Addressing and secure control-plane network design in GMPLS networks

1: This document describes a control-plane network design for general scalable GMPLS networks. We use the Circuit-Switched High-speed End-to-End ArcHitecture (CHEETAH) network as an example to illustrate how we implemented our design. The CHEETAH network is a Synchronous Optical NETwork (SONET) based network that uses Sycamore SN16000 switches. While some of the specifics related to this switch may not be applicable to other switches, in general, most of the concepts presented here will apply to any GMPLS network. Our control-plane network design uses the Internet to create out-of-band channels between end hosts and GMPLS switches as well as between neighboring switches. First, we consider the question of what type of IP addresses, static or dynamic, public or private, to assign to control-plane interfaces on switches and end hosts. Our conclusion is that we require static public IP addresses if the goal is to create scalable GMPLS networks. Given the shortage of such IPv4 addresses, we recommend the use of IPv6. Second, we note that the Router ID/Switch IP loopback interface addresses assigned to GMPLS switches should be advertised through routing protocols, allowing them to be reachable through at least one interface on the Internet. Third, to secure the control-plane channels, we describe the use of IPsec tunnels. Using open-source Linux software called Openswan on the end hosts and Juniper NS-5XT devices to protect control ports of switches, we use host based authentication and encryption of RSVP-TE and OSPF-TE messages. Finally, we propose a mechanism to handle IP and MAC addressing on the data-plane in GMPLS networks. When an end-to-end circuit/VC is established, conventional IP networking dictates that the two ends of the Ethernet connection should be in the same IP subnet. But this leads to an unscalable solution requiring the data-plane interfaces of all hosts on a GMPLS network to be assigned addresses within one subnet. Our solution is to assign IP addresses to these interfaces in different subnets, based on the 1. This work was carried out under the sponsorship of NSF ITR-0312376, NSF ANI-0335190, NSF ANI-0087487, and DOE DE-FG0204ER25640 grants.