRILL: RBridge Channel Protocol
Channel Tunnel Message Format LinkHeader TRILLHeader RBridge Channel Header Type SpecificPayload LinkTrailer Channel Tunnel Type 2 bytes Fixed Size Control Fields including Tunneled Payload Type Optional Edge Forwarding Info Optional Security Info Tunneled Payload TRILL: RBridge Channel Protocol
Tunneling • Channel Tunnel messages have a payload type field. Current draft has values for: • Null • RBridge Channel Message • TRILL Data Packet • TRILL IS-IS Packet • Ethernet Frame TRILL: RBridge Channel Protocol
Security • Security • The current RBridge Channel Message does not provide any security features even though the payload can be a “control message”. (BFD has its own authentication.) • The Rbridge Channel Tunnel will be able to provide authentication and encryption if desired. TRILL: RBridge Channel Protocol
Edge Forwarding • Assuming coöperatingTRILL switch(es) on the links with the end station(s) involved, provides a standard way to send an RBridge Channel message between: • An end station and a TRILL switch both in the same campus but not on the same link. • Two end stations in the same campus but not on the same link. • Sender must be aware of what is going on and know the destinations nickname (for an Rbridge) or MAC address (for an end station). TRILL: RBridge Channel Protocol
Edge Forwarding RBridge Channel Message Native RBridge Channel Message RB1 RB5 RB9 ES9 ES1 RBridge Channel Tunnel TRILL: RBridge Channel Protocol
Security Considerations • The Channel Tunnel Protocol is potentially dangerous. • Tunneled payloads, if blindly de-capsulated and processed, could wreck havoc. • This is somewhat mitigated by the ability to authenticate Channel Tunnel messages. • The draft recommends being conservative in what you accept and requiring authentication where appropriate. TRILL: RBridge Channel Protocol
