Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond.

Published byLucas Hensley Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond."— Presentation transcript:

1 1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang lufang@cisco.com Ben Niven-Jenkins ben@niven-jenkins.co.uk Raymond Zhang raymond.zhang@bt.com Nabil Bitarnabil.bitar@verizon.com July 26, 2010 78 IETF, Maastricht, Netherlands

2 2 Objectives and Scope Objectives: –Identify and address MPLS-TP specific security issues. Define MPLS-TP security reference models Provide MPLS-TP security requirements Identify MPLS-TP security threats Provide MPLS-TP security threat mitigation recommendations Intended category: Informational Scope: –In scope: Directly related with MPLS-TP –Out of scope: Any functions/application not specific to MPLS-TP. e.g. General MPLS/GMPLS Security, General IP/Internet Security best practice.. –Other drafts for MPLS-TP can point to this draft for general MPLS-TP security discussion, and discuss any specific security issues for the specific protocol proposals as needed. –Focus is on the inter-connection between trusted and untrusted zones

3 Security Issues need to be fully addressed Areas may be attacked –GAL/GACH –NMS –Loopback –MIP/MEP assignment –NMS and control plane interaction –Data plane –GMPLS control plane Security threats –ID Spoofing –Label spoofing –DoS attack –Topology discovery –Data intercept –Performance degradation

4 Pseudowire PW1 Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW.Seg t3 PW.Seg t1 PW.Seg t2 PW.Seg t4 TP-LSP MPLS-TP Security Reference Model 1 Model 1: single SP scenario Model 1a (Not shown): SS-PW within single trusted zone. Model 1b: MS-PW within single trusted zone (as shown) Trusted Zone Untrusted Zone

5 Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (b) Model 2 (b): Single SP, but not all T-PEs are in the Trusted Zone Trusted Zone Untrusted Zone S-PE1 PW3PW5 MPLS Core

6 Pseudowire Emulated Service Native Service (Attachment Circuit) T-PE1T-PE2 Native Service (Attachment Circuit) S-PE1 CE1 CE2 TP-LSP PW1 TP-LSP MPLS-TP Security Reference Model 2 (c) Model 2 (c): Typical Inter-Provider Scenario Trusted Zone Untrusted Zone S-PE1 PW3PW5

7 7 Next Steps Agree on Security Trust models and identify potential MPLS-TP specific attacks Complete security requirements, threats, mitigations Asking for volunteers to provide input for open issues. –Scott Mansfield will join the next version Target to ask for WG adoption before next IETF meeting

Download ppt "1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-02.txt Luyuan Fang Ben Niven-Jenkins Raymond."

Similar presentations

History of VPLS at IETF Ali Sajassi November 12, 2002.

History of VPLS at IETF Ali Sajassi November 12, 2002.
1 Luyuan Nabil Raymond Zhang

1 Luyuan Nabil Raymond Zhang
Nov 2009 draft-ietf-mpls-tp-framework-06.txt A framework for MPLS in Transport networks draft-ietf-mpls-tp-framework-06.txt Stewart Bryant (Cisco), Matthew.

Nov 2009 draft-ietf-mpls-tp-framework-06.txt A framework for MPLS in Transport networks draft-ietf-mpls-tp-framework-06.txt Stewart Bryant (Cisco), Matthew.
Time Synchronization Protocols and Security IETF tictoc working group 28 July 2011 Karen ODonoghue

Time Synchronization Protocols and Security IETF tictoc working group 28 July 2011 Karen ODonoghue
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen

Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen
MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs

MPLS over L2TPv3 for support of RFC 2547-based BGP/MPLS IP VPNs
Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.

Multicasting Applications Across Inter-Domain Peering Points Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram.
Dual-Homing Protection for MPLS and MPLS-TP Pseudowires

Dual-Homing Protection for MPLS and MPLS-TP Pseudowires
A Unified Control Channel for Pseudowires draft-nadeau-pwe3-vccv-2-02 Thomas D. Nadeau Luca Martini IETF 81.

A Unified Control Channel for Pseudowires draft-nadeau-pwe3-vccv-2-02 Thomas D. Nadeau Luca Martini IETF 81.
63rd IETF Paris August 2005 Requirements for Multicast Support in Virtual Private LAN Services draft-kamite-l2vpn-vpls-mcast-reqts-00.txt Yuji Kamite (NTT.

63rd IETF Paris August 2005 Requirements for Multicast Support in Virtual Private LAN Services draft-kamite-l2vpn-vpls-mcast-reqts-00.txt Yuji Kamite (NTT.
Ietf-65 draft-kulmala-l3vpn-interas-option-d-02.txt ASBR VRF Context for BGP/MPLS IP VPN IETF-65 draft-kulmala-l3vpn-interas-option-d-02.txt Marko Kulmala.

Ietf-65 draft-kulmala-l3vpn-interas-option-d-02.txt ASBR VRF Context for BGP/MPLS IP VPN IETF-65 draft-kulmala-l3vpn-interas-option-d-02.txt Marko Kulmala.
Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon

Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon
MPLS-TP - 79th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-03.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.

MPLS-TP - 79th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-03.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
MPLS-TP - 78th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.

MPLS-TP - 78th IETF1 MPLS-TP Control Plane Framework draft-ietf-ccamp-mpls-tp-cp- framework-02.txt Contributors: Loa Andersson Lou Berger Luyuan Fang Nabil.
1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-04.txt Luyuan Fang Ben Niven-Jenkins Scott.

1 Security Framework for MPLS-TP draft-fang-mpls-tp-security-framework-04.txt Luyuan Fang Ben Niven-Jenkins Scott.
78 IETF, Maastricht, Netherlands

78 IETF, Maastricht, Netherlands
72nd IETF Dublin July 2008 Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-01.txt Yuji.

72nd IETF Dublin July 2008 Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-01.txt Yuji.
1 AII Types for Aggregation draft-metz-aii-aggregate-00.txt Chris Metz, Luca Martini,

1 AII Types for Aggregation draft-metz-aii-aggregate-00.txt Chris Metz, Luca Martini,
Virtual Topologies for Service Chaining in BGP IP/MPLS VPNs draft-rfernando-bess-service-chaining-00 (previously draft-rfernando-l3vpn-service-chaining-04)

Virtual Topologies for Service Chaining in BGP IP/MPLS VPNs draft-rfernando-bess-service-chaining-00 (previously draft-rfernando-l3vpn-service-chaining-04)

Similar presentations

Ads by Google