40 likes | 58 Views
This document discusses the security considerations for Pseudowire Emulation (PWE) in MPLS networks. It addresses key questions related to confidentiality, integrity, and authentication, and explores possible solutions including MPLSoIPoMPLS with IPsec and generic security options for PWEs.
E N D
PWEsecurityconsiderations 68th IETF 20 March 2007 Yaakov (J) Stein
Status • draft-stein-pwe3-sec-req has been updated to 01 version • draft-stein-pwe3-pwsec was discussed at the last meeting • MPLS security design team has produced draft-fang-mpls-gmpls-security-framework • yesterday there was a meeting of PWE and security people • the following 2 slides summarize the questions raised
What is the question ? • Do we need a PW-specific or general MPLS security solution? • How important is : confidentiality ? integrity ? authentication ? • What are the scenarios requiring PW-specific security ? • input from service providers is invited … • Are there enough providers who want this ? • input from service providers is invited …
What are possible solutions ? • Requiring MPLSoIPoMPLS and using IPsec (can compress headers to reduce overhead) • will service providers use this ? • Defining a "security" PW type in which arbitrary MPLS can be tunneled • is this ruled out by MPLS as presently defined? • Generic security option for PWs (e.g. PWsec) • does present state of PWE3 documents make this impossible?