1 CE Based Membership Verification for L3VPNdraft-ietf-l3vpn-l3vpn-auth-01 Ron Bonica

2 Status Quo L3VPN relies on proper configuration of the Service Provider Network If the Service Provider configures Customer A’s site into Customer B’s VPN Customer A knows about it first Customer A tells the Service Provider Service Provider may or may not tell Customer B that his/her VPN has been breached

3 CE-Based AuthenticationAutomatically notifies Customer B when his/her VPN has been breached CE takes whatever action its security policy requires Issue alarm Withdraw from VPN CE-Based Authentication does not prevent SP misconfiguration

4 How It Works VPN site sends token to PE PE joins VPN site to the VPNPE sends token to directly connected VPN sites and remote PE routers Remote PE routers distribute token to directly connected CE routers CE routers evaluate token React to tokens that they do not recognize

5 Trust Model CE trusts SP to faithfully distribute tokensCE assumes that the SP is subject to occasional configuration errors SP cannot protect against these errors because the provisioner believes that he/she is doing the right thing CE must maintain checks and balances Protects against accidental misconfiguration, not malicious behavior on the part of the SP

6 Proposal Draft is already WG draftContinue with implementation, regardless of WG disposition to other drafts in this area Draft-behringer addresses a different problem Not viewed as a competing solution