Re: [mpls] validating incoming frames at an Ethernet interface of an LSR

[Himanshu Shah <hshah at force10networks.com>]

I don't believe any of such checks are done or talked about AFAIK.
In your example, an MPLS label will have to be bounded to SMAC
in order to authenticate the sender in data plane.

There are a number of things one can do in control plane and
may be some checks in data plane as far as label + interface
binding but that won't work in your example. I remember Eric Gray
sending out an email in some thread contrasting per platform
label vs per interface label wrt label to i/f authentication.
So there is some protection.


/himanshu

-----Original Message-----
From: mpls-bounces at ietf.org [mailto:mpls-bounces at ietf.org] On Behalf Of Anoop Ghanwani
Sent: Tuesday, June 23, 2009 8:50 PM
To: mpls at ietf.org
Subject: [mpls] validating incoming frames at an Ethernet interface of an LSR


Let's say I have 3 routers R1, R2 & R3 connected
by a layer 2 switch.

Let's say R1 advertises a label, say L1, for a
certain FEC to R2.  Let's assume R1 has a global
LIB (i.e. assigns different labels each time one
is requested).

Now, if R3 sends a frame with L1 addressed to
R1's MAC address, would R1 just pick the frame
up and forward it, or would it actually notice
the problem and drop the frame?

I know we're getting into implementation here,
but would appreciate if someone can point me to
an RFC/draft that discusses this issue.

Thanks,
Anoop
_______________________________________________
mpls mailing list
mpls at ietf.org
https://www.ietf.org/mailman/listinfo/mpls