Analyzing failures and attacks in Map & Encap protocols

This paper examines failures and attacks in Map & Encap routing protocols. In Map & Encap, a packet is routed to an encapsulator, which maps the destination address to a decapsulator, and encapsulates the packet. This important and growing class of protocols, ranging from widely used MPLS VPNs to future routing architectures such as LISP, introduce new problems and challenges for handling failures and attacks. To capture fundamental components, we introduce a Simple Map & Encap Protocol (SMEP). Some failure handling approaches from traditional routing protocols also apply in SMEP, but these approaches alone are insufficient. SMEP design choices, and mapping dissemination in particular, have a large impact on whether new techniques are needed. In some cases, the control plane alone cannot adequately handle failures without support from the data plane and attacks can be much harder to diagnose. The results identify new potential failures and attacks and can help designers improve Map & Encap protocol robustness. We illustrate the benefits of our work by analyzing two very different types of Map & Encap protocols, MPLS-VPN and LISP.