Presentation is loading. Please wait.

Presentation is loading. Please wait.

Requirements for LER Forwarding of IPv4 Option Packets

Published byReynold O’Connor’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Requirements for LER Forwarding of IPv4 Option Packets"— Presentation transcript:

1 Requirements for LER Forwarding of IPv4 Option Packets
(draft-dasmith-mpls-ip-options-00.txt) IETF 72 MPLS WG – Dublin – July 28, 2008 David J. Smith John Mullooly Cisco Systems, Inc. Bill Jaeger AT&T Tom Scholl AT&T Labs

2 MPLS Architecture (RFC3031)
4. Edge LSR at Egress Removes Any Labels and Forwards Packet 1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks 1b. Label Distribution Protocols (e.g. LDP) Establish Label to Destination Network (FEC) Mappings LSR LSR LER 3. LSR Switches Packets Using Label Swapping Source LER Destination Prefix X 2. Ingress LER Receives IP Packet, Performs Layer 3 Value-Added Services, and “Labels” Packets

3 LER Forwarding of IPv4 Option Packets
1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks 1b. Label Distribution Protocols (e.g. LDP) Establish Label to Destination Network (FEC) Mappings LSR LSR LER Source LER Destination Prefix X 2. Ingress LER Receives IP Packet, Performs Layer 3 Value-Added Services, and “Routes” IPv4 Option Packets 3. LSR Routes IPv4 Option Packets

4 LER Forwarding of IPv4 Option Packets
Varies depending upon specific IPv4 option type Varies amongst LER implementations* * Not applicable to MPLS VPN LERs. IPv4 option packets within an MPLS VPN always MPLS encapsulated.

5 Security Considerations (1/2)
Crafted IP option packets that bypass MPLS encapsulation at a ingress LER may: Allow an attacker to DoS downstream LSRs by saturating their software forwarding paths. Exposes the MPLS network topology via traceroute. Allow for IP TTL expiry-based DoS attacks against downstream LSRs. Allow an attacker to bypass LSP Diff-Serv tunnels and any associated MPLS CoS field marking policies at ingress LERs and, thereby, DoS or steal high-priority traffic services within the MPLS core. Allow an attacker to specify explicit IP forwarding path(s) across an MPLS network and, thereby, target specific LSRs with any of the DoS attacks outlined above. Allow an attacker to build RSVP soft-states on downstream LSRs which could lead to theft of service by unauthorized parties or to a DoS condition caused by locking up LSR resources.

6 Security Considerations (2/2)
Crafted IP packets that: Trigger imposition of Router Alert Label which could lead to a DoS condition on downstream LSRs.

7 Proposed LER Requirement (Ingress)
An ingress LER MUST implement the following policy, and the policy MUST be enabled by default: When determining whether to push an MPLS label stack onto an IP packet, the determination is made without considering any IP options that may be carried in the IP packet header. Further, the label values that appear in the label stack are determined without considering any such IP options. How an ingress LER processes IP header options before MPLS encapsulation is out of scope as it is not relevant to MPLS.

8 Proposed LER Requirement (Egress)
An egress LER SHOULD only process IP options in those cases where the egress LER forwarding decision is based on the native IP packet. When the egress LER forwarding decision is based on a popped label, the MPLS encapsulated IP header information including IP options should be ignored with the exception of the IP TTL per [RFC3443] and the Tunneled Diff-Serv information per [RFC3270].

9 Conclusion Comments are welcome
We would like this draft to be a WG draft

Download ppt "Requirements for LER Forwarding of IPv4 Option Packets"

Similar presentations

Multi-Protocol Label Switch (MPLS)

Multi-Protocol Label Switch (MPLS)
OLD DOG CONSULTING Challenges and Solutions for OAM in Point-to-Multipoint MPLS Adrian Farrel, Old Dog Consulting Ltd. Zafar Ali, Cisco Systems, Inc.

OLD DOG CONSULTING Challenges and Solutions for OAM in Point-to-Multipoint MPLS Adrian Farrel, Old Dog Consulting Ltd. Zafar Ali, Cisco Systems, Inc.
MULTIPROTOCOL LABEL SWITCHING Muhammad Abdullah Shafiq.

MULTIPROTOCOL LABEL SWITCHING Muhammad Abdullah Shafiq.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Understanding MPLS TE Components.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Understanding MPLS TE Components.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
Introducing MPLS Labels and Label Stacks

Introducing MPLS Labels and Label Stacks
CS 672 1 Summer 2003 Lecture 14. CS 672 2 Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
CS 672 1 Summer 2003 Lecture 6. CS 672 2 Summer 2003 Hierarchical LSP LSP1 LSP2 LSP3 Ingress LSR for LSP1 Egress LSR for LSP1 Ingress LSR for LSP3 Hierarchical.

CS Summer 2003 Lecture 6. CS Summer 2003 Hierarchical LSP LSP1 LSP2 LSP3 Ingress LSR for LSP1 Egress LSR for LSP1 Ingress LSR for LSP3 Hierarchical.
MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.

MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.
MPLS Multiple Protocol Label Switching 2003/2/19.

MPLS Multiple Protocol Label Switching 2003/2/19.
UCB MPLS An Overview Jean Walrand EECS. UCB Outline Objectives Label Switching LSP setup.

UCB MPLS An Overview Jean Walrand EECS. UCB Outline Objectives Label Switching LSP setup.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap 16-20 Due April 6 Individual Project Presentations.

COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.
A Study of MPLS Department of Computing Science & Engineering DE MONTFORT UNIVERSITY, LEICESTER, U.K. By PARMINDER SINGH KANG

A Study of MPLS Department of Computing Science & Engineering DE MONTFORT UNIVERSITY, LEICESTER, U.K. By PARMINDER SINGH KANG
1 MPLS Architecture. 2 MPLS Network Model MPLS LSR = Label Switched Router LER = Label Edge Router LER LSR LER LSR IP MPLS IP Internet LSR.

1 MPLS Architecture. 2 MPLS Network Model MPLS LSR = Label Switched Router LER = Label Edge Router LER LSR LER LSR IP MPLS IP Internet LSR.
MPLS Evan Roggenkamp. Introduction Multiprotocol Label Switching High-performance Found in telecommunications networks Directs data from one network node.

MPLS Evan Roggenkamp. Introduction Multiprotocol Label Switching High-performance Found in telecommunications networks Directs data from one network node.
1 Multi-Protocol Label Switching (MPLS) presented by: chitralekha tamrakar (B.S.E.) divya krit tamrakar (B.S.E.) Rashmi shrivastava(B.S.E.) prakriti.

1 Multi-Protocol Label Switching (MPLS) presented by: chitralekha tamrakar (B.S.E.) divya krit tamrakar (B.S.E.) Rashmi shrivastava(B.S.E.) prakriti.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.

Similar presentations

Ads by Google