Abstract

This document describes a mechanism to secure the routing protocols which use unicast to transport their signaling messages. Most of such routing protocols are TCP-based (e.g., BGP and LDP), and the TCP Authentication Option (TCP-AO) is primarily employed for securing the signaling messages of these routing protocols. There are also two exceptions: BFD which is over UDP or MPLS, and RSVP-TE which is over IP (but employs an integrated approach to protecting the signaling messages instead of using IPsec). The proposed mechanism secures pairwise TCP-based Routing Protocol (RP) associations, BFD associations and RSVP-TE associations using the IKEv2 Key Management Protocol (KMP) integrated with TCP-AO, BFD, and RSVP-TE respectively. Included are extensions to IKEv2 and its Security Associations to enable its key negotiation to support TCP-AO, BFD, and RSVP-TE.

Authors

Mahesh Jethanandani (mjethanandani@gmail.com)
Brian Weis (bew@cisco.com)
Keyur Patel (keyur@arrcus.com)
Dacheng Zhang (zhangdacheng@huawei.com)
Sam Hartman (hartmans@painless-security.com)
Uma Chunduri (uma.chunduri@ericsson.com)
Albert Tian (albert.tian@ericsson.com)
Joseph Touch (touch@isi.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)