@techreport{chen-idr-bgp-ls-security-capability-04, number = {draft-chen-idr-bgp-ls-security-capability-04}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-chen-idr-bgp-ls-security-capability/04/}, author = {Meiling Chen and Li Su}, title = {{the extensions of BGP-LS to carry security capabilities}}, pagetotal = 12, year = 2024, month = sep, day = 3, abstract = {As users' traffic faces more unpredictable attacks during transmission, there are more and more end-users now need high security data transmission guarantee, they need ISPs to provide security protection capabilities on the data forwarding path, but it is very difficult for operators to manage the security attributes of nodes through control surfaces. ISPs need to have real-time awareness of the security capabilities available in the network, then form a security capability map, finally provide security protection for users at the routing level. The goal of this draft is to collect the security capabilities of nodes, which will be one of the factors to form the routing topology, and use the routing programming capabilities to form a secure routing path. The security capability includes healthy information(such as the device software is up-to-date), security service information, device information(such as the manufacturer information of the equipment). The BGP-LS protocol is extended to carry the security capabilities of the node. The controller collects topology information, forms a topology path with security capabilities according to security requirements, and supports SRv6 path sending to execute node forwarding through programming.}, }