ccamp-11----Page:12
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
|
Security Section L2 LSP signaling prevent these attacks by offering filtering (like ACLs, etc.) reduce data plane threats, as the number of network entry points to control is reduced since L2 LSP are a single entry point (head-end LSR) mechanism MUST be provided at the network edges (on the head-end LSRs), to rate limit the amount of traffic that can transit into a L2 LSP. Attacks on the Control Plane potential initiation of the signaling by the client side => control of such activity MUST be provided so that it cannot be used to fail the network rate limit RSVP client control plane traffic (mainly refresh interval), the number of TE- LSPs that can be signaled by a particular client, etc. Security problems induced by the migration if both L2 LSPs and classical Ethernet are used on the same network |