1 / 4

PWE security considerations

This document discusses the security considerations for Pseudowire Emulation (PWE) in MPLS networks. It addresses key questions related to confidentiality, integrity, and authentication, and explores possible solutions including MPLSoIPoMPLS with IPsec and generic security options for PWEs.

cynthiamark
Download Presentation

PWE security considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PWEsecurityconsiderations 68th IETF 20 March 2007 Yaakov (J) Stein

  2. Status • draft-stein-pwe3-sec-req has been updated to 01 version • draft-stein-pwe3-pwsec was discussed at the last meeting • MPLS security design team has produced draft-fang-mpls-gmpls-security-framework • yesterday there was a meeting of PWE and security people • the following 2 slides summarize the questions raised

  3. What is the question ? • Do we need a PW-specific or general MPLS security solution? • How important is : confidentiality ? integrity ? authentication ? • What are the scenarios requiring PW-specific security ? • input from service providers is invited … • Are there enough providers who want this ? • input from service providers is invited …

  4. What are possible solutions ? • Requiring MPLSoIPoMPLS and using IPsec (can compress headers to reduce overhead) • will service providers use this ? • Defining a "security" PW type in which arbitrary MPLS can be tunneled • is this ruled out by MPLS as presently defined? • Generic security option for PWs (e.g. PWsec) • does present state of PWE3 documents make this impossible?

More Related