Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Use of PE-PE IP/GRE/IPsec for MPLS PWs draft-raggarwa-pwe3-pw-over-ip- 00.txt Rahul Aggarwal

Published byAbraham Price Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Use of PE-PE IP/GRE/IPsec for MPLS PWs draft-raggarwa-pwe3-pw-over-ip- 00.txt Rahul Aggarwal"— Presentation transcript:

1 www.juniper.net 1 Use of PE-PE IP/GRE/IPsec for MPLS PWs draft-raggarwa-pwe3-pw-over-ip- 00.txt Rahul Aggarwal rahul@juniper.net

2 2 www.juniper.net Authors  Rahul Aggarwal (Juniper)  Kireeti Kompella (Juniper)

3 Agenda  Problem statement  Motivation  Specification  Relevance to the PWE3 WG  Conclusion 3. www.juniper.net

4 Problem Statement  Carrying MPLS PW packets over IP, GRE or IPsec tunnels MPLS control plane for PW setup Outer PSN tunnel encapsulation is now IP, GRE or IPsec PW label identifies the PW  Enable MPLS PWs to be transported over non- MPLS networks 4. www.juniper.net

5 Motivation  Non-MPLS routers between the ingress and egress PEs  IPsec authentication and/or encryption for increased security Protection against spoofed packets Protection against transit node misbehavior Encryption of the PW data 5. www.juniper.net

6 Specification  Continue to use MPLS to identify a PW A single label stack i.e. PW label  A MPLS-in-IP or MPLS-in-GRE encapsulation used to turn the packet into an IP packet Dynamic IP or GRE tunnel between ingress PE and egress PE MPLS PW packet gets sent over an IP or GRE tunnel  IPsec Transport mode may be used to secure the IP or GRE tunnel 6. www.juniper.net

7 MPLS-in-IP/MPLS-in-GRE encapsulation by ingress PE  PW “route” points to a PW label and a next-hop  The next-hop results in MPLS-in-IP or MPLS-in-GRE encapsulation IP source address: address of the ingress PE IP destination address: address of the egress PE  The IP/GRE tunnels are not preconfigured 7. www.juniper.net

8 Application of IPsec by Ingress PE  Ingress PE needs to establish an IPsec SA with the egress PE  IKE may be needed for key distribution  IPsec procedures result in a packet with an IP header, followed by an IPsec header followed by MPLS-in-IP/MPLS-in-GRE encapsulation 8 www.juniper.net

9 Procedures at the Egress PE  Egress PE should be able to de-capsulate MPLS-in- IP or MPLS-in-GRE packets MPLS PW packets then MPLS switched  For IPsec IKE and SAs Apply IPsec procedures to the incoming IPsec packet Recover the contained MPLS-in-IP/MPLS-in-GRE packet 9 www.juniper.net

10 Relevance to the PWE3 WG  MPLS PWs over IP networks are in the charter  This document describes procedures for carrying MPLS PWs over IP/GRE/IPsec tunnels  Meets requirements not met by existing specifications  Does not concern itself with IP/GRE/IPsec PSN setup 10 www.juniper.net

11 Conclusion  Request to be a WG document  http://www.ietf.org/internet-drafts/draft-raggarwa- pwe3-pw-over-ip-00.txt 11 www.juniper.net

12 Thank You

Download ppt "1 Use of PE-PE IP/GRE/IPsec for MPLS PWs draft-raggarwa-pwe3-pw-over-ip- 00.txt Rahul Aggarwal"

Similar presentations

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 LSP-Ping and BFD for MPLS-TP draft-nitinb-mpls-tp-lsp-ping-bfd- procedures-00.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 LSP-Ping and BFD for MPLS-TP draft-nitinb-mpls-tp-lsp-ping-bfd- procedures-00.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,

All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen

Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen
PW Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-02 Yimin Shen (Juniper Networks) Rahul Aggarwal (Arktan Inc) Wim Henderickx.

PW Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-02 Yimin Shen (Juniper Networks) Rahul Aggarwal (Arktan Inc) Wim Henderickx.
PW Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-03 Yimin Shen (Juniper) Rahul Aggarwal (Arktan Inc) Wim Henderickx (Alcatel-Lucent)

PW Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-03 Yimin Shen (Juniper) Rahul Aggarwal (Arktan Inc) Wim Henderickx (Alcatel-Lucent)
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Introducing MPLS Labels and Label Stacks

Introducing MPLS Labels and Label Stacks
MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs

MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs
CS 672 1 Summer 2003 Lecture 14. CS 672 2 Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

Similar presentations

Ads by Google