Network Working Group L. Yang Request for Comments: 3746 Intel Corp. Category: Informational R. Dantu Univ. of North Texas T. Anderson Intel Corp. R. Gopal Nokia April 2004 Forwarding and Control Element Separation (ForCES) Framework Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document defines the architectural framework for the ForCES (Forwarding and Control Element Separation) network elements, and identifies the associated entities and their interactions. Table of Contents 1. Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions used in this document . . . . . . . . . . . . 2 1.2. Terminologies . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction to Forwarding and Control Element Separation (ForCES) . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.1. Control Elements and Fr Reference Point . . . . . . . . . 10 3.2. Forwarding Elements and Fi reference point. . . . . . . . 11 3.3. CE Managers . . . . . . . . . . . . . . . . . . . . . . . 14 3.4. FE Managers . . . . . . . . . . . . . . . . . . . . . . . 14 4. Operational Phases . . . . . . . . . . . . . . . . . . . . . . 15 4.1. Pre-association Phase . . . . . . . . . . . . . . . . . . 15 4.1.1. Fl Reference Point . . . . . . . . . . . . . . . . 15 4.1.2. Ff Reference Point . . . . . . . . . . . . . . . . 16 4.1.3. Fc Reference Point . . . . . . . . . . . . . . . . 17 4.2. Post-association Phase and Fp reference point . . . . . . 17 4.2.1. Proximity and Interconnect between CEs and FEs . . 18 Yang, et al. Informational [Page 1] RFC 3746 ForCES Framework April 2004 4.2.2. Association Establishment. . . . . . . . . . . . . 18 4.2.3. Steady-state Communication . . . . . . . . . . . . 19 4.2.4. Data Packets across Fp reference point . . . . . . 21 4.2.5. Proxy FE . . . . . . . . . . . . . . . . . . . . . 22 4.3. Association Re-establishment. . . . . . . . . . . . . . . 22 4.3.1. CE graceful restart. . . . . . . . . . . . . . . . 23 4.3.2. FE restart . . . . . . . . . . . . . . . . . . . . 24 5. Applicability to RFC 1812. . . . . . . . . . . . . . . . . . . 25 5.1. General Router Requirements . . . . . . . . . . . . . . . 25 5.2. Link Layer. . . . . . . . . . . . . . . . . . . . . . . . 26 5.3. Internet Layer Protocols. . . . . . . . . . . . . . . . . 27 5.4. Internet Layer Forwarding . . . . . . . . . . . . . . . . 27 5.5. Transport Layer . . . . . . . . . . . . . . . . . . . . . 28 5.6. Application Layer -- Routing Protocols. . . . . . . . . . 29 5.7. Application Layer -- Network Management Protocol. . . . . 29 6. Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 30 8. Security Considerations. . . . . . . . . . . . . . . . . . . . 30 8.1. Analysis of Potential Threats Introduced by ForCES. . . . 31 8.1.1. "Join" or "Remove" Message Flooding on CEs . . . . 31 8.1.2. Impersonation Attack . . . . . . . . . . . . . . . 31 8.1.3. Replay Attack. . . . . . . . . . . . . . . . . . . 31 8.1.4. Attack during Fail Over. . . . . . . . . . . . . . 32 8.1.5. Data Integrity . . . . . . . . . . . . . . . . . . 32 8.1.6. Data Confidentiality . . . . . . . . . . . . . . . 32 8.1.7. Sharing security parameters. . . . . . . . . . . . 33 8.1.8. Denial of Service Attack via External Interface. . 33 8.2. Security Recommendations for ForCES . . . . . . . . . . . 33 8.2.1. Using TLS with ForCES. . . . . . . . . . . . . . . 34 8.2.2. Using IPsec with ForCES. . . . . . . . . . . . . . 35 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37
[include full document text]
datatracker.ietf.org