Download presentation
Presentation is loading. Please wait.
Published bySolomon Glenn Modified over 9 years ago
1
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-01.txt Luyuan Fang lufang@cisco.com Ben Niven-Jenkins benjamin.niven-jenkins@bt.com March 25, 2010 77 IETF, Anaheim
2
2 Brief Review: Objectives and Scope Objectives: –Identify and address MPLS-TP specific security issues. Provide MPLS-TP security requirements Define MPLS-TP security reference models Identify MPLS-TP security threats Discuss MPLS-TP security threat mitigation, recommendations Intended category: Informational Scope: –In scope: Directly related with MPLS-TP –Out of scope: Any functions/application not specific to MPLS-TP. e.g. General MPLS/GMPLS Security, General IP/Internet Security best practice.. –Other drafts for MPLS-TP can point to this draft for general MPLS-TP security discussion, and discuss any specific security issues for the specific protocol proposals as needed. –Focus is on the inter-connection between trusted and untrusted zones
3
Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 1 Model 1: single SP scenario Model 1a (Not shown): SS-PW within single trusted zone. Model 1b: MS-PW within single trusted zone (as shown) Trusted Zone Untrusted Zone
4
Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (b) Model 2 (b): Single SP, but not all T-PEs are in the Trusted Zone Trusted Zone Untrusted Zone S-PE1 PW3PW5 MPLS Core
5
Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (c) Model 2 (c): Typical Inter-Provider Scenario Trusted Zone Untrusted Zone S-PE1 PW3PW5
6
Outstanding Security Issues still to be addressed Trusted zone boundary definition Issues –Spoofing ID –Loopback –NMS –NMS and CP interaction –MIP/MEP assignment and attacks –Topology discovery –Data plane authentication –Label authentication –DoS attack –Performance Monitoring
7
7 Next Steps Clarify Security Trust models –Have we missed anything? List additional security requirements/threats/mitigations Call for volunteers to provide text for open issues.
8
Back-up
9
Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 2 (a) Model 2 (a): Inter-Provider Scenario with single S-PE Trusted Zone Untrusted Zone
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.