Requirements for LER Forwarding of IPv4 Option Packets

Slides:

Advertisements

Similar presentations

Multi-Protocol Label Switch (MPLS)

Advertisements

OLD DOG CONSULTING Challenges and Solutions for OAM in Point-to-Multipoint MPLS Adrian Farrel, Old Dog Consulting Ltd. Zafar Ali, Cisco Systems, Inc.

MULTIPROTOCOL LABEL SWITCHING Muhammad Abdullah Shafiq.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Understanding MPLS TE Components.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

Introducing MPLS Labels and Label Stacks

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 6. CS Summer 2003 Hierarchical LSP LSP1 LSP2 LSP3 Ingress LSR for LSP1 Egress LSR for LSP1 Ingress LSR for LSP3 Hierarchical.

MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.

MPLS Multiple Protocol Label Switching 2003/2/19.

UCB MPLS An Overview Jean Walrand EECS. UCB Outline Objectives Label Switching LSP setup.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.

A Study of MPLS Department of Computing Science & Engineering DE MONTFORT UNIVERSITY, LEICESTER, U.K. By PARMINDER SINGH KANG

1 MPLS Architecture. 2 MPLS Network Model MPLS LSR = Label Switched Router LER = Label Edge Router LER LSR LER LSR IP MPLS IP Internet LSR.

MPLS Evan Roggenkamp. Introduction Multiprotocol Label Switching High-performance Found in telecommunications networks Directs data from one network node.

1 Multi-Protocol Label Switching (MPLS) presented by: chitralekha tamrakar (B.S.E.) divya krit tamrakar (B.S.E.) Rashmi shrivastava(B.S.E.) prakriti.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.

1 Multi Protocol Label Switching Presented by: Petros Ioannou Dept. of Electrical and Computer Engineering, UCY.

1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.

Connection-Oriented Networks1 Chapter 6: The Multi-Protocol Label Switching Architecture TOPICS –IP: A primer –The MPLS architecture Label allocation schemes.

MPLS MultiProtocol Label Switching.

PRESENTED BY:- VIVEK SINGH THAKUR VIVEK MISHRA HEMANT GUPTA TARANMEET SINGH KAKKAR VIVEK GUPTA.

MultiProtocol Label Switching (MPLS) July 29, 2000TECON 2000 Pramoda Nallur Alcatel Internetworking Division.

Multi-protocol Label Switching Jiang Wu Computer Science Seminar 5400.

MPLS Forwarder Preliminary 1 Outline MPLS Overview MPLS Overview MPLS MRD MPLS Data Path HLD 48K MPLS Fwder HLD IPE MPLS Fwder HLD Issues Summary.

Lab MPLS Basic Configuration Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.

MPLS Concepts Introducing Basic MPLS Concepts. Outline Overview What Are the Foundations of Traditional IP Routing? Basic MPLS Features Benefits of MPLS.

MPLS Label Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.

MPLS Some notations: LSP: Label Switched Path

Module 2 MPLS Concepts.

Multiple Protocol Support: Multiprotocol Level Switching.

Entropy Labels in MPLS Forwarding draft-kompella-mpls-entropy-label-01 Kireeti Kompella Juniper Networks Shane Amante Level 3 Communications.

MULTI-PROTOCOL LABEL SWITCHING By: By: YASHWANT.V YASHWANT.V ROLL NO:20 ROLL NO:20.

Connecting SPRING Islands over IP Networks draft-xu-spring-islands-connection-over-ip-00 Xiaohu Xu (Huawei) Siva Sivabalan (Cisco) IETF89,

Multi-protocol Label Switching

Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.

Multi-protocol Label Switching (MPLS) RFC 3031 MPLS provides new capabilities: QoS support Traffic engineering VPN Multiprotocol support.

Shengling Wang; Yong Cui; Das, S.; Mingwei Xu; Communications Workshops, ICC Workshops '08. IEEE International Conference on May 19-23, 2008 Page(s):441.

MPLS Introduction Computer Networks 2007 Week 9 Lecture 1 by Donald Neal.

MPLS Virtual Private Networks (VPNs)

Advanced Computer Networks

Konstantin agouros Omkar deshpande

B-TECH PROJECT MID-SEM PRESENTATION 2011

Residence Time Measurement draft-mirsky-mpls-residence-time-02

ODA MPLS Basic Knowledge

George Swallow Martin Vigoureux Rahul Aggerwal July 30, 2008

Presenter: Jeffrey Zhang

Multi Protocol Label Switching (MPLS)

An analysis of scaling issues in MPLS-TE backbone networks

Yimin Shen (Juniper) Rahul Aggarwal (Arktan Inc)

Internet Quality of Service

RFC 3036 FECs RFC 3036 defines FECs used to bind labels to address prefixes in routing table Two FECs defined: Address Prefix FEC Host Address FEC Not.

MPLS Basics 2 2.

LDP Extensions for RMR draft-esale-mpls-ldp-rmr- extensions

MPLS - How does it work ?.

CHAPTER 8 Network Management

Zhenbin Li, Shunwan Zhuang Huawei Technologies

Greg Mirsky Jeff Tantsura Mach Chen Ilya Varlashkin

MPLS VPNs by Richard Bannister.

MPLS and its Applications CS 520 – Winter 2006 Lecture 17

MPLS and GMPLS Li Yin CS294 presentation.

MPLS and its Applications CS 520 – Winter 2007 Lecture 17

1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.

Technical Issues with draft-ietf-mpls-bfd-directed

IP RSVP-TE: Extensions to RSVP for P2P IP-TE LSP Tunnels Tarek Saad, Juniper Networks Vishnu Pavan Beeram, Juniper.

BGP VPN service for SRv6 Plus IETF 105, Montreal

Supporting Flexible Algorithm Prefix SIDs in LSP Ping/Traceroute

Presentation transcript:

Requirements for LER Forwarding of IPv4 Option Packets (draft-dasmith-mpls-ip-options-00.txt) IETF 72 MPLS WG – Dublin – July 28, 2008 David J. Smith John Mullooly Cisco Systems, Inc. Bill Jaeger AT&T Tom Scholl AT&T Labs

MPLS Architecture (RFC3031) 4. Edge LSR at Egress Removes Any Labels and Forwards Packet 1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks 1b. Label Distribution Protocols (e.g. LDP) Establish Label to Destination Network (FEC) Mappings LSR LSR LER 3. LSR Switches Packets Using Label Swapping Source LER Destination Prefix X 2. Ingress LER Receives IP Packet, Performs Layer 3 Value-Added Services, and “Labels” Packets

LER Forwarding of IPv4 Option Packets 1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks 1b. Label Distribution Protocols (e.g. LDP) Establish Label to Destination Network (FEC) Mappings LSR LSR LER Source LER Destination Prefix X 2. Ingress LER Receives IP Packet, Performs Layer 3 Value-Added Services, and “Routes” IPv4 Option Packets 3. LSR Routes IPv4 Option Packets

LER Forwarding of IPv4 Option Packets Varies depending upon specific IPv4 option type Varies amongst LER implementations* * Not applicable to MPLS VPN LERs. IPv4 option packets within an MPLS VPN always MPLS encapsulated.

Security Considerations (1/2) Crafted IP option packets that bypass MPLS encapsulation at a ingress LER may: Allow an attacker to DoS downstream LSRs by saturating their software forwarding paths. Exposes the MPLS network topology via traceroute. Allow for IP TTL expiry-based DoS attacks against downstream LSRs. Allow an attacker to bypass LSP Diff-Serv tunnels and any associated MPLS CoS field marking policies at ingress LERs and, thereby, DoS or steal high-priority traffic services within the MPLS core. Allow an attacker to specify explicit IP forwarding path(s) across an MPLS network and, thereby, target specific LSRs with any of the DoS attacks outlined above. Allow an attacker to build RSVP soft-states on downstream LSRs which could lead to theft of service by unauthorized parties or to a DoS condition caused by locking up LSR resources.

Security Considerations (2/2) Crafted IP packets that: Trigger imposition of Router Alert Label which could lead to a DoS condition on downstream LSRs.

Proposed LER Requirement (Ingress) An ingress LER MUST implement the following policy, and the policy MUST be enabled by default: When determining whether to push an MPLS label stack onto an IP packet, the determination is made without considering any IP options that may be carried in the IP packet header. Further, the label values that appear in the label stack are determined without considering any such IP options. How an ingress LER processes IP header options before MPLS encapsulation is out of scope as it is not relevant to MPLS.

Proposed LER Requirement (Egress) An egress LER SHOULD only process IP options in those cases where the egress LER forwarding decision is based on the native IP packet. When the egress LER forwarding decision is based on a popped label, the MPLS encapsulated IP header information including IP options should be ignored with the exception of the IP TTL per [RFC3443] and the Tunneled Diff-Serv information per [RFC3270].

Conclusion Comments are welcome We would like this draft to be a WG draft