TRILL over IP draft-ietf-trill-over-ip-01.txt IETF 91, Honolulu Margaret Wasserman Donald Eastlake, Dacheng Zhang.

Slides:

Advertisements

Similar presentations

Virtual Links: VLANs and Tunneling

Advertisements

82 nd IETF Taipei1 TRILL over MPLS draft-yong-trill-trill-o-mpls-00 Lucy Yong Donald Eastlake 3rd

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv4 - The Internet Protocol Version 4

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Directory Assisted TRILL Encapsulation by non-TRILL nodes (Directory Reliant Smart End Node) Linda Dunbar Donald Eastlake Radia Perlman Igor Gashinsky.

Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

The OSI Model and the TCP/IP Protocol Suite

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Internet Protocol Security (IPSec)

Local Area Networks Part II. 2 Introduction Many times it is necessary to connect a local area network to another local area network or to a wide area.

© 2002, Cisco Systems, Inc. All rights reserved..

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

SMUCSE 8344 MPLS Virtual Private Networks (VPNs).

Revision of the Appointed Forwarder RFC draft-eastlake-trill-rfc txt Donald E. Eastlake, 3 rd March 2015 Appointed.

1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:

Lecture 8 Modeling & Simulation of Communication Networks.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

TRILL Link Protocols Donald Eastlake Huawei Technologies July 20141Directory Assist.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Data Link Layer Network Fundamentals – Chapter 7.

TRILL OAM draft-eastlake-trill-rbridge-channel-00 draft-bond-trill-rbridge-oam-01 draft-manral-trill-bfd-encaps-01 Donald Eastlake 3 rd Huawei Technologies.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

TRansparent Interconnection of Lots of Links (TRILL) March 11 th 2010 David Bond University of New Hampshire: InterOperability.

Section 4 : The OSI Network Layer CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.

November 2011IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list: Tools site:

Submission doc.: IEEE 11-12/0621r2 May 2012 Donald Eastlake 3rd, HuaweiSlide 1 Alternative Mesh Path Selection Date: Authors:

Chapter 8 Local Area Networks: Internetworking Data Communications and Computer Networks: A Business User’s Approach.

March 2008Protocol Draft Changes -06 to -071 TRILL Protocol Specification Changes from -06 to -07 Donald Eastlake 3 rd

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

ECE 526 – Network Processing Systems Design Networking: protocols and packet format Chapter 3: D. E. Comer Fall 2008.

Protocols 1 Objective: Build a protocol foundation for Client / Server programming in an Internet Environment Note: RFCs available from

Base Protocol Spec Radia Perlman

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.

TRILL OAM & BFD draft-eastlake-trill-rbridge-bfd-00.txt Donald E. Eastlake 3 rd 155 Beaver Street Milford, MA USA November 20101TRILL OAM & BFD Vishwas.

Transparent Interconnection of Lots of Links(TRILL) Speaker: Hui-Hsiung Chung Date:2011/12/28 1.

TRILL remaining issues Radia Perlman

Chapter 20 Network Layer: Internet Protocol

Basic Routing Principles V1.2. Objectives Understand the function of router Know the basic conception in routing Know the working principle of router.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.

Data Communications & Computer Networks, Second Edition1 Chapter 8 Local Area Networks: Internetworking.

1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.

Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.

Possible TRILL Use of GENAPP in draft-ietf-trill-rbridge-channel Donald E. Eastlake, 3 rd Huawei Technologies (USA) 24 July

+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.

Computer Network Architecture Lecture 3: Network Connectivity Devices.

RBridges: Operations, Administration, and Maintenance (OAM) Support David Bond, Vishwas Manral UNH-IOL, IP Infusion draft-bond-trill-rbridge-oam-00 1.

March th IETF - Prague1 TRILL Working Group Changes from draft-trill-rbridge-protocol-02.txt to draft-trill-rbridge-protocol-03.txt Dinesh Dutt,

March 2007RBridge Extensions1 RBridge Protocol Extensions and the Inner Q-tag Location Donald Eastlake 3rd

TCP/IP Protocol Suite Suresh Kr Sharma 1 The OSI Model and the TCP/IP Protocol Suite Established in 1947, the International Standards Organization (ISO)

Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Prof. Alfred J Bird, Ph.D., NBCT Office – Science 3rd floor – S Office Hours – Monday and Thursday.

TRILL T RANSPARENT T RANSPORT OVER MPLS draft-muks-trill-transport-over-mpls-00 Mohammad Umair, Kingston Smiler, Donald Eastlake, Lucy Yong.

March 2015 TRILL Link Security March 2015 TRILL Link Security

Future TRILL and TRILL Related Work

Part I. Overview of Data Communications and Networking

Advertising Encapsulation Capability Using OSPF

Month 2002 doc.: IEEE /xxxr0 November 2004 Routing and Rbridges

RBridge Channel Tunnel Protocol

Additional TRILL Work/Documents

Guide to TCP/IP, Third Edition

TRILL Header Extension Improvements

Presentation transcript:

TRILL over IP draft-ietf-trill-over-ip-01.txt IETF 91, Honolulu Margaret Wasserman Donald Eastlake, Dacheng Zhang

Current Document Summary Defines a natural IP/UDP encapsulation for TRILL. Treats an IP network as a link connecting TRILL switch ports thus providing a method to connected remote TRILL sites into a single TRILL campus. Two Scenarios are described – Remote Office Scenario – IP Backbone Scenario November 2014TRILL over IP2

Encapsulation in Current Draft Link Header IP Header UDP Header TRILL Data or TRILL IS-IS Payload Link Trailer Without security November 2014TRILL over IP3 Link Header IP Header UDP Header TRILL Data or TRILL IS-IS Payload Link Trailer DTLS Header -Destination Port distinguishes TRILL Data and TRILL IS-IS -- Source Port Provides entropy -Destination Port distinguishes TRILL Data and TRILL IS-IS -- Source Port Provides entropy With security

Current Document Summary (cont) Uses DTLS for security. – Does not interfere with IS-IS authentication of TRILL IS-IS packets. – If TRILL over IP switches support certificates, they MUST support : TLS_RSA_WITH_AES_128_CBC_SHA256 – If TRILL over IP switches support pre-shared keys, they MUST support: TLS_PSK_WITH_AES_128_CBC_SHA256 November 2014TRILL over IP4

Work Remaining Congestion Considerations section is inadequate Middle Box Considerations section is empty QoS Considerations are absent (DSCP) Needs a clear specification of the configuration associated with a TRILL over IP port Current draft did not take into account hardware support of encapsulation or security protocol: – Fast path support is important for demanding applications. November 2014TRILL over IP5

Question: Security Protocol Fast path hardware support is more common for IPSEC than for the currently mandated DTLS. – In either case, default keying can be derived from IS-IS keying so we are primarily talking about the data format, not necessarily the key exchange. It seems undesirable to have to support both. Should TRILL over IP change to using IPSEC as the mandatory to implement security? November 2014TRILL over IP6

Question: Encapsulation The current draft only supports natural UDP encapsulation. But there is more fast path hardware support and perhaps more flexibility with other encapsulations such as VxLAN. There was a consensus determination that the TRILL WG preferred UDP/IP over a new custom encapsulation (such as a new IP protocol type number) but we are not talking about either here. This encapsulation question is essentially independent of the security question. November 2014TRILL over IP7

Question: Encapsulation (cont.) Suggestion: – The default mode for a TRILL over IP port could be to exchange Hellos using natural encapsulation. TRILL Hellos are sent at most once a second so this could be done in software. – The port capabilities sub-TLV in each Hello would indicate what encapsulations the sending port is willing to use. Could vary between ports on the same switch due to port hardware. – Data connectivity is only established if TRILL switches have a common supported and enabled encapsulation. – A TRILL over IP port could also be configured to use one specified encapsulation for all TRILL communications. November 2014TRILL over IP8

Feedback? Questions?

THE TRILL ENCAPSULATION ARCHITECTURE Back up slides November 2014TRILL over IP10

TRILL Link Encapsulations A TRILL link protocol encapsulation needs to: – Get a TRILL packet from one TRILL switch port to another TRILL switch port over the link. – Provide one mandatory to implement variation for interoperability. – Distinguish between TRILL Data packets and TRILL IS-IS packets. – If the link can have more than two ports on it, provide the address of the destination port(s). – Maybe other stuff depending on link technology. November 2014TRILL over IP11

In RFC |Outer Ethernet Header | | TRILL Header | | Ethernet Payload | |Ethernet FCS | |PPP Header | | TRILL Header | | Ethernet Payload | |PPP FCS | November 2014TRILL over IP12 TRILL over Ethernet: Ethernet Header before TRILL Header. Outer addresses needed because Ethernet link could be a bridged LAN with many stations on it. TRILL over PPP: No addresses needed. No Ethernet Header before TRILL Header

TRILL Link Encapsulaton In TRILL over Ethernet, Ethertypes indicate TRILL Data (0x22F3) or TRILL IS-IS (0x22F4). [RFC 6325] In TRILL over PPP, PPP code points indicate TRILL Data (0x005D) or TRILL IS-IS (0x405D). [RFC 6361] November 2014TRILL over IP | V |A|R|M|Op-Length| Hop Count | | Egress RBridge Nickname | Ingress RBridge Nickname | The 6-byte TRILL Data Header Ethertype 0x22F3 or PPP code point 0x005D Ethertype 0x22F3 or PPP code point 0x005D End of Link Header, not beginning of TRILL Header

The IP Link Protocol What about TRILL over IP? – (Use of IP does not necessarily imply long distance. You can have a local IP core and long distance carrier Ethernet, for example.) As with any other Link protocol, its purpose is to get a TRILL packet from one TRILL switch port to another and distinguish TRILL Data from TRILL IS-IS. The source TRILL switch IP port and the destination TRILL switch IP port have IP addresses which are provided by an IP Header. November 2014TRILL over IP14

The IP Link Protocol (cont.) An IP Link will be one TRILL hop but could be composed of multiple IP hops. Each IP hop composing the TRILL hop is over some lower layer, possibly different for each hop, and all irrelevant at the TRILL layer. November 2014TRILL over IP15 TRILL Switch IP Router PPP IP Hop Ethernet IP Hop TRILL over IP Hop

The IP Link Protocol (cont.) So you have an IP header and a TRILL header. You still need something in between to distinguish data from IS-IS (unless you use up two IP Protocol number and never care about problems with middle boxes due to unknown IP Protocol numbers) and provide entropy. November 2014TRILL over IP16 IP Header ? TRILL Header

The IP Link Protocol (cont.) You could require TRILL over Ethernet over IP but: – You would be adding 12 bytes of useless “MAC addresses” that would be thrown away by the next TRILL switch in the path. – It would be inconsistent with the TRILL link encapsulation architecture in RFC 6325 and the standardized method of doing TRILL over PPP (RFC 6361) and TRILL over pseudowire (RFC 7174). November 2014TRILL over IP17