draft-ietf-manet-dlep-27.txt   draft-ietf-manet-dlep-28.txt 
Mobile Ad hoc Networks Working Group S. Ratliff Mobile Ad hoc Networks Working Group S. Ratliff
Internet-Draft VT iDirect Internet-Draft VT iDirect
Intended status: Standards Track S. Jury Intended status: Standards Track S. Jury
Expires: July 28, 2017 Cisco Systems Expires: September 4, 2017 Cisco Systems
D. Satterwhite D. Satterwhite
Broadcom Broadcom
R. Taylor R. Taylor
Airbus Defence & Space Airbus Defence & Space
B. Berry B. Berry
January 24, 2017 March 3, 2017
Dynamic Link Exchange Protocol (DLEP) Dynamic Link Exchange Protocol (DLEP)
draft-ietf-manet-dlep-27 draft-ietf-manet-dlep-28
Abstract Abstract
When routing devices rely on modems to effect communications over When routing devices rely on modems to effect communications over
wireless links, they need timely and accurate knowledge of the wireless links, they need timely and accurate knowledge of the
characteristics of the link (speed, state, etc.) in order to make characteristics of the link (speed, state, etc.) in order to make
routing decisions. In mobile or other environments where these routing decisions. In mobile or other environments where these
characteristics change frequently, manual configurations or the characteristics change frequently, manual configurations or the
inference of state through routing or transport protocols does not inference of state through routing or transport protocols does not
allow the router to make the best decisions. DLEP describes a new allow the router to make the best decisions. DLEP describes a new
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 28, 2017. This Internet-Draft will expire on September 4, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 20 skipping to change at page 3, line 20
12.13. Destination Announce Message . . . . . . . . . . . . . . 30 12.13. Destination Announce Message . . . . . . . . . . . . . . 30
12.14. Destination Announce Response Message . . . . . . . . . 30 12.14. Destination Announce Response Message . . . . . . . . . 30
12.15. Destination Down Message . . . . . . . . . . . . . . . . 32 12.15. Destination Down Message . . . . . . . . . . . . . . . . 32
12.16. Destination Down Response Message . . . . . . . . . . . 32 12.16. Destination Down Response Message . . . . . . . . . . . 32
12.17. Destination Update Message . . . . . . . . . . . . . . . 32 12.17. Destination Update Message . . . . . . . . . . . . . . . 32
12.18. Link Characteristics Request Message . . . . . . . . . . 34 12.18. Link Characteristics Request Message . . . . . . . . . . 34
12.19. Link Characteristics Response Message . . . . . . . . . 34 12.19. Link Characteristics Response Message . . . . . . . . . 34
12.20. Heartbeat Message . . . . . . . . . . . . . . . . . . . 35 12.20. Heartbeat Message . . . . . . . . . . . . . . . . . . . 35
13. DLEP Data Items . . . . . . . . . . . . . . . . . . . . . . . 36 13. DLEP Data Items . . . . . . . . . . . . . . . . . . . . . . . 36
13.1. Status . . . . . . . . . . . . . . . . . . . . . . . . . 37 13.1. Status . . . . . . . . . . . . . . . . . . . . . . . . . 37
13.2. IPv4 Connection Point . . . . . . . . . . . . . . . . . 40 13.2. IPv4 Connection Point . . . . . . . . . . . . . . . . . 39
13.3. IPv6 Connection Point . . . . . . . . . . . . . . . . . 41 13.3. IPv6 Connection Point . . . . . . . . . . . . . . . . . 40
13.4. Peer Type . . . . . . . . . . . . . . . . . . . . . . . 42 13.4. Peer Type . . . . . . . . . . . . . . . . . . . . . . . 41
13.5. Heartbeat Interval . . . . . . . . . . . . . . . . . . . 43 13.5. Heartbeat Interval . . . . . . . . . . . . . . . . . . . 42
13.6. Extensions Supported . . . . . . . . . . . . . . . . . . 44 13.6. Extensions Supported . . . . . . . . . . . . . . . . . . 43
13.7. MAC Address . . . . . . . . . . . . . . . . . . . . . . 44 13.7. MAC Address . . . . . . . . . . . . . . . . . . . . . . 44
13.8. IPv4 Address . . . . . . . . . . . . . . . . . . . . . . 45 13.8. IPv4 Address . . . . . . . . . . . . . . . . . . . . . . 44
13.8.1. IPv4 Address Processing . . . . . . . . . . . . . . 46 13.8.1. IPv4 Address Processing . . . . . . . . . . . . . . 45
13.9. IPv6 Address . . . . . . . . . . . . . . . . . . . . . . 47 13.9. IPv6 Address . . . . . . . . . . . . . . . . . . . . . . 46
13.9.1. IPv6 Address Processing . . . . . . . . . . . . . . 48 13.9.1. IPv6 Address Processing . . . . . . . . . . . . . . 47
13.10. IPv4 Attached Subnet . . . . . . . . . . . . . . . . . . 49 13.10. IPv4 Attached Subnet . . . . . . . . . . . . . . . . . . 48
13.10.1. IPv4 Attached Subnet Processing . . . . . . . . . . 50 13.10.1. IPv4 Attached Subnet Processing . . . . . . . . . . 49
13.11. IPv6 Attached Subnet . . . . . . . . . . . . . . . . . . 51 13.11. IPv6 Attached Subnet . . . . . . . . . . . . . . . . . . 50
13.11.1. IPv6 Attached Subnet Processing . . . . . . . . . . 52 13.11.1. IPv6 Attached Subnet Processing . . . . . . . . . . 51
13.12. Maximum Data Rate (Receive) . . . . . . . . . . . . . . 53 13.12. Maximum Data Rate (Receive) . . . . . . . . . . . . . . 52
13.13. Maximum Data Rate (Transmit) . . . . . . . . . . . . . . 53 13.13. Maximum Data Rate (Transmit) . . . . . . . . . . . . . . 53
13.14. Current Data Rate (Receive) . . . . . . . . . . . . . . 54 13.14. Current Data Rate (Receive) . . . . . . . . . . . . . . 54
13.15. Current Data Rate (Transmit) . . . . . . . . . . . . . . 55 13.15. Current Data Rate (Transmit) . . . . . . . . . . . . . . 54
13.16. Latency . . . . . . . . . . . . . . . . . . . . . . . . 55 13.16. Latency . . . . . . . . . . . . . . . . . . . . . . . . 55
13.17. Resources . . . . . . . . . . . . . . . . . . . . . . . 56 13.17. Resources . . . . . . . . . . . . . . . . . . . . . . . 56
13.18. Relative Link Quality (Receive) . . . . . . . . . . . . 57 13.18. Relative Link Quality (Receive) . . . . . . . . . . . . 57
13.19. Relative Link Quality (Transmit) . . . . . . . . . . . . 58 13.19. Relative Link Quality (Transmit) . . . . . . . . . . . . 57
13.20. Maximum Transmission Unit (MTU) . . . . . . . . . . . . 59 13.20. Maximum Transmission Unit (MTU) . . . . . . . . . . . . 58
14. Security Considerations . . . . . . . . . . . . . . . . . . . 59 14. Security Considerations . . . . . . . . . . . . . . . . . . . 59
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 61 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60
15.1. Registrations . . . . . . . . . . . . . . . . . . . . . 61 15.1. Registrations . . . . . . . . . . . . . . . . . . . . . 60
15.2. Signal Type Registration . . . . . . . . . . . . . . . . 61 15.2. Signal Type Registration . . . . . . . . . . . . . . . . 60
15.3. Message Type Registration . . . . . . . . . . . . . . . 61 15.3. Message Type Registration . . . . . . . . . . . . . . . 61
15.4. DLEP Data Item Registrations . . . . . . . . . . . . . . 62 15.4. DLEP Data Item Registrations . . . . . . . . . . . . . . 61
15.5. DLEP Status Code Registrations . . . . . . . . . . . . . 63 15.5. DLEP Status Code Registrations . . . . . . . . . . . . . 62
15.6. DLEP Extensions Registrations . . . . . . . . . . . . . 64 15.6. DLEP Extensions Registrations . . . . . . . . . . . . . 63
15.7. DLEP IPv4 Connection Point Flags . . . . . . . . . . . . 64 15.7. DLEP IPv4 Connection Point Flags . . . . . . . . . . . . 63
15.8. DLEP IPv6 Connection Point Flags . . . . . . . . . . . . 65 15.8. DLEP IPv6 Connection Point Flags . . . . . . . . . . . . 64
15.9. DLEP Peer Type Flag . . . . . . . . . . . . . . . . . . 65 15.9. DLEP Peer Type Flag . . . . . . . . . . . . . . . . . . 64
15.10. DLEP IPv4 Address Flag . . . . . . . . . . . . . . . . . 65 15.10. DLEP IPv4 Address Flag . . . . . . . . . . . . . . . . . 64
15.11. DLEP IPv6 Address Flag . . . . . . . . . . . . . . . . . 66 15.11. DLEP IPv6 Address Flag . . . . . . . . . . . . . . . . . 65
15.12. DLEP IPv4 Attached Subnet Flag . . . . . . . . . . . . . 66 15.12. DLEP IPv4 Attached Subnet Flag . . . . . . . . . . . . . 65
15.13. DLEP IPv6 Attached Subnet Flag . . . . . . . . . . . . . 66 15.13. DLEP IPv6 Attached Subnet Flag . . . . . . . . . . . . . 65
15.14. DLEP Well-known Port . . . . . . . . . . . . . . . . . . 67 15.14. DLEP Well-known Port . . . . . . . . . . . . . . . . . . 66
15.15. DLEP IPv4 Link-local Multicast Address . . . . . . . . . 67 15.15. DLEP IPv4 Link-local Multicast Address . . . . . . . . . 66
15.16. DLEP IPv6 Link-local Multicast Address . . . . . . . . . 67 15.16. DLEP IPv6 Link-local Multicast Address . . . . . . . . . 66
16. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 67 16. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 66
17. References . . . . . . . . . . . . . . . . . . . . . . . . . 67 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 66
17.1. Normative References . . . . . . . . . . . . . . . . . . 67 17.1. Normative References . . . . . . . . . . . . . . . . . . 66
17.2. Informative References . . . . . . . . . . . . . . . . . 68 17.2. Informative References . . . . . . . . . . . . . . . . . 67
Appendix A. Discovery Signal Flows . . . . . . . . . . . . . . . 69 Appendix A. Discovery Signal Flows . . . . . . . . . . . . . . . 68
Appendix B. Peer Level Message Flows . . . . . . . . . . . . . . 69 Appendix B. Peer Level Message Flows . . . . . . . . . . . . . . 68
B.1. Session Initialization . . . . . . . . . . . . . . . . . 69 B.1. Session Initialization . . . . . . . . . . . . . . . . . 68
B.2. Session Initialization - Refused . . . . . . . . . . . . 70 B.2. Session Initialization - Refused . . . . . . . . . . . . 69
B.3. Router Changes IP Addresses . . . . . . . . . . . . . . . 70 B.3. Router Changes IP Addresses . . . . . . . . . . . . . . . 69
B.4. Modem Changes Session-wide Metrics . . . . . . . . . . . 70 B.4. Modem Changes Session-wide Metrics . . . . . . . . . . . 69
B.5. Router Terminates Session . . . . . . . . . . . . . . . . 71 B.5. Router Terminates Session . . . . . . . . . . . . . . . . 70
B.6. Modem Terminates Session . . . . . . . . . . . . . . . . 71 B.6. Modem Terminates Session . . . . . . . . . . . . . . . . 70
B.7. Session Heartbeats . . . . . . . . . . . . . . . . . . . 72 B.7. Session Heartbeats . . . . . . . . . . . . . . . . . . . 71
B.8. Router Detects a Heartbeat timeout . . . . . . . . . . . 73 B.8. Router Detects a Heartbeat timeout . . . . . . . . . . . 72
B.9. Modem Detects a Heartbeat timeout . . . . . . . . . . . . 74 B.9. Modem Detects a Heartbeat timeout . . . . . . . . . . . . 73
Appendix C. Destination Specific Message Flows . . . . . . . . . 74 Appendix C. Destination Specific Message Flows . . . . . . . . . 73
C.1. Common Destination Notification . . . . . . . . . . . . . 74 C.1. Common Destination Notification . . . . . . . . . . . . . 73
C.2. Multicast Destination Notification . . . . . . . . . . . 75 C.2. Multicast Destination Notification . . . . . . . . . . . 74
C.3. Link Characteristics Request . . . . . . . . . . . . . . 76 C.3. Link Characteristics Request . . . . . . . . . . . . . . 75
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 76
1. Introduction 1. Introduction
There exist today a collection of modem devices that control links of There exist today a collection of modem devices that control links of
variable datarate and quality. Examples of these types of links variable datarate and quality. Examples of these types of links
include line-of-sight (LOS) terrestrial radios, satellite terminals, include line-of-sight (LOS) terrestrial radios, satellite terminals,
and broadband modems. Fluctuations in speed and quality of these and broadband modems. Fluctuations in speed and quality of these
links can occur due to configuration, or on a moment-to-moment basis, links can occur due to configuration, or on a moment-to-moment basis,
due to physical phenomena like multipath interference, obstructions, due to physical phenomena like multipath interference, obstructions,
rain fade, etc. It is also quite possible that link quality and rain fade, etc. It is also quite possible that link quality and
skipping to change at page 10, line 24 skipping to change at page 10, line 24
ancillary devices (e.g., a laptop) are also plugged into the switch. ancillary devices (e.g., a laptop) are also plugged into the switch.
But in either event, the resulting network segment is constrained to But in either event, the resulting network segment is constrained to
a small number of devices, and is not generally accessible from a small number of devices, and is not generally accessible from
anywhere else in the network. anywhere else in the network.
The other type of deployment envisioned can be viewed as a "networked The other type of deployment envisioned can be viewed as a "networked
deployment". In this type of scenario, the DLEP router and modem(s) deployment". In this type of scenario, the DLEP router and modem(s)
are placed on a segment that is accessible from other points in the are placed on a segment that is accessible from other points in the
network. In this scenario, not only are the DLEP router and modem(s) network. In this scenario, not only are the DLEP router and modem(s)
accessible from other points in the network; the router and a given accessible from other points in the network; the router and a given
modem could be multiple physical hops away from each other. As modem could be multiple physical hops away from each other. This
mentioned, this scenario necessitates the use of Layer 2 tunneling scenario necessitates the use of Layer 2 tunneling technology to
technology to enforce the single-hop requirement of DLEP. enforce the single-hop requirement of DLEP.
5. Assumptions 5. Assumptions
DLEP assumes that a signaling protocol exists between modems DLEP assumes that a signaling protocol exists between modems
participating in a network. The specification does not define the participating in a network. The specification does not define the
character or behavior of this over-the-air signaling, but does expect character or behavior of this over-the-air signaling, but does expect
some information to be carried (or derived) by the signaling, such as some information to be carried (or derived) by the signaling, such as
the arrival and departure of modems from this network, and the the arrival and departure of modems from this network, and the
variation of the link characteristics between modems. This variation of the link characteristics between modems. This
information is then assumed to be used by the modem to implement the information is then assumed to be used by the modem to implement the
skipping to change at page 13, line 10 skipping to change at page 13, line 10
second; it SHOULD be a configurable parameter. Note that this second; it SHOULD be a configurable parameter. Note that this
operation (sending Peer Discovery and waiting for Peer Offer) is operation (sending Peer Discovery and waiting for Peer Offer) is
outside the DLEP Transaction Model (Section 8), as the Transaction outside the DLEP Transaction Model (Section 8), as the Transaction
Model only describes Messages on a TCP session. Model only describes Messages on a TCP session.
Routers receiving a Peer Offer Signal MUST use one of the modem Routers receiving a Peer Offer Signal MUST use one of the modem
address/port combinations from the Peer Offer Signal to establish a address/port combinations from the Peer Offer Signal to establish a
TCP connection to the modem, even if a priori configuration exists. TCP connection to the modem, even if a priori configuration exists.
If multiple connection point Data Items exist in the received Peer If multiple connection point Data Items exist in the received Peer
Offer Signal, routers SHOULD prioritize IPv6 connection points over Offer Signal, routers SHOULD prioritize IPv6 connection points over
IPv4 connection points. Routers supporting TLS [RFC5246] MUST IPv4 connection points. If multiple connection points exist with the
prioritize connection points using TLS over those that do not. If same transport (e.g. IPv6 or IPv4), implementations MAY use their
multiple connection points exist with the same transport (e.g. IPv6 own heuristics to determine the order in which they are tried. If a
or IPv4), implementations MAY use their own heuristics to determine TCP connection cannot be achieved using any of the address/port
the order in which they are tried. If a TCP connection cannot be combinations and the Discovery mechanism is in use, then the router
achieved using any of the address/port combinations and the Discovery SHOULD resume issuing Peer Discovery Signals. If no Connection Point
mechanism is in use, then the router SHOULD resume issuing Peer Data Items are included in the Peer Offer Signal, the router MUST use
Discovery Signals. If no Connection Point Data Items are included in the source address of the UDP packet containing the Peer Offer Signal
the Peer Offer Signal, the router MUST use the source address of the as the IP address, and the DLEP well-known port number.
UDP packet containing the Peer Offer Signal as the IP address, and
the DLEP well-known port number.
In the Peer Discovery state, the modem implementation MUST listen for In the Peer Discovery state, the modem implementation MUST listen for
incoming Peer Discovery Signals on the DLEP well-known IPv6 and/or incoming Peer Discovery Signals on the DLEP well-known IPv6 and/or
IPv4 link-local multicast address and port. On receipt of a valid IPv4 link-local multicast address and port. On receipt of a valid
Peer Discovery Signal, it MUST reply with a Peer Offer Signal. Peer Discovery Signal, it MUST reply with a Peer Offer Signal.
Modems MUST be prepared to accept a TCP connection from a router that Modems MUST be prepared to accept a TCP connection from a router that
is not using the Discovery mechanism, i.e. a connection attempt that is not using the Discovery mechanism, i.e. a connection attempt that
occurs without a preceding Peer Discovery Signal. occurs without a preceding Peer Discovery Signal.
Upon establishment of a TCP connection, both modem and router enter Implementations of DLEP SHOULD implement, and use, TLS [RFC5246] to
the Session Initialization state. It is up to the router protect the TCP session. The "dedicated deployments" discussed in
implementation if Peer Discovery Signals continue to be sent after Implementation Scenarios (Section 4) MAY consider use of DLEP without
the device has transitioned to the Session Initialization state. TLS. For all "networked deployments" (again, discussed in
Modem implementations MUST silently ignore Peer Discovery Signals Implementation Scenarios), implementation and use of TLS is STRONGLY
from a router with which it already has a TCP connection. RECOMMENDED. If TLS is to be used then the TLS session MUST be
established before any Messages are passed between peers. Routers
supporting TLS MUST prioritize connection points using TLS over those
that do not.
Upon establishment of a TCP connection, and TLS session if TLS is in
use, both modem and router enter the Session Initialization state.
It is up to the router implementation if Peer Discovery Signals
continue to be sent after the device has transitioned to the Session
Initialization state. Modem implementations MUST silently ignore
Peer Discovery Signals from a router with which it already has a TCP
connection.
7.2. Session Initialization State 7.2. Session Initialization State
On entering the Session Initialization state, the router MUST send a On entering the Session Initialization state, the router MUST send a
Session Initialization Message (Section 12.5) to the modem. The Session Initialization Message (Section 12.5) to the modem. The
router MUST then wait for receipt of a Session Initialization router MUST then wait for receipt of a Session Initialization
Response Message (Section 12.6) from the modem. Receipt of the Response Message (Section 12.6) from the modem. Receipt of the
Session Initialization Response Message containing a Status Data Item Session Initialization Response Message containing a Status Data Item
(Section 13.1) with status code set to 0 'Success', see Table 2, (Section 13.1) with status code set to 0 'Success', see Table 2,
indicates that the modem has received and processed the Session indicates that the modem has received and processed the Session
skipping to change at page 36, line 17 skipping to change at page 36, line 17
(Section 15.3)). (Section 15.3)).
There are no valid Data Items for the Heartbeat Message. There are no valid Data Items for the Heartbeat Message.
The Message is used by DLEP participants to detect when a DLEP The Message is used by DLEP participants to detect when a DLEP
session peer (either the modem or the router) is no longer session peer (either the modem or the router) is no longer
communicating, see Section 7.3.1. communicating, see Section 7.3.1.
13. DLEP Data Items 13. DLEP Data Items
Following is the list of core Data Items that MUST be recognized by a
DLEP compliant implementation. As mentioned before, not all Data
Items need be used during a session, but an implementation MUST
correctly process these Data Items when correctly associated with a
Signal or Message.
The core DLEP Data Items are: The core DLEP Data Items are:
+-------------+-----------------------------------------------------+ +-------------+-----------------------------------------------------+
| Type Code | Description | | Type Code | Description |
+-------------+-----------------------------------------------------+ +-------------+-----------------------------------------------------+
| 0 | Reserved | | 0 | Reserved |
| 1 | Status (Section 13.1) | | 1 | Status (Section 13.1) |
| 2 | IPv4 Connection Point (Section 13.2) | | 2 | IPv4 Connection Point (Section 13.2) |
| 3 | IPv6 Connection Point (Section 13.3) | | 3 | IPv6 Connection Point (Section 13.3) |
| 4 | Peer Type (Section 13.4) | | 4 | Peer Type (Section 13.4) |
skipping to change at page 60, line 18 skipping to change at page 59, line 40
as a DLEP peer, and injecting malicious data via DLEP, could cause as a DLEP peer, and injecting malicious data via DLEP, could cause
suboptimal route selection, adversely impacting network performance. suboptimal route selection, adversely impacting network performance.
Similar issues can arise if DLEP data is used as an input to policing Similar issues can arise if DLEP data is used as an input to policing
algorithms - injection of malicious data via DLEP can cause those algorithms - injection of malicious data via DLEP can cause those
policing algorithms to make incorrect decisions, degrading network policing algorithms to make incorrect decisions, degrading network
throughput. throughput.
For these reasons, security of the DLEP transport must be considered For these reasons, security of the DLEP transport must be considered
at both the transport layer, and at Layer 2. at both the transport layer, and at Layer 2.
At the transport layer, implementations of DLEP SHOULD implement, and At the transport layer, when TLS is in use, each peer SHOULD check
use, TLS [RFC5246] to protect the TCP session. The "dedicated the validity of credentials presented by the other peer during TLS
deployments" discussed in Implementation Scenarios (Section 4) MAY session establishment. Implementations following the "dedicated
consider use of DLEP without TLS. For all "networked deployments" deployments" model attempting use of TLS MAY need to consider use of
(again, discussed in Implementation Scenarios), implementation and pre-shared keys for credentials, and provide specialized techniques
use of TLS is STRONGLY RECOMMENDED. for peer identity validation. Implementations following the
When TLS is in use, each peer SHOULD check the validity of
credentials presented by the other peer during TLS session
establishment. Mobile implementations MAY need to consider use of
pre-shared keys for credentials; implementations following the
"networked deployment" model described in Implementation Scenarios "networked deployment" model described in Implementation Scenarios
SHOULD refer to [RFC7525] for additional details. SHOULD refer to [RFC7525] for additional details.
At layer 2 - since DLEP is restricted to operation over a single At layer 2 - since DLEP is restricted to operation over a single
(possibly logical) hop, implementations SHOULD also secure the Layer (possibly logical) hop, implementations SHOULD also secure the Layer
2 link. Examples of technologies that can be deployed to secure the 2 link. Examples of technologies that can be deployed to secure the
Layer 2 link include [IEEE-802.1AE] and [IEEE-802.1X]. Layer 2 link include [IEEE-802.1AE] and [IEEE-802.1X].
By examining the Secured Medium flag in the Peer Type Data Item By examining the Secured Medium flag in the Peer Type Data Item
(Section 13.4), a router can decide if it is able to trust the (Section 13.4), a router can decide if it is able to trust the
 End of changes. 15 change blocks. 
94 lines changed or deleted 92 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/