Reconciling the L3VPN Authentication Drafts (Singing “Kumbaya”) M Behringer R Bonica.

Slides:



Advertisements
Similar presentations
MPLS VPN.
Advertisements

Dana Shapira Hash Tables
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
MPLS Over L3VPN Ron Bonica. Reference Model and Requirement 1 C0 CE1 CE2 C3 PE1 P1 Customer VPN Site A Customer VPN Site B Service Provider L3VPN Customer.
Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66.
Status of L3 PPVPN Working Group Documents Ross Callon Ron Bonica Rick Wilder.
L3vpn end-system draft Pedro Marques. Overview Defines a mechanism to associate an end- system virtual interface to an L3VPN. – Co-located forwarder:
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5#-1 MPLS VPN Implementation Configuring OSPF as the Routing Protocol Between PE and CE Routers.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring Small-Scale Routing Protocols Between PE and CE Routers.
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
V1.1 VPLS Principle. Objectives Understand the basics of mpls layer 2 VPN Understand VPLS principle.
L3VPN WG2013-Nov-71 Global Table Multicast (GTM) Based on MVPN Protocols and Procedures draft-zzhang-l3vpn-mvpn-global-table-mcast-01.txt Service providers.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP AS AN MVPN PE-CE Protocol draft-keyupate-l3vpn-mvpn-pe-ce-00 Keyur Patel,
*** Remember – this material is based on 7 Habits.
GVPNs: Generalized VPNs using BGP and GMPLS Toolkit draft-ouldbrahim-ppvpn-gvpn-bgpgmpls-06.txt Hamid Ould-Brahim Yakov Rekhter
TRILL DC Interconnect draft-balaji-l2vpn-trill-over-ip-multi-level-02.txt Balaji Venkat Venkataswami Ramasubramani Mahadevan Shivakumar Sundaram Narayana.
Crossing The Line: Distributed Computing Across Network and Filesystem Boundaries.
Erik Morales per: 1. What is this section about? This section is about suicide. Suicide is something you can prevent. You decide if you want it or not,
BGP-MPLS VPN extension for IPv4/IPv6 Hybrid Network Defeng Li Huawei Technologies.
Configuring Active Directory Objects and Trusts
War of the Worlds -- Shared-memory vs. Distributed-memory In distributed world, we have heavyweight processes (nodes) rather than threads Nodes communicate.
MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what.
Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa
Chapter 4 Using Encryption in Cryptographic Protocols & Practices.
8/5/04L3VPN WG1 Multicast in BGP/MPLS IP VPNs Finally added to charter! Base specification: draft-rosen-vpn-mcast –Four years old, with few changes –Basis.
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
1MPLS QOS 10/00 © 2000, Cisco Systems, Inc. rfc2547bis VPN Alvaro Retana Alvaro Retana
OSPFv3 as a PE-CE Routing Protocol
IETF 66 L1VPN Basic Mode Draft draft-ietf-l1vpn-basic-mode-00.txt Don Fedyk (Editor) Yakov Rekhter (Editor)
IETF 68, Prague 2007 Update on “BGP-based Auto- Discovery for L1VPNs” draft-ietf-l1vpn-bgp-auto-discovery-01.txt Don Fedyk Hamid Ould-Brahim.
57 th IETF VIENNA draft-sheng-ppvpn-isis-bgp-mpls vpn-01.txt 57 th IETF meeting IS-IS as the PE/CE Protocol in BGP/MPLS VPN draft-sheng-ppvpn-isis-bgp-mpls-00.txt.
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
Base Specification for Multicast in BGP/MPLS VPNs draft-raggarwa-l3vpn-2547-mvpn-00.txt Rahul Aggarwal Juniper Networks.
Draft-asati-bgp-mpls-blackhole-avoidance-00.txt1 BGP/MPLS Traffic Blackhole Avoidance Proposal draft-asati-bgp-mpls-blackhole-avoidance-00 Rajiv Asati.
1 draft-behringer-mpls-vpn-auth-05.txt62nd IETF, Minneapolis, 7-11 Mar 2005 MPLS VPN Import/Export Verification draft-behringer-mpls-vpn-auth-05.txt Michael.
BGP-based Auto-discovery mechanism for l1vpns draft-ouldbrahim-l1vpn-bgp-autodiscovery-00.txt Hamid Ould-Brahim Don Fedyk Yakov Rekhter IETF 64, 11/05,
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.
SIP-Based or DHT-Based? November 12, 2005 Eunsoo Shim Panasonic Digital Networking Laboratory P2P SIP Ad-hoc Meeting IETF64, Vancouver.
Applicability of Existing Solutions to the Problem Space draft-takeda-l1vpn-applicability-03.txt.
11 Softwire Security Analysis and Guidance for Mesh Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota draft-ietf-softwire-security-requirements-XX.txt.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
Role of Router. The Router as a Perimeter Device  Usually the main function of a router is considered as the forwarding of packets between two network.
Global Table Multicast with BGP-MVPN draft-zzhang-l3vpn-mvpn-global-table-mcast London, 89 th IETF L3VPN WG2013-Nov-71.
BGP L3VPN origin validation (draft-ymbk-l3vpn-origination-02) November 2012.
L3VPN WG mLDP Recursive FEC Using mLDP through a Backbone where there is no Route to the Root draft-wijnands-mpls-mldp-recurs-fec Name changed.
L3VPN WG2012-Jul-301 Bidirectional P-tunnels in MVPN Bidirectional P-tunnel: MP2MP LSP per RFC 6388 PIM MDT per RFC 5015, GRE Encapsulation Accommodated.
BGP Validation Russ White Rule11.us.
MBGP and Customer Routes
Model Driven Protocol/Platform for ICN Page 1.
MPLS Virtual Private Networks (VPNs)
Constraints on Automated Key Management for Routing Protocols
CE Based Membership Verification for L3VPN
Connecting an Enterprise Network to an ISP Network
91th IETF, 10 Nov 2014  Michael Behringer Steinthor Bjarnason Balaji BL
Connecting an Enterprise Network to an ISP Network
L1VPN Working Group Scope
Multicast in Virtual Router-based IP VPNs
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Transient BGP Loops Do they matter, and what can be done about them?
IPNNI SHAKEN Enterprise Models: LEMON TWIST
BGP Instability Jennifer Rexford
EVPN multi-homing port-active load-balancing IETF-101 [London]
BGP VPN service for SRv6 Plus IETF 105, Montreal
draft-gulrajani-pim-hello-intid-00
Presentation transcript:

Reconciling the L3VPN Authentication Drafts (Singing “Kumbaya”) M Behringer R Bonica

The Drafts Draft-ietf-l3vpn-l3vpn-auth –Provides a method through which customers can detect SP misconfiguration –Does nothing to prevent misconfiguration –Delegates authentication task to the CE Draft-behringer-mpls-vpn-auth –Reduces the probability of SP misconfiguration –Customer does not detect misconfiguration if it does occur –Delegates authentication task to the PE

The Dilemma The two drafts are similar, but not identical Options –Merge –Let them both live –Kill one, progress the other

The Opportunity Both drafts bring something unique to the table Killing either would take something away from the user community

Lots of Pro’s And Cons Fuel for a good religious war Religious wars don’t bring us to convergence But they are fun –Join us in the bar tonight for a continuation of the religious war

Comparative Anatomy PE obtains token from CE –BGP extended community from received from CE –New protocol with CE –Hashed authentication key from CE-PE routing protocol PE distributes token throughout SP network –BGP extended community –New BGP attribute

Comparative Anatomy (Continued) PE uses token –Distribute to CE using BGP community or new protocol –Use to decide whether or not route will be installed based upon local MD5 authentication key used in PE-CE interface routing protocol

How Do we Converge Converge on a common mechanism for distribution of the token within the SP network Add a third mechanism for obtaining token to draft-ietf-l3vpn-l3vpn-auth –Derive the token from the PE-CE MD5 key Add a third application for the key at the egress PE –Use it to decide whether to install the route

Kumbaya

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.