1 Security Framework for MPLS and GMPLS Networks draft-mpls-mpls-gmpls-security-framework-03.txt Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le.

Slides:



Advertisements
Similar presentations
71 th IETF – Philadelphia, USA March 2008 PCECP Requirements and Protocol Extensions in Support of Global Concurrent Optimization Young Lee (Huawei) J-L.
Advertisements

71st IETF Philadelphia, March 2008 ERO Extensions for Path Key draft-bradford-ccamp-path-key-ero-01.txt Richard Bradford : JP Vasseur.
1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.
MPLS/GMPLS Migration and Interworking CCAMP, IETF 64 Kohei Shiomoto,
Problem Statement and Architecture for Information Exchange Between Interconnected Traffic Engineered Networks draft-farrel-interconnected-te-info-exchange-03.txt.
Status of L3 PPVPN Working Group Documents Ross Callon Ron Bonica Rick Wilder.
December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.
66th IETF Montreal July 2006 Requirements for delivering MPLS services Over L3VPN draft-kumaki-l3VPN-e2e-mpls-rsvp-te-reqts-01.txt Kenji Kumaki KDDI, Editor.
Draft-ietf-mpls-tp-mib-management-overview-03 Multiprotocol Label Switching Transport Profile (MPLS-TP) MIB-based Management Overview draft-ietf-mpls-tp-mib-management-overview-03.
61st IETF Washington DC November 2004 Detecting P2MP Data Plane Failures draft-yasukawa-mpls-p2mp-lsp-ping-00.txt Seisho Yasukawa -
Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon
MPLS-TP - 79th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-03.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
MPLS-TP - 78th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
69th IETF Chicago, July 2007 CCAMP Working Group Charter and Liaisons.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-04.txt Luyuan Fang Ben Niven-Jenkins Scott.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond.
78 IETF, Maastricht, Netherlands
November th Diego Requirements for delivering MPLS services over L3VPN draft-kumaki-l3VPN-e2e-mpls-rsvp-te-reqts-02.txt Kenji Kumaki KDDI,
64th IETF Vancouver November 2005 CCAMP Working Group Online Agenda and Slides at:
Page th IETF Vancouver, B.C., Canada Operating Virtual Concatenation (VCAT) and the Link Capacity Adjustment Scheme (LCAS) with GMPLS Greg Bernstein.
60th IETF San Diego August 2004 Layer 1 VPNs draft-takeda-l1vpn-framework-01.txt Raymond Aubin (Nortel) Marco Carugi (Nortel) Ichiro Inoue (NTT) Hamid.
Draft-li-mpls-global-label-framework-02IETF 90 MPLS WG1 A Framework of MPLS Global Label draft-li-mpls-global-label-framework-02 Zhenbin Li, Quintin Zhao,
66th IETF Montreal July 2006 Analysis of Inter-domain Label Switched Path (LSP) Recovery draft-takeda-ccamp-inter-domain-recovery-analysis-00.txt Tomonori.
CCAMP Working Group 60th IETF San Diego. Agenda (1 of 3) Group Admin (Chairs) –Blue sheets, Minute takers, Admin, WG secretary, Agenda bash (5 mins) –Status.
Extensions to OSPF-TE for Inter-AS TE draft-ietf-ccamp-ospf-interas-te-extension-01.txt Mach Renhai
Routing Area Open Meeting Hiroshima, November 2009 Area Directors Ross Callon Adrian Farrel.
Pseudowire And LDP-enabled Services (PALS) WG Status IETF-91 Honolulu Co-Chairs: Stewart Bryant and Andy Malis
1 IETF-61 – Washington DC Path Computation Element (PCE) BOF-2 Status - CCAMP Co-chairs: JP Vasseur/Adrian Farrel ADs: Alex Zinin/Bill Fenner.
WG Document Status 192nd IETF TEAS Working Group.
62nd IETF Minneapolis March 2005 CCAMP Working Group Online Agenda and Slides at:
Status of L3 PPVPN Working Group Documents August 2004 – San Diego IETF Ross Callon Ron Bonica Rick Wilder.
Status of L3 PPVPN Working Group Documents March 2005 – Minneapolis IETF Ross Callon Ron Bonica Rick Wilder.
Status of L3 PPVPN Working Group Documents November 2003 Ross Callon Ron Bonica Rick Wilder.
L3VPN WG IETF 78 30/07/ :00-11:30 Chairs: Marshall Eubanks Danny McPherson Ben Niven-Jenkins.
1 CCAMP Working Group Status Chairs: Lou Berger Deborah Brungard Secretary: Dan King 80th IETF CCAMP WG.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins
Framework for G.709 Optical Transport Network (OTN) draft-ietf-ccamp-gmpls-g709-framework-05 CCAMP WG, IETF 82 nd Taipei.
CCAMP WG, IETF 80th, Prague, Czech Republic draft-ietf-ccamp-gmpls-g709-framework-04.txt Framework for GMPLS and PCE Control of G.709 Optical Transport.
MPLS-TP - 77th IETF1 MPLS-TP Control Plane Framework draft-abfb-mpls-tp-control-plane- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang.
Draft-oki-pce-vntm-def-00.txt 1 Definition of Virtual Network Topology Manager (VNTM) for PCE-based Inter-Layer MPLS and GMPLS Traffic Engineering draft-oki-pce-vntm-def-00.txt.
1 Ping and Traceroute for GMPLS LSPs in Non-Packet Switched Networks draft-ali-ccamp-gmpls-lsp-ping-traceroute-01.txt Zafar Ali, Roberto Cassata (Cisco.
1 draft-behringer-mpls-vpn-auth-05.txt62nd IETF, Minneapolis, 7-11 Mar 2005 MPLS VPN Import/Export Verification draft-behringer-mpls-vpn-auth-05.txt Michael.
79th IETF CCAMP WG1 CCAMP Working Group Status Chairs: Lou Berger Deborah Brungard.
1 MPLS Architectural Considerations for a Transport Profile ITU-T - IETF Joint Working Team Dave Ward, Malcolm Betts, ed. April 16, 2008.
67th IETF San Diego, November 2006 CCAMP Working Group Online Agenda and Slides at: Charter page:
ITU-T Study Group 15 Communications to IETF CCAMP Working Group Wesam Alanqar ITU-T SG15 Representative to IETF CCAMP
Joint CCAMP, L2VPN, MPLS & PWE3 meeting on MPLS-TP Dublin
Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.
Moving towards an IRS WG Charter Ross Callon IETF 85, Atlanta.
1 draft-fang-mpls-tp-oam-toolset-01.txt Luyuan Dan Nabil
1 Security Framework for MPLS-TP draft-mpls-tp-security-framework-01.txt Editors: Luyuan Fang Ben Niven-Jenkins
70th IETF Vancouver, December 2007 CCAMP Working Group Status Chairs: Deborah Brungard : Adrian Farrel :
66th IETF, Montreal, July 2006 PCE Working Group Meeting IETF-66, July 2006, Montreal A Backward Recursive PCE-based Computation (BRPC) procedure to compute.
1 Framework for GMPLS based control of Flexi-grid DWDM networks draft-ogrcetal-ccamp-flexi-grid-fwk-02 CCAMP WG meeting, IETF 87 Oscar González de Dios,
1 Security Framework for MPLS and GMPLS Networks draft-fang-mpls-gmpls-security-framework-01.txt Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le.
1 MPLS-TP Use Case and Design Considerations draft-fang-mpls-tp-use-cases-and-design-02.txt Luyuan Nabil
PWE3 Agenda – Monday 28 th March 15 min - Agenda bash, WG Agenda and Status - Andy Malis and Matthew Bocci 10 min - Mandatory Features of Virtual Circuit.
Requirements for PCE Discovery draft-ietf-pce-discovery-reqs-01.txt Jean-Louis Le Roux (France Telecom) Paul Mabey (Qwest) Eiji Oki (NTT) Richard Rabbat.
ROLL Working Group Meeting IETF-82, Tapei, November 2011 Online Agenda and Slides at: bin/wg/wg_proceedings.cgi Co-chairs:
66th IETF meeting, July 2006 Extensions to the OSPF Management Information Base in support of GMPLS Extensions to the OSPF Management Information Base.
66th IETF Montreal July 2006 Analysis of Inter-domain Label Switched Path (LSP) Recovery draft-takeda-ccamp-inter-domain-recovery-analysis-00.txt Tomonori.
SIEVE Mail Filtering WG IETF 70, Vancouver WG Chairs: Cyrus Daboo, Alexey Melnikov Mailing List: Jabber:
Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le Roux
Applicability Statement for Layer 1 Virtual Private Networks (L1VPNs) Basic Mode draft-takeda-l1vpn-applicability-basic-mode-00.txt Deborah Brungard (AT&T)
Service Provider Requirements for Ethernet Control with GMPLS
ITU-T Study Group 15 Update to IETF CCAMP
WG Document Status Compiled By: Lou Berger, Vishnu Pavan Beeram
Framework for DWDM interface Management and Control
GMPLS Routing and Signaling Framework for Flexible Ethernet (FlexE) draft-izh-ccamp-flexe-fwk-03 Authors Iftekhar Hussain Radha.
Fast Reroute for Node Protection in LDP- based LSPs
Presentation transcript:

1 Security Framework for MPLS and GMPLS Networks draft-mpls-mpls-gmpls-security-framework-03.txt Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le Roux Raymond Zhang Paul Knight Yaakov Stein Nabil Bitar Jerry Ash Monique Morrow Richard Graveman Adrian Farrel July 28, IETF, Dublin

2 Status Update IETF 67 - San Diego –Project first proposed at MPLS WG in November –Design team formed (members listed on front page). IETF 68 - Prague –00 draft presented at MPLS WG and CCAMP WGs in March 2007 –Gathered feedback from the MPLS and CCAMP WGs, Security and Routing ADs IETF 69 – Chicago –01 draft presented at MPLS and CCAMP WGs in July –Request to become working group document –Draft was approved to become MPLS WG document after IETF 69 IETF 70 – Vancouver –00 WG draft posted in Sept draft posted in Nov –01 draft presented at MPLS WGs, and status update at CCAMP –Prepare for WG last call, request for early review IETF 71 – Philadelphia –02 draft presented at MPLS WG in March 2008 –Discuss gen-art early review comments and other comments –Getting ready for WG last call IETF 72 – Dublin –03 draft issued, addressed gen-art comments and other comments –Request for MPLS and CCAMP WGs last call

Changes in 03 draft Changes based on Scott Brim’s gen-art early review comments. Previous L2, L3, Link layer definition removed; made core definition consistent; Modification in control plane attacks; add PE-CE bi- direitonal authentication, and minor structual and editor changes. Scoot is happy about the changes. Changes based on Stephen Farrell’s comments and Ross’s discussion regarding upstream label allocation. Discussed with Stephen Farrell, and Ross. Updated the text to reflect label allocation can be downstream or upstream, however, we did not see new security mechanisms need to be introduced due to upstream label allocation. Changes based on Kannan Varadhan’s comments. Indicated the entire network can be compromised under the attack of LSP created by an unauthorized element; added IPv6 in filtering in addition to IPv4. More discussion with Kannan on MPLS/GMPLS specific security threats, Defensive techniques for MPLS/GMPLS Network; SP General security requirements; MPLS/GMPLS inter- provider security requirements.

Planned changes GMPLS data plane security per Adrian’s suggestions Unlike MPLS, GMPLS data plane may be divorced from the GMPLS control plane. GMPLS Data links may be deliberately or accidentally misconnected without causing faults in the control plane. Protect from misconnection attacks and connectivity verification Ref applicability of groupkeying for RSVP Short description and add reference to “Applicability of Keying Methods for RSVP Security” - draft-ietf-tsvwg-rsvp-security- groupkeying-01.txt

5 Next Step Request for MPLS and CCAMP WGs last call