TTL Partition Security Mechanism
draft-miao-ttl-partition-01
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Miao Fuyou | ||
Last updated | 2005-09-26 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This draft proposes a TTL-number space ''partition'' mechanism to shield the access control/management plane of a service provider's (SP) core network from customer traffic. Provider edge routers limit the TTL to a preset maximum value on_user_data packet that enters core network, and the core network router drops packet with a TTL as small as or smaller than preset value when the packet destination address is the router itself. Since attack packets from a customer site cannot reach the control plane or application of routers in the SP core network, the control plane of the core network is secured against the class of attacks originating outside the core network.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)