Page 1 OLD DOG CONSULTING Control Plane Resilience and Security in GMPLS Networks: Fact and Fiction Adrian Farrel Old Dog Consulting

Slides:



Advertisements
Similar presentations
APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
Advertisements

G : DCM Signaling Mechanism Using GMPLS RSVP-TE ITU-T Workshop on IP-Optical, Chitose, Japan 7/11/2002 Dimitrios Pendarakis, Tellium, Inc. ITU-T.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Generalized Multiprotocol Label Switching: An Overview of Signaling Enhancements and Recovery Techniques IEEE Communications Magazine July 2001.
NEW OUTLOOK ON MULTI-DOMAIN AND MULTI-LAYER TRAFFIC ENGINEERING Adrian Farrel
Deployment of MPLS VPN in Large ISP Networks
OLD DOG CONSULTING Challenges and Solutions for OAM in Point-to-Multipoint MPLS Adrian Farrel, Old Dog Consulting Ltd. Zafar Ali, Cisco Systems, Inc.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
OLD DOG CONSULTING Traffic Engineering or Network Engineering? The transition to dynamic management of multi-layer networks Adrian Farrel Old Dog Consulting.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L6 1 Implementing Secure Converged Wide Area Networks (ISCW)
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
RD-CSY /09 Distance Vector Routing Protocols.
Tesseract A 4D Network Control Plane
draft-kompella-mpls-rmr Kireeti Kompella IETF 91
Control and Traffic Management Paper: Banerjee et al.: ” Generalized multiprotocol label switching: an overview of signaling enhancements and recovery.
TCP/IP Reference Model Host To Network Layer Transport Layer Application Layer Internet Layer.
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
Data Communications and Networks Chapter 2 - Network Technologies - Circuit and Packet Switching Data Communications and Network.
MPLS - 73nd IETF Minneaplis1 Composite Transport Group (CTG) Framework and Requirements draft-so-yong-mpls-ctg-framework-requirement-00.txt draft-so-yong-mpls-ctg-framework-requirement-00.txt.
Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.
Should I Migrate My MPLS-TE Network to GMPLS. And if so, how
Chapter 2 The Infrastructure. Copyright © 2003, Addison Wesley Understand the structure & elements As a business student, it is important that you understand.
Link State Routing Protocol W.lilakiatsakun. Introduction (1) Link-state routing protocols are also known as shortest path first protocols and built around.
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
Common Devices Used In Computer Networks
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
Network Security Principles & Practices
Protocol implementation Next-hop resolution Reliability and graceful restart.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
The OSI Model.
Lecture Week 3 Frame Relay Accessing the WAN. 3.1 Basic Frame Relay Concepts Accessing the WAN.
MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what.
Introduction to OSPF Nishal Goburdhan. Routing and Forwarding Routing is not the same as Forwarding Routing is the building of maps Each routing protocol.
CCNA 3 Week 2 Link State Protocols OSPF. Copyright © 2005 University of Bolton Distance Vector vs Link State Distance Vector –Copies Routing Table to.
1 Chapter 3: Multiprotocol Network Design Designs That Include Multiple Protocols IPX Design Concepts AppleTalk Design Concepts SNA Design Concepts.
Protection and Restoration Definitions A major application for MPLS.
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.
Mr. Mark Welton.  WAN transportation method that formats data into frames and sent over a network controlled by a service provider  Frame Relay is often.
Kireeti Kompella draft-kompella-mpls-rmr-01
June 4, 2003Carleton University & EIONGMPLS - 1 GMPLS Generalized Multiprotocol Label Switching Vijay Mahendran Sumita Ponnuchamy Christy Gnanapragasam.
(Slide set by Norvald Stol/Steinar Bjørnstad
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
Network management Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance,
Network Security Principles & Practices By Saadat Malik Cisco Press 2003.
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
Limit for content Do not exceed Limit for content Do not exceed Limit for content Do not exceed Limit for content Do not exceed Page 1 © The.
1 Protection in SONET Path layer protection scheme: operate on individual connections Line layer protection scheme: operate on the entire set of connections.
IS3220 Information Technology Infrastructure Security
Requirements for the Resilience of Control Plane in GMPLS (draft-kim-ccamp-cpr-reqts-00.txt) Young Hwa Kim CCAMP WG (59 th IETF) Apr.04,

OSI Model OSI MODEL. Communication Architecture Strategy for connecting host computers and other communicating equipment. Defines necessary elements for.
Advanced Computer Networks
Multi Node Label Routing – A layer 2.5 routing protocol
Instructor Materials Chapter 1: LAN Design
Requirements for Ring Protection in MPLS-TP
MPLS-TP Survivability Framework
What is a router? A router is a device that connects multiple computers together. Not to be confused with a switch Routers transmit packets of data across.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Introduction to Networking
Dynamic Routing and OSPF
Chapter 11. Frame Relay Background Frame Relay Protocol Architecture
IPFRR WITH FAST NOTIFICATION
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Presentation transcript:

Page 1 OLD DOG CONSULTING Control Plane Resilience and Security in GMPLS Networks: Fact and Fiction Adrian Farrel Old Dog Consulting

Page 2 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING Agenda Control of Legacy Transport Networks MPLS Control Channels GMPLS Separation of Control and Data Channels What is a Control Channel? Risks, Resilience, Attacks, and Potential Damage How are Control Channels Made Resilient? How are Control Channels and Protocols Protected? Summary: Where Should We Focus Our Efforts?

Page 3 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING Control of Legacy Transport Networks Configured and operated from an NMS (or through EMS) Management channels –Dedicated links, in-band or in-fibre with data, through a private out-of- band management network Security achieved through point-to-point relationships –Such as IPsec, access lists, and passwords Management plane resilience –Low priority –Enabled through parallel or back-up links Data channels continue to operate after management plane failures –Devices can be managed after data channel failures

Page 4 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING MPLS Control Channels MPLS is closely tied to IP –The MPLS packets use interfaces identified by their IP addresses –Control packets (LDP or RSVP-TE) use the same interfaces and addresses The health of the control channel correlates to the health of the data channel –Data channel failure implies inability to deliver control messages Control messages are always single-hop IP messages –Data plane forwarding fails when control plane fails –A single “keep-alive” mechanism can be used on the data/control channel Data plane mechanisms IGP keep-alive BFD Do not confuse control channel failure with control protocol failure! –Protocols now support continuous forwarding and protocol restart Component failure Software upgrade or restart after failure

Page 5 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING Control plane connectivity between neighbouring switches Multiple parallel control plane connections may exist GMPLS switches can be packet routers in the control plane The health of the control channel does not correlate to the health of the data channel –Data continues to flow even when the control connection is down Transport links In-band or in-fiber Out-of-fiber Dedicated link Out-of-fiber Control network NMS In-band or in-fiber ring GMPLS Separation of Control and Data Channels

Page 6 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING What is a Control Channel? A logical association between two control plane entities that need to communicate. –This is an IP network, so a control channel is just a pair of IP addresses in the control plane What is it not? –It is not a data link in the control plane Although it might be! What can you do? –Assign “always reachable in the control plane” IP addresses for the ends of control channels TE Router ID does the job –Use interface addresses for the ends of control channels Must be packet-capable interfaces! Could be individual control plane data links, or bundles

Page 7 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING Risks, Resilience, Attacks, and Potential Damage Important to understand the concerns Data plane failures –Will data channel failure make equipment unmanageable? Control plane failures –Will control plane failure impact traffic? –If the control plane isn’t recovered rapidly, what function will I lose? –Do I need to provide resilient or backup control channels? Security –What is the control plane security model? –What might happen if the control plane was attacked? –How do I protect the control channels?

Page 8 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING How are Control Channels Made Resilient? Resilient control plane data links –Just one control channel –Apply normal link protection mechanisms to data links in the control plane –When one link fails, traffic is seamlessly switched to another –Protection can be 1+1, 1:1, etc. –Control plane protocols can survive failover Control plane has low throughput Failover unlikely to drop more than one packet Control plane protocols include retransmission mechanisms –Control plane data links may be in separate data fibers, etc. Control channelControl plane data links

Page 9 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING The Self-Healing Control Plane IP networks are “self healing” The IGP (OSPF or IS-IS) determines new shortest paths Convergence times are short –Transport networks are not large by IP standards –We only need local convergence Most control plane messages are being sent a short distance Control plane protocols can survive faults in the network –All of the GMPLS protocols are designed to survive IP’s unreliable delivery Make your control plane network a proper IP network –Provide multiple IP interfaces to a node –Run an IGP in the control plane (you have to anyway for TE distribution) –Use stable IP addresses for the control channel (i.e. TE Router ID)

Page 10 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING Common Control Plane Failure Questions? What if RSVP-TE detects a soft-state timeout? –Will not happen Soft-state timers are much larger than repair times RSVP-TE Hello timer will fail first –Soft-state cannot time out when Hellos have failed Will RSVP-TE Hello re-establishment cause protocol restart? –No Hello recovery will use the same epoch number (But anyway, protocol restart is now graceful) Doesn’t LMP detect errors very fast and switch to a new control channel? –It can do, but it is your choice Depends on how you build your control channels

Page 11 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING LMP Control Channel Management LMP recognizes that managing multiple parallel control plane data links may be a burden –If this can be done in the data link layer, then no issue –If this can be done using the IGP, then no issue –But what if there are very many potential control plane data links? For example, tens of parallel fibers Don’t want to advertise these all to the IGP at the same time LMP assigns addresses to control plane data links –Numbered or unnumbered –One control plane data link is used and monitored using Hellos –On failure, another one is brought up and given to the IGP –Control channel end-point (i.e. TE Router ID) reachability is maintained

Page 12 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING How are Control Channels and Protocols Protected? All GMPLS protocols apply security between neighbors –Nearly all message exchanges are between neighbors Access lists a re common and easy to apply –But auto-discovery can discover a fake neighbor! Authentication and integrity checks in all protocols –Requires a password pairing for all neighbors Configuration burden? Temptation to use network-wide keys/secrets Full security through IPsec –Similarly requires password pairing for all neighbors All mechanisms work through IP clouds –Other tunneling and VPN techniques are also available Automatic key distribution mechanisms are available

Page 13 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING What are the Security Risks GMPLS networks have a “chain of trust model” –Chain is as strong as its weakest link –Access anywhere in the network can attack the whole control plane Tapping into a control channel –Easiest when the control channel goes through an IP cloud –Allows snooping and all forms of attack Easiest attack is denial of service –Makes it hard to manage existing LSPs or set up new ones Effect of other attacks may be –Redirection of user traffic –Degradation of customer quality –Theft of network resources So why don’t we enable security in the control plane? –Is no-one worried about security? –Are network operators used to relying on simple management plane relationships? –Do operators think that their control networks are private? –Is it too hard to configure and manage security? –Are implementations deficient?

Page 14 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING Summary: Where Should We Focus Our Efforts? We do not need to spend any more time discussing control plane resilience –The GMPLS control plane is resilient We must model the control plane network –Understand the vulnerabilities of the network as a whole We need to understand security risks to the control plane –Requires analysis of many different possible attacks Install and test adequate security techniques –Operators must state what they need –Vendors must implement the necessary mechanisms Secure networks can only be built from equipment that supports the same level of security

Page 15 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING References RFC 3209 –RSVP-TE Specification –Defines timer procedures and introduces Hello RFC 3473 –GMPLS RSVP-TE Specification –Defines control and data plane separation –Refines Hello procedures RFC 4204 –LMP Specification draft-ietf-mpls-mpls-and-gmpls-security-framework –Explains the security models and techniques for GMPLS and MPLS

Page 16 iPOP2008, 5-6 June. 2008, Tokyo, Japan OLD DOG CONSULTING Questions