1 Use of PE-PE IP/GRE/IPsec for MPLS PWs draft-raggarwa-pwe3-pw-over-ip- 00.txt Rahul Aggarwal

Slides:



Advertisements
Similar presentations
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.
Advertisements

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 LSP-Ping and BFD for MPLS-TP draft-nitinb-mpls-tp-lsp-ping-bfd- procedures-00.
Internet Protocol Security (IP Sec)
Secure Mobile IP Communication
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen
PW Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-02 Yimin Shen (Juniper Networks) Rahul Aggarwal (Arktan Inc) Wim Henderickx.
PW Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-03 Yimin Shen (Juniper) Rahul Aggarwal (Arktan Inc) Wim Henderickx (Alcatel-Lucent)
Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Introducing MPLS Labels and Label Stacks
MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
LSP-Ping extensions for MPLS-TP draft-nitinb-mpls-tp-lsp-ping- extensions-00 Nitin Bahadur Sami Boutros Rahul Aggarwal Eric Gray.
Encapsulating MPLS in UDP draft-xu-mpls-in-udp-02 Xiaohu Xu (Huawei) Marshall Eubanks (AmericaFree.TV) Lucy Yong (Huawei) Nischal Sheth.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
1 © 2002, Cisco Systems, Inc. All rights reserved. draft-nadeau-pwe3-vccv-00.txt IETF #56 San Francisco, CA USA Thomas D. Nadeau Monique.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
PPTP Point-to-Point Tunneling Protocol (PPTP) –Problem: PPP was created for dialing into a local RAS server –But the site’s RAS may be far away –Long-distance.
L3VPN WG2014-Jul-221 Ingress Replication P-Tunnels in MVPN I ngress Replication (IR) is one of the MVPN P-tunnel technologies But there’s a lot of confusing.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Setup and Maintenance of Pseudo- Wires Using RSVP-TE Draft-raggarwa-rsvpte-pw-01.txt.
11/27/2015 draft-bocci-bryant-ms-pw-architecture-00.txt An Architecture for Multi-Segment Pseudo Wire Emulation Edge-to-Edge draft-bocci-bryant-pwe3-ms-pw-architecture-00.txt.
Application of PWE3 to MPLS Transport Networks
MPLS Some notations: LSP: Label Switched Path
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Draft-jounay-pwe3-p2mp-pw-requirements-01.txt IETF 70 PWE3 Working Group Vancouver, December 2007 F. Jounay, P. Niger, France Telecom Y. Kamite, NTT Communications.
IP Traffic Engineering RSP draft-shen-ip-te-rsp-01.txt Naiming Shen Albert Tian Jun Zhuang
August 2004draft-bocci-2vpn-pnni-mpls-iw-01.txt Signalling Interworking for ATM VPWS draft-bocci-l2vpn-pnni-mpls-iw-01 Matthew Bocci, Mustapha Aissaoui,
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Entropy Labels in MPLS Forwarding draft-kompella-mpls-entropy-label-01 Kireeti Kompella Juniper Networks Shane Amante Level 3 Communications.
Entropy Labels in MPLS Forwarding draft-kompella-mpls-entropy-label-02
11 Softwire Security Analysis and Guidance for Mesh Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota draft-ietf-softwire-security-requirements-XX.txt.
MPLS over L2TPv3 Encapsulation IETF VersionIHLTOSTotal length IdentificationFlagsFragment offset TTL Protocol ==
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Advertising Encapsulation Capability Using OSPF draft-xu-ospf-encapsulation-cap-01 Xiaohu Xu (Huawei) Robert Raszuk (Mirantis) Uma Chunduri.
LSP-Ping extensions for MPLS-TP draft-nitinb-mpls-tp-lsp-ping-extensions-01 Nitin Bahadur Sami Boutros Rahul Aggarwal Eric Gray 1IETF 77 MPLS WG IETF 77,
Pseudo Wire (PW) Virtual Circuit Connection Verification (VCCV) Update Thomas D. Nadeau Cisco Systems, Inc Rahul Aggarwal (Presenter) Juniper Networks.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
1 Copyright © 2009 Juniper Networks, Inc. E-VPN for NVO Use of Ethernet Virtual Private Network (E-VPN) as the carrier-grade control plane.
MULTI-PROTOCOL LABEL SWITCHING By: By: YASHWANT.V YASHWANT.V ROLL NO:20 ROLL NO:20.
Entropy Labels Shane Amante Kireeti Kompella. What ECMP is a powerful tool for SPs: make it better At the ingress of an LSP, assign “entropy labels” to.
Establishing P2MP MPLS TE LSPs draft-raggarwa-mpls-p2mp-te-02.txt Rahul Aggarwal Juniper Networks.
Tunnel SAFI draft-nalawade-kapoor-tunnel- safi-03.txt SSA Attribute draft-kapoor-nalawade-idr- bgp-ssa-01.txt.
1 MPLS Source Label Mach Chen Xiaohu Xu Zhenbin Li Luyuan Fang IETF87 MPLS Aug Berlin draft-chen-mpls-source-label-00.
Requirements for LER Forwarding of IPv4 Option Packets
Encryption and Network Security
Internet and Intranet Fundamentals
Presenter: Jeffrey Zhang
Packet PWE3 – Efficient for IP/MPLS
Softwire Mesh Solution Framework
Point-to-Multipoint Pseudo-Wire Encapsulation draft-raggarwa-pwe3-p2mp-pw-encaps-00.txt R. Aggarwal (Juniper)
Advertising Encapsulation Capability Using OSPF
Yimin Shen (Juniper) Rahul Aggarwal (Arktan Inc)
Net 412 (Practical Part) Networks and Communication Department LAB 2.
BGP VPN service for SRv6 Plus IETF 105, Montreal
Inter-AS OAM for SR Networks IETF 105, Montreal
Presentation transcript:

1 Use of PE-PE IP/GRE/IPsec for MPLS PWs draft-raggarwa-pwe3-pw-over-ip- 00.txt Rahul Aggarwal

2 Authors  Rahul Aggarwal (Juniper)  Kireeti Kompella (Juniper)

Agenda  Problem statement  Motivation  Specification  Relevance to the PWE3 WG  Conclusion 3.

Problem Statement  Carrying MPLS PW packets over IP, GRE or IPsec tunnels MPLS control plane for PW setup Outer PSN tunnel encapsulation is now IP, GRE or IPsec PW label identifies the PW  Enable MPLS PWs to be transported over non- MPLS networks 4.

Motivation  Non-MPLS routers between the ingress and egress PEs  IPsec authentication and/or encryption for increased security Protection against spoofed packets Protection against transit node misbehavior Encryption of the PW data 5.

Specification  Continue to use MPLS to identify a PW A single label stack i.e. PW label  A MPLS-in-IP or MPLS-in-GRE encapsulation used to turn the packet into an IP packet Dynamic IP or GRE tunnel between ingress PE and egress PE MPLS PW packet gets sent over an IP or GRE tunnel  IPsec Transport mode may be used to secure the IP or GRE tunnel 6.

MPLS-in-IP/MPLS-in-GRE encapsulation by ingress PE  PW “route” points to a PW label and a next-hop  The next-hop results in MPLS-in-IP or MPLS-in-GRE encapsulation IP source address: address of the ingress PE IP destination address: address of the egress PE  The IP/GRE tunnels are not preconfigured 7.

Application of IPsec by Ingress PE  Ingress PE needs to establish an IPsec SA with the egress PE  IKE may be needed for key distribution  IPsec procedures result in a packet with an IP header, followed by an IPsec header followed by MPLS-in-IP/MPLS-in-GRE encapsulation 8

Procedures at the Egress PE  Egress PE should be able to de-capsulate MPLS-in- IP or MPLS-in-GRE packets MPLS PW packets then MPLS switched  For IPsec IKE and SAs Apply IPsec procedures to the incoming IPsec packet Recover the contained MPLS-in-IP/MPLS-in-GRE packet 9

Relevance to the PWE3 WG  MPLS PWs over IP networks are in the charter  This document describes procedures for carrying MPLS PWs over IP/GRE/IPsec tunnels  Meets requirements not met by existing specifications  Does not concern itself with IP/GRE/IPsec PSN setup 10

Conclusion  Request to be a WG document  pwe3-pw-over-ip-00.txt 11

Thank You