1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond.

Slides:



Advertisements
Similar presentations
History of VPLS at IETF Ali Sajassi November 12, 2002.
Advertisements

1 Luyuan Nabil Raymond Zhang
Nov 2009 draft-ietf-mpls-tp-framework-06.txt A framework for MPLS in Transport networks draft-ietf-mpls-tp-framework-06.txt Stewart Bryant (Cisco), Matthew.
Time Synchronization Protocols and Security IETF tictoc working group 28 July 2011 Karen ODonoghue
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen
MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs
Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.
Dual-Homing Protection for MPLS and MPLS-TP Pseudowires
A Unified Control Channel for Pseudowires draft-nadeau-pwe3-vccv-2-02 Thomas D. Nadeau Luca Martini IETF 81.
63rd IETF Paris August 2005 Requirements for Multicast Support in Virtual Private LAN Services draft-kamite-l2vpn-vpls-mcast-reqts-00.txt Yuji Kamite (NTT.
Ietf-65 draft-kulmala-l3vpn-interas-option-d-02.txt ASBR VRF Context for BGP/MPLS IP VPN IETF-65 draft-kulmala-l3vpn-interas-option-d-02.txt Marko Kulmala.
Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon
MPLS-TP - 79th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-03.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
MPLS-TP - 78th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-04.txt Luyuan Fang Ben Niven-Jenkins Scott.
78 IETF, Maastricht, Netherlands
72nd IETF Dublin July 2008 Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-01.txt Yuji.
1 AII Types for Aggregation draft-metz-aii-aggregate-00.txt Chris Metz, Luca Martini,
Virtual Topologies for Service Chaining in BGP IP/MPLS VPNs draft-rfernando-bess-service-chaining-00 (previously draft-rfernando-l3vpn-service-chaining-04)
VPLS Extensions for Provider Backbone Bridging - draft-balus-l2vpn-vpls-802.1ah-02.txt John Hoffmans – Geraldine Calvignac -
Draft-jounay-pwe3-p2mp-pw-requirements-00.txt IETF 68 PWE3 Working Group Prague, March 2007 F. Jounay, P. Niger, France Telecom Y. Kamite, NTT Communications.
Pseudowire And LDP-enabled Services (PALS) WG Status IETF-91 Honolulu Co-Chairs: Stewart Bryant and Andy Malis
PWE3 Working Group IETF-82 Andy Malis Matthew Bocci
PWE3 Agenda – Monday 8 th Nov 15 min - Agenda bash, WG Agenda and Status - Andy Malis and Matthew Bocci 5 min - Dynamic Placement of Multi Segment Pseudo.
BGP L3VPN Virtual CE draft-fang-l3vpn-virtual-ce-01 Luyuan Fang Cisco John Evans Cisco David Ward Cisco Rex Fernando Cisco John Mullooly Cisco Ning So.
PWE3 WG Status IETF-88 Andy Malis Matthew Bocci Secretary:
11/27/2015 draft-bocci-bryant-ms-pw-architecture-00.txt An Architecture for Multi-Segment Pseudo Wire Emulation Edge-to-Edge draft-bocci-bryant-pwe3-ms-pw-architecture-00.txt.
BGP L3VPN Virtual PE draft-fang-l3vpn-virtual-pe-04 Luyuan Fang David Ward Rex Fernando Maria Napierala Nabil Bitar Dhananjaya Rao Bruno Rijsman Ning So.
Duplicate Address Detection Proxy (draft-costa-6man-dad-proxy-00)
L3VPN WG IETF 78 30/07/ :00-11:30 Chairs: Marshall Eubanks Danny McPherson Ben Niven-Jenkins.
1 CCAMP Working Group Status Chairs: Lou Berger Deborah Brungard Secretary: Dan King 80th IETF CCAMP WG.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins
Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein.
MPLS-TP - 77th IETF1 MPLS-TP Control Plane Framework draft-abfb-mpls-tp-control-plane- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang.
PWE3 Agenda – Tues 26 th July. 15:20-18:20 20 min - Agenda bash, WG Agenda and Status - Andy Malis and Matthew Bocci 10 min - A Unified Control Channel.
73rd IETF Minneapolis Nov Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-02.txt.
Draft-jounay-pwe3-p2mp-pw-requirements-01.txt IETF 70 PWE3 Working Group Vancouver, December 2007 F. Jounay, P. Niger, France Telecom Y. Kamite, NTT Communications.
BGP/MPLS VPN Virtual PE draft-fang-l3vpn-virtual-pe-05 Luyuan Fang, Ed. David Ward Rex Fernando Maria Napierala Nabil Bitar Dhananjaya Rao Bruno Rijsman.
Luyuan Fang Nabil Bitar Raymond Zhang Masahiro DAIKOKU Ping Pan
1 MPLS Architectural Considerations for a Transport Profile ITU-T - IETF Joint Working Team Dave Ward, Malcolm Betts, ed. April 16, 2008.
PCE 64 th IETF PCE Policy Architecture draft-berger-pce-policy-architecture-00.txt Lou Berger Igor Bryskin Dimitri Papadimitriou.
Joint CCAMP, L2VPN, MPLS & PWE3 meeting on MPLS-TP Dublin
1 draft-fang-mpls-tp-oam-toolset-01.txt Luyuan Dan Nabil
1 Security Framework for MPLS-TP draft-mpls-tp-security-framework-01.txt Editors: Luyuan Fang Ben Niven-Jenkins
10 November 2003 PWE3 (Minneapolis IETF58) Communication From ITU-T SG 17 (September 10-19, 2003) To IETF PWE3 ITU-T Draft Recommendation X.84.
70th IETF Vancouver, December 2007 CCAMP Working Group Status Chairs: Deborah Brungard : Adrian Farrel :
IDR WG 6PE-Alt draft-manral-idr-mpls-explicit-null-00.txt Vishwas Manral, IPInfusion Manoj Dutta, IPInfusion IETF 71, Philadelphia, PA, USA.
Encapsulation Methods for Transport of Fibre Channel Over MPLS draft-roth-pwe3-fc-encap-01.txt PWE3 IETF-64 November 2005 Ronen Solomon
ForCES Forwarding Element Functional Model Lily Yang, Joel Halpern, Ram Gopal, Ram Dantu.
1 Security Framework for MPLS and GMPLS Networks draft-fang-mpls-gmpls-security-framework-01.txt Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le.
Stein-64 Slide 1 PW security requirements PWE3 – 64 th IETF 10 November 2005 Yaakov (J) Stein.
1 MPLS-TP Use Case and Design Considerations draft-fang-mpls-tp-use-cases-and-design-02.txt Luyuan Nabil
PWE3 Agenda – Monday 28 th March 15 min - Agenda bash, WG Agenda and Status - Andy Malis and Matthew Bocci 10 min - Mandatory Features of Virtual Circuit.
Requirements for PCE Discovery draft-ietf-pce-discovery-reqs-01.txt Jean-Louis Le Roux (France Telecom) Paul Mabey (Qwest) Eiji Oki (NTT) Richard Rabbat.
1 IETF-70 draft-akhter-bmwg-mpls-meth MPLS Benchmarking Methodology draft-akhter-bmwg-mpls-meth-03 IETF 70 Aamer Akhter / Rajiv Asati /
25 July Pseudowire Communities draft-pkwok-pwe3-pw-communities-01 Paul Kwok Pranjal Dutta Frederic Jounay draft-pkwok-pwe3-pw-communities-01 IETF-81.
PAPADIMITRIOU Dimitri IETF 49th Meeting - San Diego draft-papadimitriou-onni-frame D.Papadimitriou, M.Fontana, G.Grammel (Alcatel) Y.Xu, Z.Lin, S.Sankaranarayanan.
LMAP Framework draft-ietf-lmap-framework-01 Philip Eardley Al Morton, Marcelo Bagnulo, Trevor Burbridge, Paul Aitken, Aamer Akhter 6 th November 2013 Vancouver,
1 Security Framework for MPLS and GMPLS Networks draft-mpls-mpls-gmpls-security-framework-03.txt Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le.
ITU Liaison on T-MPLS Stewart Bryant
IETF 67, Nov 2006Slide 1 VCCV Extensions for Multi- Segment Pseudo-Wire draft-hart-pwe3-segmented-pw-vccv-01.txt draft-ietf-pwe3-segmented-pw-04.txt Mustapha.
Benchmarking for CoPP draft-shishio-bmwg-copp-00 Shishio Tsuchiya
PW / VCCV SP Implementation Survey Nick DelRegno PWE3 IETF79, Beijing.
MPLS-TP Next-Hop Ethernet Addressing draft-fbb-mpls-tp-ethernet-addressing-00 Dan Stewart Matthew
Jim McEachern Senior Technology Consultant ATIS July 8, 2015.
Tal Mizrahi Marvell IETF Meeting 78, July 2010
Time Synchronization Protocols and Security
78th IETF Meeting - Maastricht 27th, July 2010
Multicast Pruning for PBB-VPLS
Presentation transcript:

1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond Zhang Nabil July 26, IETF, Maastricht, Netherlands

2 Objectives and Scope Objectives: –Identify and address MPLS-TP specific security issues. Define MPLS-TP security reference models Provide MPLS-TP security requirements Identify MPLS-TP security threats Provide MPLS-TP security threat mitigation recommendations Intended category: Informational Scope: –In scope: Directly related with MPLS-TP –Out of scope: Any functions/application not specific to MPLS-TP. e.g. General MPLS/GMPLS Security, General IP/Internet Security best practice.. –Other drafts for MPLS-TP can point to this draft for general MPLS-TP security discussion, and discuss any specific security issues for the specific protocol proposals as needed. –Focus is on the inter-connection between trusted and untrusted zones

Security Issues need to be fully addressed Areas may be attacked –GAL/GACH –NMS –Loopback –MIP/MEP assignment –NMS and control plane interaction –Data plane –GMPLS control plane Security threats –ID Spoofing –Label spoofing –DoS attack –Topology discovery –Data intercept –Performance degradation

Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 1 Model 1: single SP scenario Model 1a (Not shown): SS-PW within single trusted zone. Model 1b: MS-PW within single trusted zone (as shown) Trusted Zone Untrusted Zone

Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (b) Model 2 (b): Single SP, but not all T-PEs are in the Trusted Zone Trusted Zone Untrusted Zone S-PE1 PW3PW5 MPLS Core

Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (c) Model 2 (c): Typical Inter-Provider Scenario Trusted Zone Untrusted Zone S-PE1 PW3PW5

7 Next Steps Agree on Security Trust models and identify potential MPLS-TP specific attacks Complete security requirements, threats, mitigations Asking for volunteers to provide input for open issues. –Scott Mansfield will join the next version Target to ask for WG adoption before next IETF meeting

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.