I-D Action: draft-balaji-mpls-inter-as-policy-based-te-sec-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : Avoiding un-trusted AS thru inter-AS TE-LSPs constructed using Clipping
	Author(s)       : Shankar Raman
                          Balaji Venkat Venkataswami
                          Gaurav Raina
                          Bhargav Bhikkaji
	Filename        : draft-balaji-mpls-inter-as-policy-based-te-sec-00.txt
	Pages           : 11
	Date            : 2012-08-01

Abstract:
   For a short time sometime in the recent past , internet traffic sent
   between a well known site and subscribers to an internet service
   provider A passed through hardware belonging to a Telecom provider B
   other than the ISP A to which the customers were attached before
   reaching its final destination. Telecom Provider B was found to be
   many AS hops away from the well known site and ISP A.  It was assumed
   that this was an an innocent routing error (which is the most likely
   explanation for the highly circuitous route that the traffic was
   taking), but it was troubling nonetheless.  During a window that
   lasted 30 minutes to an hour, all unencrypted traffic passing between
   the victimised ISP's customers and the well known site might have
   been open to monitoring. Though there was no evidence any data was in
   fact snarfed, but it was felt that the potential for that is
   certainly there because the hardware belonged to the untrusted
   Telecom provider B.

   Many such incidents have occurred in the past where the traffic has
   been diverted through such providers that either erroneously have let
   loose BGP routes or otherwise. At least one of those incidents was
   the result of erroneous BGP, or Border Gateway Protocol, routes that
   were quickly corrected.  The above is a hypothetical headline that
   might occur in the near future if the BGP protocol is subject to such
   circuitous routing attacks either by mis-configuration or through
   purposeful intent. This is primarily owing to the fact that the BGP
   protocol accepts updates from providers and there exists no mechanism
   to figure out whether the updates for prefixes received was due to
   mal-intent, mis-configuration or indeed correct configuration. So
   there is a big blind spot that will have to be rectified. Doing the
   rectification through BGP would only complicate matters more.

   The proposal in the scheme in this draft, warrants the use of MPLS-
   based inter-AS Traffic Engineered Label Switched Paths that are
   constructed out of a derived inter-AS topology that help to impose
   policy decisions that for eg, obviate or prevent such LSPs from
   actually going through certain specific AS or set of ASes. Using
   methods like Graph construction from AS-PATH-INFO data and methods
   like policy based clipping of edges and nodes from such a inter-AS
   topology, the solution is made simple. The use of PCE (Path
   Computation Elements) is advised to compute such inter-AS paths that
   avoid ASes. Regular routing would have followed BGP updates and
   regular IP based forwarding. Using the TE-LSPs we can in fact set out
   the explicit route from AS to AS from the head-end to the tail-end
   avoiding specific set of ASes which dictated by policy have to be
   avoided.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-balaji-mpls-inter-as-policy-based-te-sec

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-balaji-mpls-inter-as-policy-based-te-sec-00


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux