--- 1/draft-ietf-ccamp-gmpls-ethernet-arch-07.txt 2009-12-18 22:12:21.000000000 +0100 +++ 2/draft-ietf-ccamp-gmpls-ethernet-arch-08.txt 2009-12-18 22:12:21.000000000 +0100 @@ -1,20 +1,20 @@ Internet Draft Don Fedyk, Alcatel-Lucent Category: Informational Lou Berger, LabN -Expiration Date: June 2, 2010 Loa Andersson, Ericsson AB +Expiration Date: June 18, 2010 Loa Andersson, Ericsson AB - December 2, 2009 + December 18, 2009 Generalized Multi-Protocol Label Switching (GMPLS) Ethernet Label Switching Architecture and Framework - draft-ietf-ccamp-gmpls-ethernet-arch-07.txt + draft-ietf-ccamp-gmpls-ethernet-arch-08.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -23,21 +23,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html - This Internet-Draft will expire on June 2, 2010. + This Internet-Draft will expire on June 18, 2010. Copyright and License Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights @@ -70,33 +70,33 @@ 2.3 Ethernet Switching Characteristics ..................... 11 3 Framework .............................................. 12 4 GMPLS Routing and Addressing Model ..................... 14 4.1 GMPLS Routing .......................................... 14 4.2 Control Plane Network .................................. 15 5 GMPLS Signaling ........................................ 15 6 Link Management ........................................ 16 7 Path Computation and Selection ......................... 17 8 Multiple VLANs ......................................... 18 9 Security Considerations ................................ 18 - 10 IANA Considerations .................................... 18 - 11 References ............................................. 18 - 11.1 Normative References ................................... 18 + 10 IANA Considerations .................................... 19 + 11 References ............................................. 19 + 11.1 Normative References ................................... 19 11.2 Informative References ................................. 19 - 12 Acknowledgments ........................................ 20 + 12 Acknowledgments ........................................ 21 13 Author's Addresses ..................................... 21 1. Introduction There has been significant recent work in increasing the capabilities of Ethernet switches. As a consequence, the role of Ethernet is rapidly expanding into "transport networks" that previously were the - domain of other technologies such as SONET/SDH TDM and ATM. The + domain of other technologies such as SONET/SDH, TDM and ATM. The evolution and development of Ethernet capabilities in these areas is a very active and ongoing process. Multiple organizations have been active in extending Ethernet Technology to support transport networks. This activity has taken place in the Institute of Electrical and Electronics Engineers (IEEE) 802.1 Working Group, the International Telecommunication Union - Telecommunication Standardization Sector (ITU-T) and the Metro Ethernet Forum (MEF). These groups have been focusing on Ethernet forwarding, Ethernet management plane extensions and the Ethernet @@ -736,44 +736,49 @@ 8. Multiple VLANs This document allows for the support of the signaling of Ethernet parameters across multiple VLANs supporting both contiguous Eth-LSP and Hierarchical Ethernet LSPs. The intention is to reuse GMPLS hierarchy for the support of Peer to Peer models, UNIs and NNIs. 9. Security Considerations - The architecture for GMPLS controlled "transport" Ethernet assumes - that the network consists of trusted devices, but does not require - that the ports over which a UNI are defined are trusted, nor does - equipment connected to these ports require to be trusted. In - general, these requirements are no different from the security - requirements for operating any GMPLS network. Access to the trusted - network will only occur through the protocols defined for the UNI or - NNI or through protected management interfaces. + A GMPLS controlled "transport" Ethernet system should assume that + users and devices attached to UNIs may behave maliciously, + negligently, or incorrectly. Intra-provider control traffic is + trusted to not be malicious. In general, these requirements are no + different from the security requirements for operating any GMPLS + network. Access to the trusted network will only occur through the + protocols defined for the UNI or NNI or through protected management + interfaces. When in-band GMPLS signaling is used for the control plane the security of the control plane and the data plane may affect each other. When out-of-band GMPLS signaling is used for the control plane the data plane security is decoupled from the control plane and therefore the security of the data plane has less impact on overall security. Where GMPLS is applied to the control of VLAN only, the commonly known techniques for mitigation of Ethernet DOS attacks may be required on UNI ports. For a more comprehensive discussion on GMPLS security please see the - MPLS and GMPLS Security Framework [SECURITY]. It is expected that - solution documents will include a full analysis of the security - issues that any protocol extensions introduce. + MPLS and GMPLS Security Framework [SECURITY]. Cryptography can be + used to protect against many attacks described in [SECURITY]. One + option for protecting "transport" Ethernet is the use of 802.1AE + Media Access Control Security, [MACSEC] which provides encryption and + authentication." + + It is expected that solution documents will include a full analysis + of the security issues that any protocol extensions introduce. 10. IANA Considerations No new values are specified in this document. 11. References 11.1. Normative References [RFC3471] Berger, L. (editor), "Generalized MPLS Signaling @@ -847,20 +852,24 @@ Bidirectional LSPs", RFC5467, March 2009. [ETH-TSPEC] Papadimitriou, D., "Ethernet Traffic Parameters", draft-ietf-ccamp-ethernet-traffic-parameters-09.txt, work in progress. [SECURITY] Luyuan Fang, Ed., "Security Framework for MPLSand GMPLS Networks", draft-ietf-mpls-mpls-and-gmpls-security- framework-07.txt, work in progress. + [MACSEC] "IEEE Standard for Local and metropolitan area networks + Media Access Control (MAC) Security + 802.1AE-2006", August 18, 2006. + 12. Acknowledgments There were many people involved in the initiation of this work prior to this document. The GELS framework draft and the PBB-TE extensions drafts were two drafts the helped shape and justify this work. We acknowledge the work of these authors of these initial drafts: Dimitri Papadimitriou, Nurit Sprecher, Jaihyung Cho, Dave Allan, Peter Busschbach, Attila Takacs, Thomas Eriksson, Diego Caviglia, Himanshu Shah, Greg Sunderwood, Alan McGuire, and Nabil Bitar. @@ -877,11 +886,11 @@ Lou Berger LabN Consulting, L.L.C. Phone: +1-301-468-9228 Email: lberger@labn.net Loa Andersson Ericsson AB Phone: +46 10 717 52 13 Email: loa.andersson@ericsson.com -Generated on: Wed Dec 2 12:35:33 EST 2009 +Generated on: Fri Dec 18 15:20:53 EST 2009