Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2015 TRILL Link Security March 2015 TRILL Link Security

Published byRoss Rogers Modified over 6 years ago

Similar presentations

Presentation on theme: "March 2015 TRILL Link Security March 2015 TRILL Link Security"— Presentation transcript:

1 Donald E. Eastlake, 3rd <d3e3e3@gmail.com>
March 2015 TRILL Link Security March 2015 TRILL Link Security Donald E. Eastlake, 3rd TRILL Link Security

2 TRILL Link Security There is a very early, incomplete -00 draft:
March 2015 TRILL Link Security There is a very early, incomplete -00 draft: draft-eastlake-trill-link-security-00.txt It’s main goal (when complete) is to do two things: Establish strong security policies and defaults for TRILL link security. Specify link security more precisely and provide defaults for the following link types: Ethernet [RFC6325], PPP [RFC6361], and Pseudowire [RFC7173].

3 TRILL Link Security Policies
March 2015 TRILL Link Security Policies Proposed new policies: TRILL communication between TRILL switch ports that support encryption and authentication at line speed, MUST default to using security. Security MUST/SHOULD be implemented and available even if a TRILL switch port is not capable of performing encryption and authentication at line speed. When authentication is not available, opportunistic security [RFC7435] SHOULD be supported.

4 Link Type Specific Link Security
TRILL Link Security March 2015 Link Type Specific Link Security Summary by Link Type: Ethernet: Specifies IEEE Std 802.1AE (MACSEC) Security PPP: For true PPP over HDLC links, does the best in it can. In other cases, recommends using lower layer security such as Ethernet security for PPP over Ethernet. Pseudowire: Has no native security. Security for lower layer carrying pseudowire MUST be used. (IP: Security to be covered in TRILL over IP draft.)

5 Example End to Edge Security, out of scope for TRILL PPP Ethernet
TRILL Link Security March 2015 Example End to Edge Security, out of scope for TRILL PPP Ethernet Pseudowire Edge RBridge Transit RBridge Transit RBridge Edge RBridge One TRILL hop security, main topic of current draft End Station End Station End to End Security, Recommended but out of scope for TRILL

6 More on Ethernet Security
TRILL Link Security March 2015 More on Ethernet Security MACSEC is straightforward for point to point Ethernet links. In case of intervening customer bridges, they have to be trusted/keyed or you need some more encapsulation. The draft also touches on end station to end station MACSEC and MACSEC between an end stations and its edge TRILL switch, although algorithms and keying in those cases is out of scope for TRILL.

7 TRILL Link Security March 2015 Possible Addition Edge-to-Edge security between ingress TRILL switch and egress TRILL switch. There are various possibilities including MACSEC inside the TRILL Header.

8 Questions / Action Questions?
TRILL Link Security March 2015 Questions / Action Questions? Action: The draft needs more work. Comments welcome.

9 Donald E. Eastlake, 3rd <d3e3e3@gmail.com>
March 2015 TRILL Link Security March 2015 END Donald E. Eastlake, 3rd TRILL Link Security

Download ppt "March 2015 TRILL Link Security March 2015 TRILL Link Security"

Similar presentations

802.1H Kevin Nolish Michael Wright. 802.1H Project The reason for the update of 802.1H is, primarily, mandated reaffirmation of the standard. As part.

802.1H Kevin Nolish Michael Wright H Project The reason for the update of 802.1H is, primarily, mandated reaffirmation of the standard. As part.
Radia Perlman Intel Labs

Radia Perlman Intel Labs
TRILL ESADI draft-hu-trill-rbridge-esadi-00 Hongjun Zhai (ZTE) Fangwei hu (ZTE) Radia Perlman (Intel Labs) Donald Eastlake 3 rd (Huawei) July 20111TRILL.

TRILL ESADI draft-hu-trill-rbridge-esadi-00 Hongjun Zhai (ZTE) Fangwei hu (ZTE) Radia Perlman (Intel Labs) Donald Eastlake 3 rd (Huawei) July 20111TRILL.
82 nd IETF Taipei1 TRILL over MPLS draft-yong-trill-trill-o-mpls-00 Lucy Yong Donald Eastlake 3rd

82 nd IETF Taipei1 TRILL over MPLS draft-yong-trill-trill-o-mpls-00 Lucy Yong Donald Eastlake 3rd
TRILL Header Extension Simplifications Donald Eastlake 3 rd Huawei Technologies 1July 2011.

TRILL Header Extension Simplifications Donald Eastlake 3 rd Huawei Technologies 1July 2011.
1 Data Link Issues Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,

1 Data Link Issues Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,
Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley

Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley
TRILL Cloudlet Radia Perlman Donald Eastlake 3 rd Fangwei Hu August 20121TRILL: Cloudlet.

TRILL Cloudlet Radia Perlman Donald Eastlake 3 rd Fangwei Hu August 20121TRILL: Cloudlet.
Nirmala Shenoy, Daryl Johnson, Bill Stackpole, Bruce Hartpence Rochester Institute of Technology 1.

Nirmala Shenoy, Daryl Johnson, Bill Stackpole, Bruce Hartpence Rochester Institute of Technology 1.
Directory Assisted TRILL Encapsulation by non-TRILL nodes (Directory Reliant Smart End Node) Linda Dunbar Donald Eastlake Radia Perlman Igor Gashinsky.

Directory Assisted TRILL Encapsulation by non-TRILL nodes (Directory Reliant Smart End Node) Linda Dunbar Donald Eastlake Radia Perlman Igor Gashinsky.
Fine Grained Labeling draft-ietf-trill-fine labeling-01.txt Donald E. Eastlake 3 rd Huawei Technologies August 2012TRILL FGL1.

Fine Grained Labeling draft-ietf-trill-fine labeling-01.txt Donald E. Eastlake 3 rd Huawei Technologies August 2012TRILL FGL1.
Thursday, May 03, 2001SMPLS-Encryption of Payloads1 Secure MPLS Encryption of Payloads V.Rajan - 705073 S.Vidyaraman - 703848.

Thursday, May 03, 2001SMPLS-Encryption of Payloads1 Secure MPLS Encryption of Payloads V.Rajan S.Vidyaraman
Revision of the Appointed Forwarder RFC draft-eastlake-trill-rfc6439-00.txt Donald E. Eastlake, 3 rd +1-508-333-2270 March 2015 Appointed.

Revision of the Appointed Forwarder RFC draft-eastlake-trill-rfc txt Donald E. Eastlake, 3 rd March 2015 Appointed.
TRILL Link Protocols Donald Eastlake Huawei Technologies July 20141Directory Assist.

TRILL Link Protocols Donald Eastlake Huawei Technologies July 20141Directory Assist.
TRILL over IP draft-ietf-trill-over-ip-01.txt IETF 91, Honolulu Margaret Wasserman Donald Eastlake, Dacheng Zhang.

TRILL over IP draft-ietf-trill-over-ip-01.txt IETF 91, Honolulu Margaret Wasserman Donald Eastlake, Dacheng Zhang.
TRILL OAM draft-eastlake-trill-rbridge-channel-00 draft-bond-trill-rbridge-oam-01 draft-manral-trill-bfd-encaps-01 Donald Eastlake 3 rd Huawei Technologies.

TRILL OAM draft-eastlake-trill-rbridge-channel-00 draft-bond-trill-rbridge-oam-01 draft-manral-trill-bfd-encaps-01 Donald Eastlake 3 rd Huawei Technologies.
November 2011IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list: Tools site:

November 2011IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list: Tools site:
Submission doc.: IEEE 11-12/0621r2 May 2012 Donald Eastlake 3rd, HuaweiSlide 1 Alternative Mesh Path Selection Date: 2012-05-12 Authors:

Submission doc.: IEEE 11-12/0621r2 May 2012 Donald Eastlake 3rd, HuaweiSlide 1 Alternative Mesh Path Selection Date: Authors:
July 2013IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:

July 2013IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:
March 2008Protocol Draft Changes -06 to -071 TRILL Protocol Specification Changes from -06 to -07 Donald Eastlake 3 rd +1-508-786-7554

March 2008Protocol Draft Changes -06 to -071 TRILL Protocol Specification Changes from -06 to -07 Donald Eastlake 3 rd

Similar presentations

Ads by Google