VRRP%20Working%20Group - PowerPoint PPT Presentation

About This Presentation
Title:

VRRP%20Working%20Group

Description:

San Francisco IETF. Mukesh Gupta / Nokia. Chair. 2 Virtual Router Redundancy ... San Francisco IETF. VRRPv3 MIB. Needed before VRRPv3 ... San Francisco IETF ... – PowerPoint PPT presentation

Number of Views:121
Avg rating:3.0/5.0
Slides: 13
Provided by: mukesh
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: VRRP%20Working%20Group


1
VRRP Working Group
  • March 2003
  • San Francisco IETF
  • Mukesh Gupta / Nokia
  • Chair

2
AGENDA
  • Introduction and Review Agenda
  • Milestones/Plans
  • Current Drafts
  • Security Issues with VRRP
  • VRRPv3
  • VRRPv3 MIB
  • IPR Issues
  • Further Interests of the WG

3
WG MILESTONES/PLANS
  • Mar 2003
  • - Resolve open issues with authentication methods
  • Mar 2003
  • - Submit updated version of VRRP (IPv4) for Draft
    Standard
  • May 2003
  • - Submit VRRP for IPv6 (VRRPv3) for Proposed
    Standard
  • Jul 2003
  • - Submit MIB for VRRPv3 for Proposed Standard
  • Dec 2003
  • - Review the WG goals and future potential

4
CURRENT DRAFTS
  • VRRPv2 (for IPv4)
  • ltdraft-ietf-vrrp-spec-v2-06.txtgt
  • VRRPv3 (for IPv6)
  • ltdraft-ietf-vrrp-ipv6-spec-03.txtgt
  • Coming Soon
  • VRRPv3 MIB
  • VRRP IPSEC-AH Authentication Specification (???)

5
SECURITY ISSUES
  • Problem
  • Clear text password does not provide much
    security.
  • IPsec AH might provide little security but more
    details need to be specified.
  • All the security mechanisms make the situation
    worse in case of mis-configuration. (2 Masters
    !!)
  • Still vulnerable to all the LAN attacks
  • Proposed Solution
  • Remove the security mechanisms from VRRP and
    write a good security section
  • Work on a separate draft for providing IPsec AH
    security for VRRP (if enough interest in WG ??)

6
SECURITY ISSUES QUESTIONS
  • The Question
  • Anyone against removing security ? Say it Now !!
  • More Questions (How do we do it ?)
  • Discourage or Remove fields from the header ?
  • Backward compatibility issues when removing
    security ?
  • Do we need to update the version number ?
  • Do we need to recycle VRRPv2 through PS again ?
  • Do we need to update VRRPv2 MIB (RFC 2787) ?
  • Anything else ???

7
VRRPv3
  • The current draft is draft-ietf-vrrp-ipv6-spec-03.
    txt
  • Needs to be reviewed. Did anyone review it ?
  • Are there any implementations ? Or Plans ?
  • Cant move forward without implementation
    experience !

8
VRRPv3 MIB
  • Needed before VRRPv3 draft moves to PS
  • Kalyan, Kripakaran and Brian have started working
    on it
  • New draft instead of updating the existing one
  • A draft will be submitted to the WG soon
  • Please review it !!

9
IPR ISSUES (Cisco)
  • We found the following statement from Robert
    Barr, Cisco at
  • http//www.in-addr.de/pipermail/lvs-users/2001-No
    vember/004135.html
  • "Cisco will not assert any patent claims against
    anyone for an implementation of IETF standard for
    VRRP unless a patent claim is asserted against
    Cisco, in which event Cisco reserves the right to
    assert patent claims defensively. If a licensee
    would prefer a royalty-bearing license, we would
    make one available."
  • Robert confirmed this statement in an email again
    on December 18, 2002
  • That is our current position.

10
IPR Issues (IBM)
  • No answer has been received from IBM yet !!

11
ARE WE INTERESTED IN..
  • IPsec AH Security for VRRP draft ?
  • available at
  • http//www.keepalived.org/draft-ietf-vrrp-ipsecah-
    spec-00.txt
  • Removing Priority value 0 (hold the election now)
    option ?
  • Issues and Arguments document ?
  • Anything else ?

12
Thank You
Write a Comment
User Comments (0)
About PowerShow.com