draft-ietf-forces-protocol-17.txt   draft-ietf-forces-protocol-18.txt 
Network Working Group A. Doria (Ed.) Network Working Group A. Doria (Ed.)
Internet-Draft Lulea University of Technology Internet-Draft Lulea University of Technology
Intended status: Standards Track R. Haas (Ed.) Intended status: Standards Track R. Haas (Ed.)
Expires: March 29, 2009 IBM Expires: May 3, 2009 IBM
J. Hadi Salim (Ed.) J. Hadi Salim (Ed.)
Znyx Znyx
H. Khosravi (Ed.) H. Khosravi (Ed.)
Intel Intel
W. M. Wang (Ed.) W. M. Wang (Ed.)
Zhejiang Gongshang University Zhejiang Gongshang University
September 25, 2008 October 30, 2008
ForCES Protocol Specification ForCES Protocol Specification
draft-ietf-forces-protocol-17.txt draft-ietf-forces-protocol-18.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 42 skipping to change at page 1, line 42
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 29, 2009. This Internet-Draft will expire on May 3, 2009.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This document specifies the Forwarding and Control Element Separation This document specifies the Forwarding and Control Element Separation
(ForCES) protocol. ForCES protocol is used for communications (ForCES) protocol. ForCES protocol is used for communications
between Control Elements(CEs) and Forwarding Elements (FEs) in a between Control Elements(CEs) and Forwarding Elements (FEs) in a
skipping to change at page 88, line 7 skipping to change at page 88, line 7
primary CE (Config), and other HA related operations described primary CE (Config), and other HA related operations described
before, are the PL responsibility. before, are the PL responsibility.
To put the two together, if a path to a primary CE is down, the TML To put the two together, if a path to a primary CE is down, the TML
would take care of failing over to a backup path, if one is would take care of failing over to a backup path, if one is
available. If the CE is totally unreachable then the PL would be available. If the CE is totally unreachable then the PL would be
informed and it would take the appropriate actions described before. informed and it would take the appropriate actions described before.
9. Security Considerations 9. Security Considerations
ForCES architecture identifies several levels of security in ForCES Framework document [RFC3746], section 8 goes into a lot of
[RFC3746]. ForCES PL uses security services provided by the ForCES details and identifies several levels of security challenges. This
TML. The TML provides security services such as endpoint document does not repeat that discussion, the reader is referred to
authentication service, message authentication service and the ForCES Framework document[RFC3746] for those details and how
confidentiality service. Endpoint authentication service is invoked the ForCES architecture addresses them.
at the time of the pre-association connection establishment phase and
message authentication is performed whenever the FE or CE receives a ForCES PL uses security services provided by the ForCES TML. The TML
packet from its peer. provides security services such as endpoint authentication service,
message authentication service and confidentiality service. Endpoint
authentication service is invoked at the time of the pre-association
connection establishment phase and message authentication is
performed whenever the FE or CE receives a packet from its peer.
The following are the general security mechanisms that need to be in The following are the general security mechanisms that need to be in
place for ForCES PL. place for ForCES PL.
o Security mechanisms are session controlled - that is, once the o Security mechanisms are session controlled - that is, once the
security is turned on depending upon the chosen security level (No security is turned on depending upon the chosen security level (No
Security, Authentication, Confidentiality), it will be in effect Security, Authentication, Confidentiality), it will be in effect
for the entire duration of the session. for the entire duration of the session.
o An operator should configure the same security policies for both o An operator should configure the same security policies for both
 End of changes. 5 change blocks. 
12 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/