Presentation is loading. Please wait.

Presentation is loading. Please wait.

CE Based Membership Verification for L3VPN

Published byBuck Foster Modified over 7 years ago

Similar presentations

Presentation on theme: "CE Based Membership Verification for L3VPN"— Presentation transcript:

1 CE Based Membership Verification for L3VPN
draft-ietf-l3vpn-l3vpn-auth-01 Ron Bonica

2 Status Quo L3VPN relies on proper configuration of the Service Provider Network If the Service Provider configures Customer A’s site into Customer B’s VPN Customer A knows about it first Customer A tells the Service Provider Service Provider may or may not tell Customer B that his/her VPN has been breached

3 CE-Based Authentication
Automatically notifies Customer B when his/her VPN has been breached CE takes whatever action its security policy requires Issue alarm Withdraw from VPN CE-Based Authentication does not prevent SP misconfiguration

4 How It Works VPN site sends token to PE PE joins VPN site to the VPN
PE sends token to directly connected VPN sites and remote PE routers Remote PE routers distribute token to directly connected CE routers CE routers evaluate token React to tokens that they do not recognize

5 Trust Model CE trusts SP to faithfully distribute tokens
CE assumes that the SP is subject to occasional configuration errors SP cannot protect against these errors because the provisioner believes that he/she is doing the right thing CE must maintain checks and balances Protects against accidental misconfiguration, not malicious behavior on the part of the SP

6 Proposal Draft is already WG draft
Continue with implementation, regardless of WG disposition to other drafts in this area Draft-behringer addresses a different problem Not viewed as a competing solution

Download ppt "CE Based Membership Verification for L3VPN"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
MPLS Over L3VPN Ron Bonica. Reference Model and Requirement 1 C0 CE1 CE2 C3 PE1 P1 Customer VPN Site A Customer VPN Site B Service Provider L3VPN Customer.

MPLS Over L3VPN Ron Bonica. Reference Model and Requirement 1 C0 CE1 CE2 C3 PE1 P1 Customer VPN Site A Customer VPN Site B Service Provider L3VPN Customer.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs

MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Kevin R Perry August 12, 2014. Part 1: High Level Changes & Clarifications.

Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.

Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon

Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 62 L2VPN RADIUS Auto-discovery and provisioning draft-ietf-l2vpn-radius-pe-discovery-01.

1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 62 L2VPN RADIUS Auto-discovery and provisioning draft-ietf-l2vpn-radius-pe-discovery-01.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
61st IETF Washington DC November 2004 BGP/MPLS IP Multicast VPNs draft-yasukawa-l3vpn-p2mp-mcast-00.txt Seisho Yasukawa (NTT) Shankar Karuna (Motorola)

61st IETF Washington DC November 2004 BGP/MPLS IP Multicast VPNs draft-yasukawa-l3vpn-p2mp-mcast-00.txt Seisho Yasukawa (NTT) Shankar Karuna (Motorola)
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—6-1 Complex MPLS VPNs Introducing Overlapping VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—6-1 Complex MPLS VPNs Introducing Overlapping VPNs.

Similar presentations

Ads by Google