Negotiation for Keying Pairwise Routing Protocols in IKEv2
draft-mahesh-karp-rkmp-05

 
Document
Type Expired Internet-Draft (individual)
Last updated 2014-05-19 (latest revision 2013-11-15)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream
Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG
IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

Email authors IPR References Referenced by Nits Search lists

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
//www.ietf.org/archive/id/draft-mahesh-karp-rkmp-05.txt

Abstract

This document describes a mechanism to secure the routing protocols which use unicast to transport their signaling messages. Most of such routing protocols are TCP-based (e.g., BGP and LDP), and the TCP Authentication Option (TCP-AO) is primarily employed for securing the signaling messages of these routing protocols. There are also two exceptions: BFD which is over UDP or MPLS, and RSVP-TE which is over IP (but employs an integrated approach to protecting the signaling messages instead of using IPsec). The proposed mechanism secures pairwise TCP-based Routing Protocol (RP) associations, BFD associations and RSVP-TE associations using the IKEv2 Key Management Protocol (KMP) integrated with TCP-AO, BFD, and RSVP-TE respectively. Included are extensions to IKEv2 and its Security Associations to enable its key negotiation to support TCP-AO, BFD, and RSVP-TE.

Authors

Mahesh Jethanandani (mjethanandani@gmail.com)
Brian Weis (bew@cisco.com)
Keyur Patel (keyupate@cisco.com)
Dacheng Zhang (zhangdacheng@huawei.com)
Sam Hartman (hartmans@painless-security.com)
Uma Chunduri (uma.chunduri@ericsson.com)
Albert Tian (albert.tian@ericsson.com)
Joseph Touch (touch@isi.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)