draft bonica l3vpn auth 01 txt sp can accidentally
play

draft-bonica-l3vpn-auth-01.txt SP can accidentally provision - PDF document

Sep 25, 2023 •223 likes •300 views

draft-bonica-l3vpn-auth-01.txt SP can accidentally provision Customer_A interface into Customer_B VPN Consequences Customer_B receives no automatic indication of VPN breach SP receives no automatic indication of

  1. draft-bonica-l3vpn-auth-01.txt

  2. • SP can accidentally provision Customer_A interface into Customer_B VPN • Consequences – Customer_B receives no automatic indication of VPN breach – SP receives no automatic indication of misconfiguration – Customer_A notifies Service Provider of misconfiguration (sooner or later)

  3. • PE does not permit CE to participate in a VPN until VPN site submits magic cookie(s) to PE • Provider distributes magic cookies to other CE routers that support VPN • CE routers use magic cookies to authenticate remote VPN sites – If CE receives cookie that it cannot authenticate, it issues alarm and withdraws from VPN if required to do so by local security policy

  4. • Using BGP or new protocol, CE sends cookie(s) to PE • PE associates each prefix for which CE is next hop with cookies learned from that CE • PE uses new BGP extended community attribute to distribute cookies along with prefixes to other PE routers that support VPN

  5. • Remote PE uses BGP or new protocol to distribute all cookies associated with VPN routes to CE – Null cookie

  6. • Largely TBD • But we know – It is very simple – Runs over TCP – Probably needs some kind of authentication

  7. • Adopt as WG draft • Continue work on new protocol

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multicast VPN fast fail-over draft-morin-l3vpn-mvpn-fast-failover-04 Wim Henderickx, Praveen

Multicast VPN fast fail-over draft-morin-l3vpn-mvpn-fast-failover-04 Wim Henderickx, Praveen

IETF 77 th meeting, Anaheim L3VPN WG Multicast VPN fast fail-over draft-morin-l3vpn-mvpn-fast-failover-04 Wim Henderickx, Praveen Muley Alcatel Lucent Thomas Morin France Telecom Orange Ray Qiu Huawei Yakov Rekhter, Rahul

368 views • 5 slides
draft-hares-i2rs-auth-trans Susan Hares NETCONF (Juergen) Review Requirements 1, 02, 5, 6, 7,

draft-hares-i2rs-auth-trans Susan Hares NETCONF (Juergen) Review Requirements 1, 02, 5, 6, 7,

draft-hares-i2rs-auth-trans Susan Hares NETCONF (Juergen) Review Requirements 1, 02, 5, 6, 7, 9, 11, 13, 14, 15, 16, 18, 19, 20 no problem noted Editorial Editorial: Req. 3 /4 need clarification on words, Req. 8 not a

256 views • 12 slides
MOEBIUS Mobility Management Application Niavi Stefania AUTh IT Center Liolios Nikos AUTh

MOEBIUS Mobility Management Application Niavi Stefania AUTh IT Center Liolios Nikos AUTh

MOEBIUS Mobility Management Application Niavi Stefania AUTh IT Center Liolios Nikos AUTh Department of European Educational Programmes 1 Moebius - AUTh, Greece Main challenges of mobility management 1. Large volume of bilateral agreements

483 views • 30 slides
O H! H! Auth th Implementation pitfalls & the auth providers who have fell in it

O H! H! Auth th Implementation pitfalls & the auth providers who have fell in it

H! H! O H! H! Auth th Implementation pitfalls & the auth providers who have fell in it @samitanwer1 samit.anwer@gmail.com C: C:\>whoami Samit Anwer Product Security Team @Citrix Web/Mobile App Security Enthusiast

724 views • 58 slides
Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-10.txt

Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-10.txt

Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-10.txt Abhijit Menon-Sen <ams@oryx.com> Chris Newman <chris.newman@sun.com> Alexey Melnikov <alexey.melnikov@isode.com> Simon Josefsson

189 views • 7 slides
Oops! d e How I accidentally the k c a h University's Merchandising Shop Dan Luedtke

Oops! d e How I accidentally the k c a h University's Merchandising Shop Dan Luedtke

Oops! d e How I accidentally the k c a h University's Merchandising Shop Dan Luedtke <mail@danrl.de> Thu, January 12, 2012 Slide 1 About UniBwM University of the German Federal Armed Forces, Munich ~3700 students in

489 views • 26 slides
Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

CSS441 Introduction Functions Auth. with Encryption Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

673 views • 21 slides
Accidentally Unhealthy: Americas unintentional relationship with employers in an inefficient

Accidentally Unhealthy: Americas unintentional relationship with employers in an inefficient

Robin Catania Robert Mckinney School of Law 3L Note-in-Progress Candidate IHLR Symposium October 15-16, 2020 Accidentally Unhealthy: Americas unintentional relationship with employers in an inefficient market IUPUI Thesos Thesis 1. The

251 views • 12 slides
Turning AUTh into e-University Pinelopi Giovanitsa, Academic Support IT Center introduction 2

Turning AUTh into e-University Pinelopi Giovanitsa, Academic Support IT Center introduction 2

Turning AUTh into e-University Pinelopi Giovanitsa, Academic Support IT Center introduction 2 learning management systems in AUTh centra eClass blackboard moodle 3 timeline of transition September 2014 March 2014 eLearning on

526 views • 16 slides
WG10 Modelling of marine dispersion and transfer of radionuclides accidentally released from

WG10 Modelling of marine dispersion and transfer of radionuclides accidentally released from

WG10 Modelling of marine dispersion and transfer of radionuclides accidentally released from land-based facilities MODARIA Scenarios 1) Fukushima releases in the Pacific Ocean Intercomparison of hydrodynamic submodels First simple

167 views • 12 slides
MODARIA WG10 Modelling of marine dispersion and transfer of radionuclides accidentally released

MODARIA WG10 Modelling of marine dispersion and transfer of radionuclides accidentally released

MODARIA WG10 Modelling of marine dispersion and transfer of radionuclides accidentally released from land-based facilities. Interim meeting University of Seville, Spain. 17-19 June, 2015 Participants from Rep. of Korea, Japan, Ukraine,

593 views • 26 slides
Web Security and Auth Shan-Hung Wu CS, NTHU Outline Security risks of web applications

Web Security and Auth Shan-Hung Wu CS, NTHU Outline Security risks of web applications

Web Security and Auth Shan-Hung Wu CS, NTHU Outline Security risks of web applications Injection, broken authentication , XSS, CSRF, etc. Checklist of 23 Node.js security best practices Auth: Authentication, authorization, and

336 views • 30 slides
General LTL Specification Mining Caroline Lemieux , Dennis Park and Ivan Beschastnikh University

General LTL Specification Mining Caroline Lemieux , Dennis Park and Ivan Beschastnikh University

login attempt auth failed login attempt guest login login attempt authorized Texada auth failed login attempt G( x XF y ) login attempt G( guest login XF authorized ) guest login authorized auth failed login attempt Authorized

1.11k views • 59 slides
DRUG FORMULARY UPDATE LMAC Big Sky, Montana August 21, 2018 Formulary Draft Rules Defin init

DRUG FORMULARY UPDATE LMAC Big Sky, Montana August 21, 2018 Formulary Draft Rules Defin init

DRUG FORMULARY UPDATE LMAC Big Sky, Montana August 21, 2018 Formulary Draft Rules Defin init ition ions Applic icab abil ility ity Upda date b e by R Refer erence ( (ODG) Prior ior A Auth thor oriza izatio

558 views • 12 slides
In-Flight IPv6 Extension Header Insertion Considered Harmful

In-Flight IPv6 Extension Header Insertion Considered Harmful

In-Flight IPv6 Extension Header Insertion Considered Harmful draft-smith-6man-in-flight-eh-insertion-harmful IETF-106 Mark Smith markzzzsmith@gmail.com Naveen Kottapalli naveen.sarma@gmail.com Ron Bonica rbonica@juniper.net Fernando Gont

506 views • 34 slides
Let us l s lea ead d you ou t to a an AUTH THENT NTIC TE TEXAS RA RANC NCH E EXPERI

Let us l s lea ead d you ou t to a an AUTH THENT NTIC TE TEXAS RA RANC NCH E EXPERI

Let us l s lea ead d you ou t to a an AUTH THENT NTIC TE TEXAS RA RANC NCH E EXPERI RIENC NCE!!! JUST ST 2 25 MINU INUTES f fro rom DO DOWNTOWN SA SAN ANTONI NIO Guests Choose fro rom one of our r thre ree Uniq ique

187 views • 16 slides
Problem Domain Collaborative filtering (CF)-based recommender systems (RS). Issue:

Problem Domain Collaborative filtering (CF)-based recommender systems (RS). Issue:

ClustKNN : A Highly Scalable Hybrid Model-& Memory-Based CF Algorithm Al Mamunur Rashid, Shyong K. Lam, George Karypis, and John Riedl University of Minnesota Problem Domain Collaborative filtering (CF)-based recommender systems (RS).

730 views • 19 slides
H.A.R.P. Clara Mae Barnhart & Soyuz Shrestha Binghamton University Academic Recovery through

H.A.R.P. Clara Mae Barnhart & Soyuz Shrestha Binghamton University Academic Recovery through

H.A.R.P. Clara Mae Barnhart & Soyuz Shrestha Binghamton University Academic Recovery through Incentivized Programming What is H.A.R.P.? The Harpur Academic Recovery Program is a Harpur Advising intiative that uses incentivized programming

752 views • 37 slides
Bias-variance trade-off. Crossvalidation. Regularization. Petr Po s k P. Po s k

Bias-variance trade-off. Crossvalidation. Regularization. Petr Po s k P. Po s k

CZECH TECHNICAL UNIVERSITY IN PRAGUE Faculty of Electrical Engineering Department of Cybernetics Bias-variance trade-off. Crossvalidation. Regularization. Petr Po s k P. Po s k c 2015 Artificial Intelligence 1 / 13

274 views • 26 slides
Update Agenda Single Security Initiative Overview Key Considerations Investors

Update Agenda Single Security Initiative Overview Key Considerations Investors

Single Security Initiative Update Agenda Single Security Initiative Overview Key Considerations Investors Dealers Vendors Sellers Recommended Actions Questions Resources October 4, 2017 2 Overview New

358 views • 10 slides
TOS Arno Puder 1 Objectives Motivate the need for Inter-Process Communication Introduce

TOS Arno Puder 1 Objectives Motivate the need for Inter-Process Communication Introduce

TOS Arno Puder 1 Objectives Motivate the need for Inter-Process Communication Introduce a simple send/receive/reply message passing paradigm Show how to implement this paradigm 2 Current state of affairs Status quo: We can

631 views • 40 slides
Blockchains and its applications Quentin Bramas Assistant Professor ICUBE Laboratory

Blockchains and its applications Quentin Bramas Assistant Professor ICUBE Laboratory

Blockchains and its applications Quentin Bramas Assistant Professor ICUBE Laboratory University of Strasbourg Quentin Bramas < bramas@unistra.fr > 1 Blockchains Quentin Bramas < bramas@unistra.fr > 2 Blockchains

1.31k views • 115 slides
CS330 &)

CS330 &)

The Big Picture CS330 &) &'(

320 views • 13 slides
Parallel Programming in Erlang John Hughes What is Erlang? Haskell Erlang - Types - Lazyness

Parallel Programming in Erlang John Hughes What is Erlang? Haskell Erlang - Types - Lazyness

Parallel Programming in Erlang John Hughes What is Erlang? Haskell Erlang - Types - Lazyness - Purity + Concurrency + Syntax If you know Haskell, Erlang is easy to learn! QuickSort again Haskell qsort [] = [] qsort (x:xs) = qsort [y

895 views • 61 slides

More recommend