March 2015 TRILL Link Security March 2015 TRILL Link Security

Slides:



Advertisements
Similar presentations
802.1H Kevin Nolish Michael Wright H Project The reason for the update of 802.1H is, primarily, mandated reaffirmation of the standard. As part.
Advertisements

Radia Perlman Intel Labs
TRILL ESADI draft-hu-trill-rbridge-esadi-00 Hongjun Zhai (ZTE) Fangwei hu (ZTE) Radia Perlman (Intel Labs) Donald Eastlake 3 rd (Huawei) July 20111TRILL.
82 nd IETF Taipei1 TRILL over MPLS draft-yong-trill-trill-o-mpls-00 Lucy Yong Donald Eastlake 3rd
TRILL Header Extension Simplifications Donald Eastlake 3 rd Huawei Technologies 1July 2011.
1 Data Link Issues Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,
Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley
TRILL Cloudlet Radia Perlman Donald Eastlake 3 rd Fangwei Hu August 20121TRILL: Cloudlet.
Nirmala Shenoy, Daryl Johnson, Bill Stackpole, Bruce Hartpence Rochester Institute of Technology 1.
Directory Assisted TRILL Encapsulation by non-TRILL nodes (Directory Reliant Smart End Node) Linda Dunbar Donald Eastlake Radia Perlman Igor Gashinsky.
Fine Grained Labeling draft-ietf-trill-fine labeling-01.txt Donald E. Eastlake 3 rd Huawei Technologies August 2012TRILL FGL1.
Thursday, May 03, 2001SMPLS-Encryption of Payloads1 Secure MPLS Encryption of Payloads V.Rajan S.Vidyaraman
Revision of the Appointed Forwarder RFC draft-eastlake-trill-rfc txt Donald E. Eastlake, 3 rd March 2015 Appointed.
TRILL Link Protocols Donald Eastlake Huawei Technologies July 20141Directory Assist.
TRILL over IP draft-ietf-trill-over-ip-01.txt IETF 91, Honolulu Margaret Wasserman Donald Eastlake, Dacheng Zhang.
TRILL OAM draft-eastlake-trill-rbridge-channel-00 draft-bond-trill-rbridge-oam-01 draft-manral-trill-bfd-encaps-01 Donald Eastlake 3 rd Huawei Technologies.
November 2011IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list: Tools site:
Submission doc.: IEEE 11-12/0621r2 May 2012 Donald Eastlake 3rd, HuaweiSlide 1 Alternative Mesh Path Selection Date: Authors:
July 2013IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:
March 2008Protocol Draft Changes -06 to -071 TRILL Protocol Specification Changes from -06 to -07 Donald Eastlake 3 rd
March th IETF - Prague1 TRILL Working Group From draft 03 to draft 04 Dinesh Dutt, Cisco Silvano Gai, Nuova Radia Perlman, Sun.
Rfc7180bis: Further TRILL Clarifications, Corrections, and Updates Donald Eastlake Mingui Zhang, Radia Perlman, Ayan Banerjee, Anoop Ghanwani, Sujay Gupta.
TRILL Base Protocol Clarifications and Corrections November 20111TRILL: Clear Correct Donald E. Eastlake, 3 rd (Huawei) Mingui Zhang (Huawei) Anoop Ghanwani.
November 2010Future TRILL Work1 Future TRILL Work 2 Donald Eastlake 3 rd 155 Beaver Street Milford, MA USA
Directory Assisted Edge Donald Eastlake, Linda Dunbar Huawei Technologies
TRILL OAM & BFD draft-eastlake-trill-rbridge-bfd-00.txt Donald E. Eastlake 3 rd 155 Beaver Street Milford, MA USA November 20101TRILL OAM & BFD Vishwas.
TDM over PSN-MIB Orly Nicklass IETF 59 RAD Data Communications.
Transparent Interconnection of Lots of Links(TRILL) Speaker: Hui-Hsiung Chung Date:2011/12/28 1.
TRILL OAM - Update, Status and Next Steps 84 th IETF, Vancouver, Canada.
11/27/2015 draft-bocci-bryant-ms-pw-architecture-00.txt An Architecture for Multi-Segment Pseudo Wire Emulation Edge-to-Edge draft-bocci-bryant-pwe3-ms-pw-architecture-00.txt.
July 2014IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:
Possible TRILL Use of GENAPP in draft-ietf-trill-rbridge-channel Donald E. Eastlake, 3 rd Huawei Technologies (USA) 24 July
RBridges: Operations, Administration, and Maintenance (OAM) Support David Bond, Vishwas Manral UNH-IOL, IP Infusion draft-bond-trill-rbridge-oam-00 1.
Common OAM between IEEE and IETF/TRILL Tissa Senevirathne Donald Eastlake September, 2012.
March 2012IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list: Tools site:
March th IETF - Prague1 TRILL Working Group Changes from draft-trill-rbridge-protocol-02.txt to draft-trill-rbridge-protocol-03.txt Dinesh Dutt,
Submission doc.: IEEE 11-12/0621r6 November 2012 Donald Eastlake 3rd, HuaweiSlide 1 Alternative Mesh Path Selection Date: Authors:
November 2006IETF TRILL WG1 TRILL Working Group draft-gai-perlman-trill-encap-00.txt as modified by Radia Ed Bowen, IBM Dinesh Dutt, Cisco Silvano Gai,
March 2007RBridge Extensions1 RBridge Protocol Extensions and the Inner Q-tag Location Donald Eastlake 3rd
Data Link Protocols Relates to Lab 2.
March 2015IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:
Common OAM between IEEE and TRILL November, 2012.
Data Link Issues Relates to Lab 2.
recap draft-ietf-tsvwg-ecn-encap-guidelines-07
TRILL T RANSPARENT T RANSPORT OVER MPLS draft-muks-trill-transport-over-mpls-00 Mohammad Umair, Kingston Smiler, Donald Eastlake, Lucy Yong.
Signaling Protocol for Access Service Network using LDP (draft-matsuda-l2vpn-access-service-protocol-00.txt) Tetsushi Matsuda Information Technology R&D.
Data Link Issues This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet, and the Point-to-Point.
History and Implementation of the IEEE 802 Security Architecture
IP over Problem Statement draft-jee-16ng-ps-goals-00.txt
Requirements for LER Forwarding of IPv4 Option Packets
Future TRILL and TRILL Related Work
Encryption and Network Security
Internet and Intranet Fundamentals
Month 2002 doc.: IEEE /xxxr0 November 2004 Routing and Rbridges
FCoE over TRILL draft-mme-trill-fcoe-00 ietf
Data Link Issues This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet, and the Point-to-Point.
TRILL Working Group TRansparent Interconnection of Lots of Links
Alternative Mesh Path Selection
Donald E. Eastlake 3rd TSIG SHA etc. Donald E. Eastlake 3rd March.
DCI using TRILL Kingston Smiler, Mohammed Umair, Shaji Ravindranathan,
RBridge Channel Tunnel Protocol
Daily Update Cisco Questions Dumps4download.us
Additional TRILL Work/Documents
– Chapter 5 (B) – Using IEEE 802.1x
X.25 and Frame Relay Like ATM: wide area network technologies
Chapter 3: Implementing VLAN Security
TRILL Adjacency Document Status
TRILL Header Extension Improvements
DetNet Data Plane Solutions draft-ietf-detnet-dp-sol-ip-02  draft-ietf-detnet-dp-sol-mpls-02  Bala’zs Varga, Jouni Korhonen, Janos Farkas, Lou Berger,
TRILL Adjacency Document Status
Presentation transcript:

Donald E. Eastlake, 3rd <d3e3e3@gmail.com> March 2015 TRILL Link Security March 2015 TRILL Link Security Donald E. Eastlake, 3rd <d3e3e3@gmail.com> TRILL Link Security

TRILL Link Security There is a very early, incomplete -00 draft: March 2015 TRILL Link Security There is a very early, incomplete -00 draft: draft-eastlake-trill-link-security-00.txt It’s main goal (when complete) is to do two things: Establish strong security policies and defaults for TRILL link security. Specify link security more precisely and provide defaults for the following link types: Ethernet [RFC6325], PPP [RFC6361], and Pseudowire [RFC7173].

TRILL Link Security Policies March 2015 TRILL Link Security Policies Proposed new policies: TRILL communication between TRILL switch ports that support encryption and authentication at line speed, MUST default to using security. Security MUST/SHOULD be implemented and available even if a TRILL switch port is not capable of performing encryption and authentication at line speed. When authentication is not available, opportunistic security [RFC7435] SHOULD be supported.

Link Type Specific Link Security TRILL Link Security March 2015 Link Type Specific Link Security Summary by Link Type: Ethernet: Specifies IEEE Std 802.1AE (MACSEC) Security PPP: For true PPP over HDLC links, does the best in it can. In other cases, recommends using lower layer security such as Ethernet security for PPP over Ethernet. Pseudowire: Has no native security. Security for lower layer carrying pseudowire MUST be used. (IP: Security to be covered in TRILL over IP draft.)

Example End to Edge Security, out of scope for TRILL PPP Ethernet TRILL Link Security March 2015 Example End to Edge Security, out of scope for TRILL PPP Ethernet Pseudowire Edge RBridge Transit RBridge Transit RBridge Edge RBridge One TRILL hop security, main topic of current draft End Station End Station End to End Security, Recommended but out of scope for TRILL

More on Ethernet Security TRILL Link Security March 2015 More on Ethernet Security MACSEC is straightforward for point to point Ethernet links. In case of intervening customer bridges, they have to be trusted/keyed or you need some more encapsulation. The draft also touches on end station to end station MACSEC and MACSEC between an end stations and its edge TRILL switch, although algorithms and keying in those cases is out of scope for TRILL.

TRILL Link Security March 2015 Possible Addition Edge-to-Edge security between ingress TRILL switch and egress TRILL switch. There are various possibilities including MACSEC inside the TRILL Header.

Questions / Action Questions? TRILL Link Security March 2015 Questions / Action Questions? Action: The draft needs more work. Comments welcome.

Donald E. Eastlake, 3rd <d3e3e3@gmail.com> March 2015 TRILL Link Security March 2015 END Donald E. Eastlake, 3rd <d3e3e3@gmail.com> TRILL Link Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.