1 / 12

VRRP Working Group

VRRP Working Group. March 2003 San Francisco IETF Mukesh Gupta / Nokia Chair. AGENDA. Introduction and Review Agenda Milestones/Plans Current Drafts Security Issues with VRRP VRRPv3 VRRPv3 MIB IPR Issues Further Interests of the WG. WG MILESTONES/PLANS. Mar 2003

tilden
Download Presentation

VRRP Working Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VRRP Working Group March 2003 San Francisco IETF Mukesh Gupta / Nokia Chair

  2. AGENDA • Introduction and Review Agenda • Milestones/Plans • Current Drafts • Security Issues with VRRP • VRRPv3 • VRRPv3 MIB • IPR Issues • Further Interests of the WG

  3. WG MILESTONES/PLANS • Mar 2003 - Resolve open issues with authentication methods • Mar 2003 - Submit updated version of VRRP (IPv4) for Draft Standard • May 2003 - Submit VRRP for IPv6 (VRRPv3) for Proposed Standard • Jul 2003 - Submit MIB for VRRPv3 for Proposed Standard • Dec 2003 - Review the WG goals and future potential

  4. CURRENT DRAFTS • VRRPv2 (for IPv4) <draft-ietf-vrrp-spec-v2-06.txt> • VRRPv3 (for IPv6) <draft-ietf-vrrp-ipv6-spec-03.txt> Coming Soon: • VRRPv3 MIB • VRRP IPSEC-AH Authentication Specification (???)

  5. SECURITY ISSUES Problem: • Clear text password does not provide much security. • IPsec AH might provide little security but more details need to be specified. • All the security mechanisms make the situation worse in case of mis-configuration. (2 Masters !!) • Still vulnerable to all the LAN attacks Proposed Solution: • Remove the security mechanisms from VRRP and write a good security section • Work on a separate draft for providing IPsec AH security for VRRP (if enough interest in WG ??)

  6. SECURITY ISSUES QUESTIONS The Question: • Anyone against removing security ? Say it Now !! More Questions: (How do we do it ?) • Discourage or Remove fields from the header ? • Backward compatibility issues when removing security ? • Do we need to update the version number ? • Do we need to recycle VRRPv2 through PS again ? • Do we need to update VRRPv2 MIB (RFC 2787) ? • Anything else ???

  7. VRRPv3 • The current draft is draft-ietf-vrrp-ipv6-spec-03.txt • Needs to be reviewed. Did anyone review it ? • Are there any implementations ? Or Plans ? • Can’t move forward without implementation experience !

  8. VRRPv3 MIB • Needed before VRRPv3 draft moves to PS • Kalyan, Kripakaran and Brian have started working on it • New draft instead of updating the existing one • A draft will be submitted to the WG soon • Please review it !!

  9. IPR ISSUES (Cisco) • We found the following statement from Robert Barr, Cisco at http://www.in-addr.de/pipermail/lvs-users/2001-November/004135.html "Cisco will not assert any patent claims against anyone for an implementation of IETF standard for VRRP unless a patent claim is asserted against Cisco, in which event Cisco reserves the right to assert patent claims defensively. If a licensee would prefer a royalty-bearing license, we would make one available." • Robert confirmed this statement in an email again on December 18, 2002 “That is our current position.”

  10. IPR Issues (IBM) • No answer has been received from IBM yet !!

  11. ARE WE INTERESTED IN.. • “IPsec AH Security for VRRP” draft ? available at http://www.keepalived.org/draft-ietf-vrrp-ipsecah-spec-00.txt • Removing Priority value 0 (hold the election now) option ? • Issues and Arguments document ? • Anything else ?

  12. Thank You

More Related