One document matched: draft-fuller-lisp-alt-01.txt
Differences from draft-fuller-lisp-alt-00.txt
Network Working Group D. Farinacci
Internet-Draft V. Fuller
Intended status: Experimental D. Meyer
Expires: May 16, 2008 Cisco
November 13, 2007
LISP Alternative Topology (LISP-ALT)
draft-fuller-lisp-alt-01.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 16, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Farinacci, et al. Expires May 16, 2008 [Page 1]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
Abstract
This document describes a method of building an alternative, logical
topology for managing Endpoint Identifier to Routing Locator mappings
using the Locator/ID Separation Protocol. The logical network is
built as an overlay on the public Internet using existing
technologies and tools, specifically the Border Gateway Protocol and
the Generic Routing Encapsulation. An important design goal for
LISP-ALT is to allow for the relatively easy deployment of an
efficient mapping system while minimizing changes to existing
hardware and software.
Table of Contents
1. Requirements Notation . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Definition of Terms . . . . . . . . . . . . . . . . . . . . . 5
4. The LISP 1.5 model . . . . . . . . . . . . . . . . . . . . . . 7
5. LISP-ALT: Basic Overview . . . . . . . . . . . . . . . . . . . 8
5.1. EID Assignment - Hierarchy and Topology . . . . . . . . . 8
5.2. LISP-ALT Router . . . . . . . . . . . . . . . . . . . . . 9
5.3. Use of GRE tunnels between LISP-ALT Routers . . . . . . . 9
6. How LISP-ALT uses BGP . . . . . . . . . . . . . . . . . . . . 10
6.1. Sub-Address Family Identifier (SAFI) for LISP-ALT . . . . 10
6.2. Autonomous System Numbers (ASNs) in LISP-ALT . . . . . . . 11
7. EID-Prefix Aggregation . . . . . . . . . . . . . . . . . . . . 12
8. Connecting sites to the LAT . . . . . . . . . . . . . . . . . 13
8.1. ETRs originating information into the LAT network . . . . 13
8.2. ITRs Receiving Information from the LAT . . . . . . . . . 13
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
10. Security Considerations . . . . . . . . . . . . . . . . . . . 16
10.1. Apparent LISP-ALT Vunerabilities . . . . . . . . . . . . . 16
10.2. Survey of LISP-ALT Security Mechanisms . . . . . . . . . . 17
10.3. Leveraging Internet BGP Security mechanisms . . . . . . . 17
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19
12.1. Normative References . . . . . . . . . . . . . . . . . . . 19
12.2. Informative References . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
Intellectual Property and Copyright Statements . . . . . . . . . . 21
Farinacci, et al. Expires May 16, 2008 [Page 2]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Farinacci, et al. Expires May 16, 2008 [Page 3]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
2. Introduction
This document describes a method of building an alternative logical
topology for managing Endpoint Identifier to Routing Locator mappings
using the Locator/ID Separation Protocol [LISP]. This logical
topology uses existing technology and tools, specifically the Border
Gateway Protocol [RFC4271] and its multi-protocol extension
[RFC2858], along with the Generic Routing Encapsulation [RFC2784]
protocol to construct an overlay network of devices that advertise
EID-prefixes only. These Endpoint Identifier Prefix Aggregators hold
hierarchically-assigned pieces of the Endpoint Identifier space
(i.e., prefixes) and their next hops toward the network element which
is authoritative for Endpoint Identifier-to-Routing Locator mapping
for that prefix. Tunnel routers can use this overlay to make queries
against and respond to mapping requests made against the distributed
Endpoint Identifier-to-Routing Locator mapping database. Note the
database is distributed (as in [LISP]c and is stored in the ETRs.
Note that an important design goal of LISP-ALT is to minimize the
number of changes to existing hardware and/or software that are
required to deploy the mapping system. It is envisioned that in most
cases existing technology can be used to implement and deploy LISP-
ALT. Since the deployment of LISP-ALT adds new devices to the
network, existing devices not need changes or upgrades. They can
function as they are to realize an underlying and robust physical
topology.
The remainder of this document is organized as follows: Section 3
provides the definitions of terms used in this document. Section 4
outlines the basic LISP 1.5 model. Section 5 provides a basic
overview of the LISP Alternate Topology (or LAT) architecture, and
Section 6 describes how LAT uses BGP to propagate Endpoint Identifier
reachability over the overlay network. Section 7 describes the
construction of the LAT aggregation hierarchy, and Section 8
discusses how the elements of the LAT topology are connected to form
the overlay network.
Farinacci, et al. Expires May 16, 2008 [Page 4]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
3. Definition of Terms
LISP-ALT operates on two name spaces and introduces a new network
element, the EID Prefix Aggregators (see below). This section
provides high-level definitions of the LISP-ALT name spaces, network
elements, and message types.
The LISP Alternative Topology (LAT): The virtual overlay network
made up of Generic Routing Encapsulation (GRE) tunnels between EID
Prefix Aggregators. The Border Gateway Protocol (BGP) runs
between LISP-ALT routers and is used to carry reachability
information for EID prefixes.
Legacy Internet: The portion of the Internet which does not run LISP
and does not participate in LISP-ALT.
LISP-ALT Router: The devices which run on the LAT. The LAT is a
static topology built with GRE tunnels. LISP-ALT routers are
deployed in a hierarchy which matches the EID prefix allocation
hierarchy. LISP-ALT routers at each level in the this hierarchy
are responsible for aggregating all EID prefixes learned from
LISP-ALT routers logically "below" them and advertising summary
prefixes to the LISP-ALT routers logically "above" them. All
prefix learning and propagation between levels is done using BGP.
LISP-ALT routers at the lowest level, or "edge", of the LAT learn
EID prefixes either over a BGP or LISP TCP session to ETRs. See
Section 6 for details on how BGP is configured between the
different network elements.
The primary function of the LISP-ALT routers is to provide a
lightweight forwarding infrastructure for LISP control-plane
messages (Map-Request and Map-Reply), and to transport data
packets when the packet has the same destination address in both
the inner (encapsulating) destination and outer destination
addresses ((i.e., a Data Probe packet).
Endpoint ID (EID): A 32- or 128-bit value used in the source and
destination fields of the first (most inner) LISP header of a
packet. A packet that is emitted by a system contains EIDs in its
headers and LISP headers are prepended only when the packet
reaches an Ingress Tunnel Router (ITR) on the data path to the
destination EID.
In LISP-ALT, EID-prefixes MUST BE assigned in a hierarchical
manner (in power-of-two) such that they can be aggregated by LISP-
ALT routers. In addition, a site may have site-local structure in
how EIDs are topologically organized (subnetting) for routing
within the site; this structure is not visible to the global
Farinacci, et al. Expires May 16, 2008 [Page 5]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
routing system.
EID-Prefix Aggregate: A set of EID-prefixes said to be aggregatable
in the [RFC4632] sense. That is, an EID-Prefix aggregate is
defined to be a single contiguous power-of-two EID-prefix block.
Such a block is characterized by a prefix and a length.
Routing Locator (RLOC): An IP address of an egress tunnel router
(ETR). It is the output of a EID-to-RLOC mapping lookup. An EID
maps to one or more RLOCs. Typically, RLOCs are numbered from
topologically-aggregatable blocks that are assigned to a site at
each point to which it attaches to the global Internet; where the
topology is defined by the connectivity of provider networks,
RLOCs can be thought of as Provider Aggregatable (PA) addresses.
Note that in LISP-ALT, RLOCs are not carried by the LISP-ALT
routers.
EID-to-RLOC Mapping: A binding between an EID and the RLOC-set that
can be used to reach the EID. We use the term "mapping" in this
document to refer to a EID-to-RLOC mapping.
EID Prefix Reachability: An EID prefix is said to be "reachable" if
one or more of its locators are reachable. That is, an EID prefix
is reachable if the ETR (or its proxy) that is authoritative for a
given EID-to-RLOC mapping is reachable.
Default Mapping: A Default Mapping is a mapping entry for EID-
prefix 0.0.0.0/0. It maps to a locator-set used for all EIDs in
the Internet. If there is a more specific EID-prefix in the
mapping cache it overrides the Default Mapping entry. The Default
Mapping route can be learned by configuration or from a Map-Reply
message.
Default Route: A Default Route in the context of LISP-ALT is a EID-
prefix value of 0.0.0.0/0 which is advertised by BGP on top of the
LAT. The Default Route is used to realize a path for Data Probe
and Map-Request packets.
Farinacci, et al. Expires May 16, 2008 [Page 6]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
4. The LISP 1.5 model
As documented in [LISP], the LISP 1.5 model uses the same basic
query/response protocol machinery as LISP 1.0. In particular, LISP-
ALT provides two mechanisms for an ITR to obtain EID-to-RLOC mappings
(both of these techniques are described in more detail in
Section 8.2):
Data Probe: An ITR may send the first few data packets into the LAT
to minimize packet loss and to probe for the mapping; the
authoritative ETR will respond to the ITR with a Map-Reply message
when it receives the data packet over the LAT. Note that in this
case, the inner Destination Address (DA), which is an EID, is
copied to the outer DA and is routed over the LAT.
Map-Request: An ITR may also send a Map-Request message into the LAT
to request the mapping. As in the Data Probe case, the
authoritative ETR will respond to the ITR with a Map-Reply
message. In this case, the DA of the Map-Request MUST be an
EID.See [LISP] for the format of Map-Request and Map-Reply
packets.
Like LISP 1.0, EIDs are routable and can be used, unaltered, as the
source and destination addresses in IP datagrams. Unlike in LISP
1.0, LISP 1.5 EIDs are not routed on the public Internet; instead,
they are only routable over a separate, virtual topology referred to
as the LISP Alternative Virtual Network. This network is built as an
overlay on the public Internet using GRE tunnels to interconnect
LISP-ALT routers. BGP is run over these tunnels to propagate the
information needed to route Data Probes and Map-Request/Replies.
Importantly, while the ETRs are the source(s) of the unaggregated EID
prefix data, LISP-ALT uses existing BGP mechanisms to aggressively
aggregate this information. Note that ETRs are not required to
participate (or prevented from participating) in the LISP-ALT; they
may choose communicate their mappings to their serving LISP-ALT
router(s) at subscription time via configuration. ITRs are also not
required to (nor prevented from) participate in LISP-ALT.
Farinacci, et al. Expires May 16, 2008 [Page 7]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
5. LISP-ALT: Basic Overview
LISP-ALT is a hybrid push/pull architecture. Aggregated EID prefixes
are "pushed" among the LISP-ALT routers and, optionally, out to ITRs
(which may elect to receive the aggregated information, as opposed to
simply using a default mapping). Specific EID-to-RLOC mappings are
"pulled" by ITRs when they either send explicit LISP requests or data
packets on the alternate topology that result in triggered replies
being generated by ETRs.
The basic idea embodied in LISP-ALT is to use BGP, running over a GRE
overlay, to build the LAT reachability required to route Data Probes,
Map-Requests, and Map-Replies over the alternate topology. The LAT
RIB (BGP RIB) is comprised of EID prefixes (and associated next
hops). The LISP-ALT routers talk eBGP to each other in order to
propagate EID prefix update information, which is learned either over
eBGP connections from the authoritative ETR, or by configuration.
ITRs may also eBGP peer with one or more LISP-ALT routers in order to
route Data Probe packets or Map-Requests (more likely, an ITR will
have a default mapping pointing at one or more LISP-ALT routers).
In summary, the LISP-ALT uses BGP to propagate EID-prefix update
information used by ITRs and ETRs to forward Map-Requests, Map-
Replies, and Data Probes. This reachability is carried as IPv4 or
IPv6 NLRI without modification (since the EID space has the same
syntax as IPv4 or IPv6). LISP-ALT routers eBGP peer with one
another, forming the LAT. An LISP-ALT router near the edge learns
EID prefixes which are originated by authoritative ETRs, which either
eBGP peer with them or by configuration. LISP-ALT routers aggregate
EID prefixes, and forward Data Probes, Map-Requests, and Map-Replies.
5.1. EID Assignment - Hierarchy and Topology
EID-prefixes will be allocated to a LISP site by Internet Registries.
Multiple allocations may not be in power-of-2 blocks. But when they
are, they will be aggregated into one announcement EID-prefix. The
LAT topology will be setup in a tree-like structure hierarchy so
merge points in the tree can have proxy aggregation occur. By doing
this the LISP-ALT nodes higher in the hierarchy can carry less EID-
prefixes.
Since the LAT will not need to change due to subscription or policy
reasons, the topology can remain relatively static and aggregation
can be sustained.
Note: As the prototype develops, we will produce documented usage
guides on how best to build the LAT topology.
Farinacci, et al. Expires May 16, 2008 [Page 8]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
5.2. LISP-ALT Router
A LISP-ALT Router has the following functionality:
1. It can run at a minimum the eBGP part of the BGP protocol.
2. It can support a separate RIB which uses next-hop GRE tunnel
interfaces for forwarding Data Probes and Map-Requests.
3. It can also act as an ITR, as in a proxy-ITR capacity to support
non-LISP sites.
4. It can also act as an ETR, or an recursive or re-encapsulating
ITR to reduce mapping tables in site-based LISP routers.
An ITR or an ETR can talk to a LISP-ALT router without using a GRE
tunnel and a BGP peering connection. A LISP TCP connection can be
established between the LISP-ALT router and either the ITR or ETR for
reliably passing Data Probe or Map-Request packets. TBD, but its
just a BGP speaker in the LAT overlay.
5.3. Use of GRE tunnels between LISP-ALT Routers
By using GRE between LISP-ALT routers and running an eBGP connection
among them over the GRE tunnel interface makes each LISP-ALT hop an
AS-hop. By doing this each LISP-ALT router is using eBGP as a
Distance Vector protocol using an AS-path solely as a shortest-path
determination and loop-avoidance mechanism. All next-hops are on
tunnel interfaces so there is no IGP required resolve next-hops into
real next-hops because they are already resolved by the GRE tunnel
configuration.
This reduces Operational Expense (OPEX) because less protocols need
to be used on the overlay topology. Also, no coordination of tunnel
IP addresses are required since they are used locally by each LISP-
ALT device. So any addressing scheme (even using private addressing)
can be used for tunnel addressing.
In the case in which a single routing domain wants redundancy, there
is no requirement for the two or more LISP-ALT routers inside of the
domain need to peer with each other. The redundancy only need to be
present on peering connections across routing domains. This will
allow a lighter weight deployment and maintenance system for running
BGP.
Farinacci, et al. Expires May 16, 2008 [Page 9]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
6. How LISP-ALT uses BGP
As described in Section 8.2, an ITR may send either a Map-Request or
a data probe to find a given EID-to-RLOC mapping. The LAT provides
the infrastructure that allows these requests to reach the
authoritative ETR, and possibly for the reply to find its way back to
the requesting ITR (the ETR might choose to send the Map-Reply to the
requesting ITR's source-RLOC, bypassing the LAT).
The LISP-ALT routers propagate mapping information for use by ITRs
(when making Map-Requests or sending Data Probes), and ETRs (if the
ETR is configured to send Map-Replies back to the requesting ITR over
the LAT) using eBGP [RFC4271]. eBGP is run on the inter-LISP-ALT
router links, and and possibly between an edge LISP-ALT router and an
ETR or between an edge LISP-ALT router and an ITR. The LAT eBGP RIB
consists of aggregated EID prefixes and their next hops towards the
authoritative ETR for that EID prefix.
ITRs and ETRs may choose not to run an eBGP instance with a LISP-ALT
router. Each case is considered below.
ITR: An ITR will, whether it runs BGP with a LISP-ALT router or not,
will send either a Data Probe or a Map-Request a LISP-ALT router.
ETR: If an ETR runs BGP with a LISP-ALT router, it simply announces
its EID-prefix to its connected LISP-ALT routers. If the ETR is
not running BGP (i.e., it communicates with the LAT over a LISP
TCP connection), then the LISP-ALT router the ETR has a connection
with must route Map-Requests and Data Probes to the ETR as well as
get configured to advertise the ETR's EID-prefixes. Note that in
either case, the ETR may send the Map-Reply message back to the
ITR's source-EID on the LAT or to the ITR's source-RLOC (i.e., on
the underlying topology).
Finally, note that LISP-ALT requires no modification to the BGP
protocol, and is designed to be deployable without additional
protocol machinery.
6.1. Sub-Address Family Identifier (SAFI) for LISP-ALT
As defined by this document, LISP-ALT may be implemented using BGP
without modification. Given the fundamental operational difference
propagating global Internet routing information (the current,
dominant use of BGP) and managing the global EID-to-RLOC database
(the use of BGP proposed by this document), it may be desirable to
assign a new SAFI [RFC2858] to prevent operational confusion and
difficulties, including the inadvertent leaking of information from
one domain to the other. At present, this document does not require
Farinacci, et al. Expires May 16, 2008 [Page 10]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
the assignment of a new SAFI but the authors anticipate that
experimentation may suggest the need for one in the future.
6.2. Autonomous System Numbers (ASNs) in LISP-ALT
The primary use of BGP today is to define the global Internet routing
topology in terms of its participants, known as Autonomous Systems.
LISP-ALT specifies the use of BGP to create a global EID-to-RLOC
mapping database which, while related to the global routing database,
serves a very different purpose and is organized into a very
different hierarchy. Because LISP-ALT does use BGP, however, it uses
ASNs in the paths that are propagated among LISP-ALT routers. To
avoid confusion, it needs to be stressed that that these LISP-ALT
ASNs use a new numbering space that is unrelated to the ASNs used by
the global routing system. Exactly how this new space will be
assigned and managed will be determined during experimental
deployment of LISP-ALT.
Farinacci, et al. Expires May 16, 2008 [Page 11]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
7. EID-Prefix Aggregation
The LAT peering topology should be arranged in a tree-like fashion
(with some meshiness), both with redundancy to deal with crashes. We
assume that as long as the routers are up and running that the
underlying topology will provide alternative routes to the BGP
connection stay up between the LISP-ALT routers.
Farinacci, et al. Expires May 16, 2008 [Page 12]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
8. Connecting sites to the LAT
8.1. ETRs originating information into the LAT network
ETRs have two ways of originating EID information into the LAT:
Configuration: A LISP-ALT router may be configured with the EID-
prefix of the authoritative ETR, which is connected to the LISP-
ALT router via a LISP TCP connection [LISP]. This TCP connection
may be used to route Map-Requests to the ETR (if necessary), and
for the ETR to respond with Map-Replies. Of course, the LISP-ALT
router could also serve as a proxy for its TCP-connected ETRs.
Finally, depending on configuration and which prefixes an ETR is
authoritative for, an ETR may need to connect to more than one
LISP-ALT router to have all of its prefixes routed via the LAT.
eBGP: ETRs may originate information by participating in the LAT via
eBGP. In this case, The ETR advertises reachability for its EID
prefixes over this eBGP connection to the LISP-ALT routers. The
LISP-ALT routers propagate and aggregate this information into the
LAT. That is, here the ETR is simply a peer of a LISP-ALT router
at the edge of the LAT. A LISP-ALT router should aggregate the
received EID-prefixes (where possible).
8.2. ITRs Receiving Information from the LAT
In order to source Map-Requests to the LAT and receive Map-Replies
from the LAT, or to route a Data Probe packet over the LAT, each ITR
participating in the LAT establishes a connection to one or more
LISP-ALT routers. These connections can be either eBGP or TCP (as
described above).
In the case in which the ITR is running eBGP, the peer LISP-ALT
routers use these connections to advertise highly aggregated EID-
prefixes to the peer ITRs. The ITR then installs the received
prefixes into a forwarding table that is used to to send LISP Map-
Requests to the appropriate LISP-ALT router. In most cases, a LISP-
ALT router will send a default mapping to its client ITRs so that
they can send request for any EID prefix into the LAT.
In the case in which the ITR is connected to some set of LISP-ALT
routers without eBGP (i.e., over a LISP TCP connection), the ITR
sends Map-Requests to any of its connected LISP-ALT routers, and
receives Map-Replies from the LISP-ALT router that has the "shortest
path" to the authoritative ETR.
An ITR may also chose to send the first few data packets over the
LAT, in order to minimize packet loss and reduce mapping latency. In
Farinacci, et al. Expires May 16, 2008 [Page 13]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
this case, the data packet serves as a mapping probe (Data Probe),
and the ETR which receives the data packet (over the LAT) responds
with a Map-Reply that is either routed back over the LAT, or send to
the ITR's source-RLOC over the underlying topology.
In general, an ITR will establish connections only to LISP-ALT
routers at the "edge" of the LAT (typically two for redundancy) but
there may also be situations where an ITR would connect to other
LISP-ALT routers to receive alternate shorter path information about
a portion of the LAT topology of interest to it. This can be
accomplished by establishing a GRE tunnel between the ITR and the set
of LISP-ALT routers the ITR is interested in. This is a purely local
policy issue between the ITR and the LISP-ALT routers in question.
Farinacci, et al. Expires May 16, 2008 [Page 14]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
9. IANA Considerations
This document makes no request of the IANA.
Farinacci, et al. Expires May 16, 2008 [Page 15]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
10. Security Considerations
LISP-ALT shares many of the security characteristics of BGP. Its
security mechanisms are comprised of existing technologies in wide
operational use today. Securing LISP-ALT is much simpler than
securing BGP.
Compared to BGP, LISP-ALT routers are not topologically bound,
allowing them to be put in locations away from the vulnerable AS
border (unlike eBGP speakers).
10.1. Apparent LISP-ALT Vunerabilities
This section briefly lists of the apparent vulnerabilities of LISP-
ALT.
Mapping Integrity: Can you insert bogus mappings to black-hole
(create a DoS) or intercept LISP data-plane packets?
LISP-ALT router Availability: Can you DoS the LISP-ALT routers that
a given ETR connects to? Without access to its mappings, a site
is essentially unavailable.
ITR Mapping/Resources: Can you force an ITR or LISP-ALT router to
drop legitimate mapping requests by flooding it with random
destinations that it will have to query for. Further study is
required to see the impact of admission control on the overlay
network.
EID Map-Request Exploits for Reconnaissance: Can you learn about a
LISP destination sites' TE policy by sending legitimate mapping
requests messages and then observing the RLOC mapping replies? Is
this information useful in attacking or subverting peer
relationships? Note that LISP 1.0 has a similar data-plane
reconnaissance issue.
Scaling of LISP-ALT router (LAT) Resources: The overall capacity of
the LAT may be a subset of the available bandwidth of the
Internet.
UDP Map-Reply from ETR: If Map-Replies packets are sent directly
from the ETR to the ITR's RLOC, the ITR's RLOC may be vulnerable
to various types of DoS attacks.
Farinacci, et al. Expires May 16, 2008 [Page 16]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
10.2. Survey of LISP-ALT Security Mechanisms
Explicit peering: The devices themselves can both prioritize
incoming packets as well as potentially do key checks in hardware
to protect the control plane.
Use of TCP to connect elements: This makes it difficult for third
parties to inject packets.
Use of HMAC Protected TCP Connections: HMAC is used to verify
message integrity and authenticity, making it nearly impossible
for third party devices to either insert or modify messages.
Message Sequence Numbers and Nonce Values in Messages: This allows
for devices to verify that the mapping-reply packet was in
response to the mapping-request that they sent.
10.3. Leveraging Internet BGP Security mechanisms
LISP-ALT's use of BGP allows for the LAT easily take advantage of BGP
security features designed for the Legacy Internet BGP.
For example, should either sBGP [I-D.murphy-bgp-secr] or soBGP
[I-D.white-sobgparchitecture] become widely deployed it expected that
LISP-ALT could use these mechanisms to provide authentication of EID-
to-RLOC mappings, and EID origination.
Farinacci, et al. Expires May 16, 2008 [Page 17]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
11. Acknowledgments
Many of the ideas described in this document developed during
detailed discussions with Scott Brim and Darrel Lewis, who made many
insightful comments on earlier versions of this document.
Farinacci, et al. Expires May 16, 2008 [Page 18]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000.
[RFC2858] Bates, T., Rekhter, Y., Chandra, R., and D. Katz,
"Multiprotocol Extensions for BGP-4", RFC 2858, June 2000.
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing
(CIDR): The Internet Address Assignment and Aggregation
Plan", BCP 122, RFC 4632, August 2006.
12.2. Informative References
[I-D.murphy-bgp-secr]
Murphy, S., "BGP Security Analysis",
draft-murphy-bgp-secr-04 (work in progress),
November 2001.
[I-D.white-sobgparchitecture]
White, R., "Architecture and Deployment Considerations for
Secure Origin BGP (soBGP)",
draft-white-sobgparchitecture-00 (work in progress),
May 2004.
[LISP] Farinacci, D., Oran, D., Fuller, V., and D. Meyer,
"Locator/ID Separation Protocol (LISP)",
draft-farinacci-lisp-05.txt (work in progress),
November 2007.
Farinacci, et al. Expires May 16, 2008 [Page 19]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
Authors' Addresses
Dino Farinacci
Cisco
Tasman Drive
San Jose, CA 95134
USA
Email: dino@cisco.com
Vince Fuller
Cisco
Tasman Drive
San Jose, CA 95134
USA
Email: vaf@cisco.com
Dave Meyer
Cisco
Tasman Drive
San Jose, CA 95134
USA
Email: dmm@cisco.com
Farinacci, et al. Expires May 16, 2008 [Page 20]
Internet-Draft LISP Alternative Topology (LISP-ALT) November 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Farinacci, et al. Expires May 16, 2008 [Page 21]
| PAFTECH AB 2003-2026 | 2026-04-22 03:32:42 |