Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recent Progress in Routing Standardization An IETF update for UKNOF 23 Old Dog Consulting Adrian

Published byJonathan Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "Recent Progress in Routing Standardization An IETF update for UKNOF 23 Old Dog Consulting Adrian"— Presentation transcript:

1 Recent Progress in Routing Standardization An IETF update for UKNOF 23 Old Dog Consulting Adrian Farreladrian@olddog.co.ukadrian@olddog.co.uk afarrel@juniper.net IETF Routing Area Director Daniel Kingdaniel@olddog.co.ukdaniel@olddog.co.uk IETF Working Group Secretary (CCAMP, L3VPN, PCE, ROLL)

2 What Is Interesting and New?  Secure Inter-domain Routing (SIDR) –A long-standing effort making progress  Network Virtualization Overlays (NVO3) –A new working group starting to focus  Interface to the Routing System (IRS) –A new proposal with a meeting planned for IETF-85 in November 2

3 SIDR  Inter-domain routing is fragile –“99% of mis-announcements are accidental originations of someone else’s prefix” – Google –It is possible some mis-announcements are malicious!  SIDR aims to address –Is an AS authorized to originate an IP prefix? –Is the AS-Path represented in the route the same as the path through which the NLRI travelled? –Is the BGP protocol exchange secure?  Non-goal is to prevent all malicious attacks 3

4 Resource Public Key Infrastructure (RPKI)  Public and private key –Encrypt with one; decrypt with the other  Public key issued by certifying authority  X.509 certificates used –Tree of certification following address allocation –Address prefix is signed and announced with public key  Route Origin Authorization –A signed prefix and AS number –Some support for aggregation –BGP advertisement checked against signed ROAs  NB. Compute load much less than ACLs 4

5 SIDR Progress  Completed frameworks for RPKI and ROAs  Completed core infrastructure for RPKI/ROA  Mature/completed –Protocol for exchanging information between RPKI and routers –Advertisement validation mechanism  Work in progress –Security enhancements to BGP  Specifically secure the AS-PATH attribute 5

6 SIDR References  SIDR Working Group http://datatracker.ietf.org/wg/sidr/charter/ http://datatracker.ietf.org/wg/sidr/charter/  RFC 6480 An Infrastructure to Support Secure Internet Routing http://datatracker.ietf.org/doc/rfc6480/ http://datatracker.ietf.org/doc/rfc6480/  Endless presentations at nanog and ripe –http://www.nanog.org/presentations/archive/index.phphttp://www.nanog.org/presentations/archive/index.php  Search for SIDR –https://ripe64.ripe.net/programme/meeting-plan/tutorials/ 6

7 Multi-tenant DC Networking IP/MPLS Network Storage DC FW LB VM-based Appliances NAT VMs on Server Blades VM VPN PE/GW VSw  Gateway to the outside world.  DC Interconnect and connectivity to Internet and VPN customers.  High capacity core node, usually a cost effective Ethernet switch; may support routing capabilities.  Top of Rack (ToR) hardware-based Ethernet switch; may perform IP routing.  Virtual Switch (VSw) software based Ethernet switch running inside the server blades. Top of rack Switch

8 NVO3 Overview  Multi-tenancy has become a core requirement of data centers –Including for Virtualized Machines (VMs) and VM multi-tenancy  Three key requirements needed to support multi-tenancy are –Traffic isolation –Address independence –Fully flexible VM placement and migration  NVO3 WG considers approaches to multi-tenancy that reside at the network layer rather than using traditional isolation (e.g., VLANs) –An overlay model to interconnect VMs distributed across a data center  NVO3 WG will determine which types of connectivity services. are needed by typical DC deployments (for example, IP and/or Ethernet) NV03 WG Will Not develop service provider solutions for wide-area interconnect of data centers

9 NVO3 WG Progress  NVO3 Working Group –First meeting IETF-84 July 2012 –http://datatracker.ietf.org/wg/nvo3/charter/http://datatracker.ietf.org/wg/nvo3/charter/  Problem Statement: Overlays for Network Virtualization –Describes issues associated with providing multi-tenancy that require an overlay-based network virtualization approach to addressing them –Adopted by working group September 2012 –http://tools.ietf.org/html/draft-ietf-nvo3-overlay-problem-statementhttp://tools.ietf.org/html/draft-ietf-nvo3-overlay-problem-statement  Framework for DC Network Virtualization –Provides a framework for NVO3. It defines a logical view of the main components with the intention of streamlining terminology and focusing the solution set –Adopted by working group September 2012 –http://tools.ietf.org/html/draft-ietf-nvo3-framework-00http://tools.ietf.org/html/draft-ietf-nvo3-framework-00

10 NVO3 has loads of buzz  Internet-Drafts include: –Data and Control Plane Requirements –Framework  Overlay Architecture  Addressing –Use Cases  VPN Applicability  Mobility Issues –Operational Requirements –Security Framework

11 IRS  Configuration access to routers tends to be –Non-dynamic –Granular –Non-standard  Existing programmatic interfaces target –Data plane –FIB  Need a way to provide high-level input to routing and to extract data –Make entries in RIBs –Control routing protocols –Set policies  For policy-based routing QoS, OAM, etc.  Security, firewalls, etc.  Route import/export –Read topology and routing information 11

12 IRS Framework 12 Data Plane FIB RIBs and RIB Manager Policy DB Routing and Signaling Protocols Topology DB OAM, Events and Measurement IRS Agent IRS Client Router Server Application IRS Protocol & Data Encoding

13 Questions to Be Answered  What is an IRS Application?  How does IRS interact with Configuration?  Are there already existing protocols and encoding languages?  How does this relate to OpenFlow?  What’s it all for? 13

14 IRS Use Cases  Core routing system manipulation –Injection of static routes –Control of RIB-to-FIB policy –Extraction of RIBs and other data  Topology manipulation –Extraction of topology and traffic engineering info –Creation of virtual links and tunnels  BGP policy –Import and export policies –Route reflector control –Flowspec definition and configuration  Firewalls –Injection of policies 14

15 IRS Plans  Post some Internet-Drafts and discuss the idea  BoF meeting IETF-85 in Atlanta (November) –Assess level of focus and support  Maybe form a working group –Start with framework, use cases, requirements –Write abstract information models –Continue to evaluate existing protocols and encoding languages –Maybe develop new protocols/languages –Write data models 15

16 IRS References  IETF-85 BoF Proposals http://trac.tools.ietf.org/bof/trac/ http://trac.tools.ietf.org/bof/trac/  IRS discussion mailing list http://www.ietf.org/mailman/listinfo/irs-discuss http://www.ietf.org/mailman/listinfo/irs-discuss  IRS Problem Statement http://datatracker.ietf.org/doc/draft-atlas-irs- problem-statement/ http://datatracker.ietf.org/doc/draft-atlas-irs- problem-statement/  IRS Framework http://datatracker.ietf.org/doc/draft-ward-irs- framework/ http://datatracker.ietf.org/doc/draft-ward-irs- framework/ 16

Download ppt "Recent Progress in Routing Standardization An IETF update for UKNOF 23 Old Dog Consulting Adrian"

Similar presentations

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Application-Based Network Operations (ABNO) IETF 88 – SDN RG

Application-Based Network Operations (ABNO) IETF 88 – SDN RG
The Impact of SDN On MPLS Networks Adrian Farrel Juniper Networks

The Impact of SDN On MPLS Networks Adrian Farrel Juniper Networks
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
Problem Statement and Architecture for Information Exchange Between Interconnected Traffic Engineered Networks draft-farrel-interconnected-te-info-exchange-03.txt.

Problem Statement and Architecture for Information Exchange Between Interconnected Traffic Engineered Networks draft-farrel-interconnected-te-info-exchange-03.txt.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Slide title 70 pt CAPITALS Slide subtitle minimum 30 pt Vpn service Ericsson.

Slide title 70 pt CAPITALS Slide subtitle minimum 30 pt Vpn service Ericsson.
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
L3vpn end-system draft Pedro Marques. Overview Defines a mechanism to associate an end- system virtual interface to an L3VPN. – Co-located forwarder:

L3vpn end-system draft Pedro Marques. Overview Defines a mechanism to associate an end- system virtual interface to an L3VPN. – Co-located forwarder:
Network Overlay Framework Draft-lasserre-nvo3-framework-01.

Network Overlay Framework Draft-lasserre-nvo3-framework-01.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Gap Analysis of Simplified Use of Policy Abstractions (SUPA) Presenter: Jun Bi draft-bi-supa-gap-analysis-02 IETF 92 SUPA BoF Dallas, TX March 23, 2015.

Gap Analysis of Simplified Use of Policy Abstractions (SUPA) Presenter: Jun Bi draft-bi-supa-gap-analysis-02 IETF 92 SUPA BoF Dallas, TX March 23, 2015.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.

Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.
BGP L3VPN Virtual PE draft-fang-l3vpn-virtual-pe-01

BGP L3VPN Virtual PE draft-fang-l3vpn-virtual-pe-01
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
MPLS And The Data Center Adrian Farrel Old Dog Consulting / Juniper Networks

MPLS And The Data Center Adrian Farrel Old Dog Consulting / Juniper Networks
IETF-82 draft-bitar-datacenter-vpn-applicability-01.txt Page - 1 Cloud Networking: Framework and VPN Applicability draft-bitar-datacenter-vpn-applicability-01.txt.

IETF-82 draft-bitar-datacenter-vpn-applicability-01.txt Page - 1 Cloud Networking: Framework and VPN Applicability draft-bitar-datacenter-vpn-applicability-01.txt.
Abstraction and Control of Transport Networks (ACTN) BoF

Abstraction and Control of Transport Networks (ACTN) BoF

Similar presentations

Ads by Google