Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins

Similar presentations


Presentation on theme: "1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins"— Presentation transcript:

1 1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang lufang@cisco.com Ben Niven-Jenkins benjamin.niven-jenkins@bt.com March 25, 2010 77 IETF, Anaheim

2 2 Brief Review: Objectives and Scope Objectives: –Identify and address MPLS-TP specific security issues. Provide MPLS-TP security requirements Define MPLS-TP security reference models Identify MPLS-TP security threats Discuss MPLS-TP security threat mitigation, recommendations Intended category: Informational Scope: –In scope: Directly related with MPLS-TP –Out of scope: Any functions/application not specific to MPLS-TP. e.g. General MPLS/GMPLS Security, General IP/Internet Security best practice.. –Other drafts for MPLS-TP can point to this draft for general MPLS-TP security discussion, and discuss any specific security issues for the specific protocol proposals as needed. –Focus is on the inter-connection between trusted and untrusted zones

3 Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 1 Model 1: single SP scenario Model 1a (Not shown): SS-PW within single trusted zone. Model 1b: MS-PW within single trusted zone (as shown) Trusted Zone Untrusted Zone

4 Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (b) Model 2 (b): Single SP, but not all T-PEs are in the Trusted Zone Trusted Zone Untrusted Zone S-PE1 PW3PW5 MPLS Core

5 Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (c) Model 2 (c): Typical Inter-Provider Scenario Trusted Zone Untrusted Zone S-PE1 PW3PW5

6 Outstanding Security Issues still to be addressed Trusted zone boundary definition Issues –Spoofing ID –Loopback –NMS –NMS and CP interaction –MIP/MEP assignment and attacks –Topology discovery –Data plane authentication –Label authentication –DoS attack –Performance Monitoring

7 7 Next Steps Clarify Security Trust models –Have we missed anything? List additional security requirements/threats/mitigations Call for volunteers to provide text for open issues.

8 Back-up

9 Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 2 (a) Model 2 (a): Inter-Provider Scenario with single S-PE Trusted Zone Untrusted Zone


Download ppt "1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins"

Similar presentations


Ads by Google