draft-ietf-mpls-tp-security-framework-06.txt   draft-ietf-mpls-tp-security-framework-07.txt 
INTERNET-DRAFT L. Fang, Ed. INTERNET-DRAFT L. Fang, Ed.
Intended Status: Informational Cisco Intended Status: Informational Cisco
Expires: June 17, 2013 B. Niven-Jenkins, Ed. Expires: July 20, 2013 B. Niven-Jenkins, Ed.
Velocix Velocix
S. Mansfield, Ed. S. Mansfield, Ed.
Ericsson Ericsson
R. Graveman, Ed. R. Graveman, Ed.
RFG Security RFG Security
December 17, 2012 January 20, 2013
MPLS-TP Security Framework MPLS-TP Security Framework
draft-ietf-mpls-tp-security-framework-06 draft-ietf-mpls-tp-security-framework-07
Abstract Abstract
This document provides a security framework for Multiprotocol Label This document provides a security framework for Multiprotocol Label
Switching Transport Profile (MPLS-TP). MPLS-TP extends MPLS Switching Transport Profile (MPLS-TP). MPLS-TP extends MPLS
technologies and introduces new OAM capabilities, a transport- technologies and introduces new OAM capabilities, a transport-
oriented path protection mechanism, and strong emphasis on static oriented path protection mechanism, and strong emphasis on static
provisioning supported by network management systems. This document provisioning supported by network management systems. This document
addresses the security aspects relevant in the context of MPLS-TP addresses the security aspects relevant in the context of MPLS-TP
specifically. It describes potential security threats, security specifically. It describes potential security threats, security
skipping to change at page 2, line 16 skipping to change at page 2, line 16
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Copyright and License Notice Copyright and License Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Security Reference Models . . . . . . . . . . . . . . . . . . . 3
2. Security Reference Models . . . . . . . . . . . . . . . . . . . 4 2.1. Security Reference Model 1 . . . . . . . . . . . . . . . . 3
2.1. Security Reference Model 1 . . . . . . . . . . . . . . . . 4
2.2. Security Reference Model 2 . . . . . . . . . . . . . . . . 6 2.2. Security Reference Model 2 . . . . . . . . . . . . . . . . 6
3. Security Threats . . . . . . . . . . . . . . . . . . . . . . . 8 3. Security Threats . . . . . . . . . . . . . . . . . . . . . . . 8
4. Defensive Techniques . . . . . . . . . . . . . . . . . . . . . 8 4. Defensive Techniques . . . . . . . . . . . . . . . . . . . . . 8
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 10 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 10
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
8.1. Normative References . . . . . . . . . . . . . . . . . . . 10 8.1. Normative References . . . . . . . . . . . . . . . . . . . 10
8.2. Informative References . . . . . . . . . . . . . . . . . . 10 8.2. Informative References . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
skipping to change at page 3, line 32 skipping to change at page 3, line 32
security models, threats, requirements, and defense techniques security models, threats, requirements, and defense techniques
previously defined in [RFC5920] are assumed to apply to general previously defined in [RFC5920] are assumed to apply to general
aspect of MPLS-TP. aspect of MPLS-TP.
This document is a product of a joint Internet Engineering Task Force This document is a product of a joint Internet Engineering Task Force
(IETF) / International Telecommunication Union Telecommunication (IETF) / International Telecommunication Union Telecommunication
Standardization Sector (ITU-T) effort to include an MPLS Transport Standardization Sector (ITU-T) effort to include an MPLS Transport
Profile within the IETF MPLS and PWE3 architectures to support the Profile within the IETF MPLS and PWE3 architectures to support the
capabilities and functionality of a packet transport network. capabilities and functionality of a packet transport network.
1.1. Terminology Readers can refer to [RFC5654] and [RFC5921] for MPLS-TP
terminologies, and [RFC5920] for security terminologies which are
Term Definition relevant to MPLS and GMPLS.
------ -----------------------------------------------
AC Attachment Circuit
BFD Bidirectional Forwarding Detection
CE Customer-Edge device
DoS Denial of Service
DDoS Distributed Denial of Service
G-ACh Generic Associated Channel
GAL G-ACh Label
GMPLS Generalized Multi-Protocol Label Switching
LDP Label Distribution Protocol
LSP Label Switched Path
MEP Maintenance End Point
MIP Maintenance Intermediate Point
MPLS MultiProtocol Label Switching
OAM Operations, Administration, and Management
PE Provider-Edge device
PSN Packet-Switched Network
PW Pseudowire
S-PE Switching Provider Edge
2. Security Reference Models 2. Security Reference Models
This section defines reference models for security in MPLS-TP This section defines reference models for security in MPLS-TP
networks. networks.
The models are built on the architecture of MPLS-TP defined in The models are built on the architecture of MPLS-TP defined in
[RFC5921]. The placement of Service Provider (SP) boundaries plays [RFC5921]. The placement of Service Provider (SP) boundaries plays
important role in determining the security models for any particular important role in determining the security models for any particular
deployment. deployment.
skipping to change at page 10, line 19 skipping to change at page 10, line 19
configuration or service offering from a customer's perspective as configuration or service offering from a customer's perspective as
well as from a service provider's perspective. well as from a service provider's perspective.
6. IANA Considerations 6. IANA Considerations
This document contains no new IANA considerations. This document contains no new IANA considerations.
7. Acknowledgements 7. Acknowledgements
The authors wish to thank Joel Halpern and Gregory Mirsky for their The authors wish to thank Joel Halpern and Gregory Mirsky for their
review comments and contributions to this document, thank Adrian review comments and contributions to this document, thank Mach Chen
Farrel for his Routing AD review and detailed comments, and thank Loa for his review and suggestions, thank Adrian Farrel for his Routing
Andersson for his continued support and guidance as the MPLS WG co- AD review and detailed comments, thank Loa Andersson for his
Chair. continued support and guidance as the MPLS WG co-Chair.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC5654] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed., [RFC5654] Niven-Jenkins, B., Ed., Brungard, D., Ed., Betts, M., Ed.,
Sprecher, N., and S. Ueno, "Requirements of an MPLS Sprecher, N., and S. Ueno, "Requirements of an MPLS
Transport Profile", RFC 5654, September 2009. Transport Profile", RFC 5654, September 2009.
[RFC5920] Fang, L., Ed., "Security Framework for MPLS and GMPLS [RFC5920] Fang, L., Ed., "Security Framework for MPLS and GMPLS
 End of changes. 7 change blocks. 
33 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/