Control Plane Security of ISP Network

[Miao Fuyou <miaofy@huawei.com>]

Hi, All:

In the Pratices document(draft-ietf-opsec-current-practices-00.txt) routing
control plane security is explicitly identified as an important aspect of
network security. Sp network is comprised of the most essential assets and
facilities to provide service for customer. IP is liable to attack on
control plane and the consequences of such attack usually are very serious.
So, it is the foremost concern for ISP to protect control plane from attack
inside or outside. In order to mitigate security risk on control plane, we
need a lot of work to do on standardization except filtering, logging or dos
tracing. Actually some security mechnisms are identified in Pratices
document for control plane, BGP MD5 for example, but I think there are still
other important aspect to identify. For example, quite a few SP use VPN to
seperate user/customer traffice from core network keep the attack on SP core
from user/customer away from control plane. 

So I suggest following change,  (1) to add more text to Pratice document to
reflect more security pratices on protecting control plane of SP network (2)
we need another Capabilty document to cover control plane security of SP
network wihtout confliction on content with other Capabilty documents, such
as filtering.

Miao Fuyou
Data Communication, Wireline Research
Huawei Technologies Co., Ltd.
TEL: 86-10-8288 2502

*****************************************************************
This e-mail and its attachments contain confidential information from
HUAWEI, which is intended only for the person or entity whose address is
listed above. Any use of the information contained herein in any way
(including, but not limited to, total or partial disclosure, reproduction,
or dissemination) by persons other than the intended recipient(s) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it