Download presentation
Presentation is loading. Please wait.
Published byBuddy Bradley Modified over 8 years ago
1
1 Security Framework for MPLS and GMPLS Networks draft-mpls-mpls-gmpls-security-framework-03.txt Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le Roux Raymond Zhang Paul Knight Yaakov Stein Nabil Bitar Jerry Ash Monique Morrow Richard Graveman Adrian Farrel July 28, 2008 72 IETF, Dublin
2
2 Status Update IETF 67 - San Diego –Project first proposed at MPLS WG in November 2006. –Design team formed (members listed on front page). IETF 68 - Prague –00 draft presented at MPLS WG and CCAMP WGs in March 2007 –Gathered feedback from the MPLS and CCAMP WGs, Security and Routing ADs IETF 69 – Chicago –01 draft presented at MPLS and CCAMP WGs in July 2007. –Request to become working group document –Draft was approved to become MPLS WG document after IETF 69 IETF 70 – Vancouver –00 WG draft posted in Sept. 2007. 01 draft posted in Nov. 2007 –01 draft presented at MPLS WGs, and status update at CCAMP –Prepare for WG last call, request for early review IETF 71 – Philadelphia –02 draft presented at MPLS WG in March 2008 –Discuss gen-art early review comments and other comments –Getting ready for WG last call IETF 72 – Dublin –03 draft issued, addressed gen-art comments and other comments –Request for MPLS and CCAMP WGs last call
3
Changes in 03 draft Changes based on Scott Brim’s gen-art early review comments. Previous L2, L3, Link layer definition removed; made core definition consistent; Modification in control plane attacks; add PE-CE bi- direitonal authentication, and minor structual and editor changes. Scoot is happy about the changes. Changes based on Stephen Farrell’s comments and Ross’s discussion regarding upstream label allocation. Discussed with Stephen Farrell, and Ross. Updated the text to reflect label allocation can be downstream or upstream, however, we did not see new security mechanisms need to be introduced due to upstream label allocation. Changes based on Kannan Varadhan’s comments. Indicated the entire network can be compromised under the attack of LSP created by an unauthorized element; added IPv6 in filtering in addition to IPv4. More discussion with Kannan on MPLS/GMPLS specific security threats, Defensive techniques for MPLS/GMPLS Network; SP General security requirements; MPLS/GMPLS inter- provider security requirements.
4
Planned changes GMPLS data plane security per Adrian’s suggestions Unlike MPLS, GMPLS data plane may be divorced from the GMPLS control plane. GMPLS Data links may be deliberately or accidentally misconnected without causing faults in the control plane. Protect from misconnection attacks and connectivity verification Ref applicability of groupkeying for RSVP Short description and add reference to “Applicability of Keying Methods for RSVP Security” - draft-ietf-tsvwg-rsvp-security- groupkeying-01.txt
5
5 Next Step Request for MPLS and CCAMP WGs last call
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.