Analysis of BGP, LDP, PCEP, and MSDP Issues According to the Keying and Authentication for Routing Protocols (KARP) Design Guide

This document analyzes TCP-based routing protocols, the Border Gateway Protocol (BGP), the Label Distribution Protocol (LDP), the Path Computation Element Communication Protocol (PCEP), and the Multicast Source Distribution Protocol (MSDP), according to guidelines set forth in Section 4.2 of "Keying and Authentication for Routing Protocols Design Guidelines", RFC 6518.

[1]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[2]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[3]  Jean-Louis Le Roux,et al.  Requirements for Path Computation Element (PCE) Discovery , 2006, RFC.

[4]  Manav Bhatia,et al.  Keying and Authentication for Routing Protocols (KARP) Design Guidelines , 2012, RFC.

[5]  Joseph D. Touch,et al.  Defending TCP Against Spoofing Attacks , 2007, RFC.

[6]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[7]  David L. Black,et al.  Use of IKEv2 in the Fibre Channel Security Association Management Protocol , 2006, RFC.

[8]  Vijay Srinivasan,et al.  RSVP-TE: Extensions to RSVP for LSP Tunnels , 2001, RFC.

[9]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[10]  Jean-Louis Le Roux,et al.  IS-IS Protocol Extensions for Path Computation Element (PCE) Discovery , 2008, RFC.

[11]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[12]  Eric Rescorla,et al.  Cryptographic Algorithms for the TCP Authentication Option (TCP-AO) , 2010, RFC.

[13]  Mach Chen,et al.  LDP Hello Cryptographic Authentication , 2014, RFC.

[14]  David Meyer,et al.  The Generalized TTL Security Mechanism (GTSM) , 2004, RFC.

[15]  Ina Minei,et al.  LDP Specification , 2007, RFC.

[16]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[17]  Sam Hartman,et al.  Analysis of OSPF Security According to the Keying and Authentication for Routing Protocols (KARP) Design Guide , 2013, RFC.

[18]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[19]  Jean-Louis Le Roux,et al.  Path Computation Element (PCE) Communication Protocol (PCEP) , 2009, RFC.

[20]  Joseph D. Touch,et al.  The TCP Authentication Option , 2010, RFC.

[21]  Bill Fenner,et al.  Multicast Source Discovery Protocol (MSDP) , 2003, RFC.

[22]  Lily Chen,et al.  Internet Engineering Task Force (ietf) Updated Security Considerations for the Md5 Message-digest and the Hmac-md5 Algorithms , 2011 .

[23]  Manav Bhatia,et al.  Issues with Existing Cryptographic Protection Methods for Routing Protocols , 2010, RFC.

[24]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[25]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[26]  Luyuan Fang,et al.  Security Framework for MPLS and GMPLS Networks , 2010, RFC.

[27]  Lixia Zhang,et al.  Report from the IAB workshop on Unwanted Traffic March 9-10, 2006 , 2007, RFC.

[28]  Randall R. Stewart,et al.  Improving TCP's Robustness to Blind In-Window Attacks , 2010, RFC.