IETF Logo Mail Archive

I-D Action: draft-mjsraman-l2vpn-vpls-tictoc-label-hop-02.txt

internet-drafts@ietf.org Mon, 08 April 2013 15:08 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietfa.amsl.com
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F74421F97F1 for <i-d-announce@ietfa.amsl.com>; Mon, 8 Apr 2013 08:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.198
X-Spam-Level:
X-Spam-Status: No, score=-102.198 tagged_above=-999 required=5 tests=[AWL=-0.198, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y7vHloOoveMx for <i-d-announce@ietfa.amsl.com>; Mon, 8 Apr 2013 08:08:08 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C49E921F97E7 for <i-d-announce@ietf.org>; Mon, 8 Apr 2013 08:08:08 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-mjsraman-l2vpn-vpls-tictoc-label-hop-02.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.43.p3
Message-ID: <20130408150808.6374.85436.idtracker@ietfa.amsl.com>
Date: Mon, 08 Apr 2013 08:08:08 -0700
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2013 15:08:09 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : Securing Model-C Inter-Provider L2 VPNs with Label Hopping and TicToc
	Author(s)       : Shankar Raman
                          Balaji Venkat Venkataswami
                          Gaurav Raina
                          Bhargav Bhikkaji
	Filename        : draft-mjsraman-l2vpn-vpls-tictoc-label-hop-02.txt
	Pages           : 19
	Date            : 2013-04-08

Abstract:
   In certain models of inter-provider Multi- Protocol Label Switching
   (MPLS) based Virtual Private Networks (VPNs) spoofing attack against
   VPN sites is a key concern. For example, MPLS-based VPN inter-
   provider model "C" for VPLS, or any L2 VPN purpose is not favoured,
   owing to security concerns in the dataplane, even though it can scale
   with respect to maintenance of routing state. Since the inner labels
   associated with VPN sites are not encrypted during transmission, a
   man-in-the-middle attacker can spoof packets to a specific L2 VPN
   site. In this paper, we propose a label-hopping technique which uses
   a set of randomized labels and a method for hopping amongst these
   labels using the time instant the packet leaves the port from a
   sending Provider Edge Router. To prevent the attacker from
   identifying the labels in polynomial time, we also use an additional
   label. The proposed technique can be applied to other variants of
   inter-provider MPLS based VPNs where Multi-Protocol exterior-BGP (MP-
   eBGP) multi-hop is used. As we address a key security concern, we can
   make a case for the deployment of MPLS based L2 VPN inter-provider
   model "C". Specifically we use the TicToc based Precision Time
   Protocol LSP to provide the timing for determining the time instant
   at which the packet is sent from the remote end Provider Edge Router
   and hence calculating when it must have left that peer at the
   Provider Edge Router in the near / receiving end.

   This version of the document suggests a better method for gaining
   more finely granular time slices. This is done by running the PTP LSP
   between the ASBRs in the ASes that are providing the inter-AS L3VPN
   service.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-mjsraman-l2vpn-vpls-tictoc-label-hop

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-mjsraman-l2vpn-vpls-tictoc-label-hop-02

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-mjsraman-l2vpn-vpls-tictoc-label-hop-02


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

v2.23.0 | Report a Bug | By Email