Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins

Published bySolomon Glenn Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins"— Presentation transcript:

1 1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang lufang@cisco.com Ben Niven-Jenkins benjamin.niven-jenkins@bt.com March 25, 2010 77 IETF, Anaheim

2 2 Brief Review: Objectives and Scope Objectives: –Identify and address MPLS-TP specific security issues. Provide MPLS-TP security requirements Define MPLS-TP security reference models Identify MPLS-TP security threats Discuss MPLS-TP security threat mitigation, recommendations Intended category: Informational Scope: –In scope: Directly related with MPLS-TP –Out of scope: Any functions/application not specific to MPLS-TP. e.g. General MPLS/GMPLS Security, General IP/Internet Security best practice.. –Other drafts for MPLS-TP can point to this draft for general MPLS-TP security discussion, and discuss any specific security issues for the specific protocol proposals as needed. –Focus is on the inter-connection between trusted and untrusted zones

3 Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 1 Model 1: single SP scenario Model 1a (Not shown): SS-PW within single trusted zone. Model 1b: MS-PW within single trusted zone (as shown) Trusted Zone Untrusted Zone

4 Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (b) Model 2 (b): Single SP, but not all T-PEs are in the Trusted Zone Trusted Zone Untrusted Zone S-PE1 PW3PW5 MPLS Core

5 Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (c) Model 2 (c): Typical Inter-Provider Scenario Trusted Zone Untrusted Zone S-PE1 PW3PW5

6 Outstanding Security Issues still to be addressed Trusted zone boundary definition Issues –Spoofing ID –Loopback –NMS –NMS and CP interaction –MIP/MEP assignment and attacks –Topology discovery –Data plane authentication –Label authentication –DoS attack –Performance Monitoring

7 7 Next Steps Clarify Security Trust models –Have we missed anything? List additional security requirements/threats/mitigations Call for volunteers to provide text for open issues.

8 Back-up

9 Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 2 (a) Model 2 (a): Inter-Provider Scenario with single S-PE Trusted Zone Untrusted Zone

Download ppt "1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang Ben Niven-Jenkins"

Similar presentations

History of VPLS at IETF Ali Sajassi November 12, 2002.

History of VPLS at IETF Ali Sajassi November 12, 2002.
Nov 2009 draft-ietf-mpls-tp-framework-06.txt A framework for MPLS in Transport networks draft-ietf-mpls-tp-framework-06.txt Stewart Bryant (Cisco), Matthew.

Nov 2009 draft-ietf-mpls-tp-framework-06.txt A framework for MPLS in Transport networks draft-ietf-mpls-tp-framework-06.txt Stewart Bryant (Cisco), Matthew.
Time Synchronization Protocols and Security IETF tictoc working group 28 July 2011 Karen ODonoghue

Time Synchronization Protocols and Security IETF tictoc working group 28 July 2011 Karen ODonoghue
Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen

Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen
MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs

MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs
Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.

Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.
Old Dog Consulting Multi-Segment Pseudowires: Recognising the Layer Network Adrian Farrel Old Dog Consulting.

Old Dog Consulting Multi-Segment Pseudowires: Recognising the Layer Network Adrian Farrel Old Dog Consulting.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
Dual-Homing Protection for MPLS and MPLS-TP Pseudowires

Dual-Homing Protection for MPLS and MPLS-TP Pseudowires
IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,

IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,
A Unified Control Channel for Pseudowires draft-nadeau-pwe3-vccv-2-02 Thomas D. Nadeau Luca Martini IETF 81.

A Unified Control Channel for Pseudowires draft-nadeau-pwe3-vccv-2-02 Thomas D. Nadeau Luca Martini IETF 81.
MPLS-TP OAM Framework draft-ietf-mpls-tp-oam-framework-07 editors: Dave Allan, Italo Busi, Ben Niven-Jenkins.

MPLS-TP OAM Framework draft-ietf-mpls-tp-oam-framework-07 editors: Dave Allan, Italo Busi, Ben Niven-Jenkins.
Abstraction and Control of Transport Networks (ACTN) BoF

Abstraction and Control of Transport Networks (ACTN) BoF
STPP Slide 1 UDP Issues PWE3 – 61 th IETF 11 - 11 - 2004 Yaakov (J) Stein.

STPP Slide 1 UDP Issues PWE3 – 61 th IETF Yaakov (J) Stein.
MPLS-TP - 79th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-03.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.

MPLS-TP - 79th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-03.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
MPLS-TP - 78th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.

MPLS-TP - 78th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
A Framework for Management and Control of Optical Interfaces supporting G.698.2 draft-kunze-g-698-2-management-control-framework-02 March 2012 83rd IETF.

A Framework for Management and Control of Optical Interfaces supporting G draft-kunze-g management-control-framework-02 March rd IETF.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-04.txt Luyuan Fang Ben Niven-Jenkins Scott.

1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-04.txt Luyuan Fang Ben Niven-Jenkins Scott.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond.

1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond.
78 IETF, Maastricht, Netherlands

78 IETF, Maastricht, Netherlands

Similar presentations

Ads by Google