IETF Logo Mail Archive

Re: [Anima-signaling] comments on GRASP-07 draft

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 30 September 2016 19:23 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima-signaling@ietfa.amsl.com
Delivered-To: anima-signaling@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E4A012B08F for <anima-signaling@ietfa.amsl.com>; Fri, 30 Sep 2016 12:23:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LBfNQgdCw6IB for <anima-signaling@ietfa.amsl.com>; Fri, 30 Sep 2016 12:23:55 -0700 (PDT)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1AFA12B13F for <anima-signaling@ietf.org>; Fri, 30 Sep 2016 12:23:55 -0700 (PDT)
Received: by mail-pa0-x231.google.com with SMTP id cd13so38036403pac.0 for <anima-signaling@ietf.org>; Fri, 30 Sep 2016 12:23:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=t0OD23bLAtkRiWcr+osX4KX1Hfps3OGcqCHUN4jdTOQ=; b=Hx2JiXE2A4lXjm9nNAusxMXzy8r98xCiWv61kyP7dk2hjH7KoeGTM3bAwmp9MXlOGd baTrxKo/z6uGBTR5iD06/kWu8o5W0MkLAK2glV8OkTti4hp3ZXKZWPLJQbiE8u3OpsTE HDg5obXC6r6Hck6h5LPF4zJgrKJELZA0CRyWe58Wlk7cw3bYXtkciYKXoH9u4+pyiN+o NaJwYJDi/+4kzSt+B9u7b0Y1KuA09whZsEAKsi44tX5Lv8scBGI0CXWqKQN3NZGBpFHv On9mm5J/FyLMafBSB2gq+rpurW6+K8cdeZVaF8iXZKBFJK0f3zOkgooqsNFZjDXSmG5C Wh8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=t0OD23bLAtkRiWcr+osX4KX1Hfps3OGcqCHUN4jdTOQ=; b=WffNlNTuhCAkMg03py7G9J5JhQ/+IiodRTCaFJgAu5M54IR3CYYJ3AmZYhwpRMC3jr 5nt/VvZHuGvfGhWEr+P6kDA8qNiZ0QOf93OCCarwyJs8skvcP26WSDpyrIgur5i5UyoV KyB5KxfW/MZ5ql1Z97tChFTySFtqLeJCg9mUVTHJhpuvQU+T5DDT09VVOBWGJ6UYykxI 8AXuu/gmUF5dAjMdV7QrImdAZsO6DwB1+D7pTAk/K+8lwNPKvu9jfZ9aZlmX1gvMjkH8 6s5rUcKb5vdlsDVDu6cA+bLFQsbrR20CSJ/37AF4Kr0JrpA3EZqYQ2cawoCrUZE2aOqZ H3PA==
X-Gm-Message-State: AA6/9Rmn3fxft7KJwoWnP7lJTIZZnV4l82GCb/S43BtghxqE4c5OqGfBIObE2YSGVq64Wg==
X-Received: by 10.66.190.161 with SMTP id gr1mr14124676pac.156.1475263435059; Fri, 30 Sep 2016 12:23:55 -0700 (PDT)
Received: from [192.168.178.23] ([118.148.117.30]) by smtp.gmail.com with ESMTPSA id u19sm29697425pfa.40.2016.09.30.12.23.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Sep 2016 12:23:54 -0700 (PDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>, anima-signaling <anima-signaling@ietf.org>
References: <27023.1475255753@obiwan.sandelman.ca>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <f1f500f9-e7ed-bf2d-dc73-619557971e54@gmail.com>
Date: Sat, 01 Oct 2016 08:24:02 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <27023.1475255753@obiwan.sandelman.ca>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-signaling/rBGMTVRglP4-SGvdIHh9tdWg2wM>
Subject: Re: [Anima-signaling] comments on GRASP-07 draft
X-BeenThere: anima-signaling@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the signaling design team of the ANIMA WG <anima-signaling.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-signaling>, <mailto:anima-signaling-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-signaling/>
List-Post: <mailto:anima-signaling@ietf.org>
List-Help: <mailto:anima-signaling-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-signaling>, <mailto:anima-signaling-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2016 19:23:58 -0000

Thanks much Michael. Do you want to repeat this on the main Anima list
in response to the last call? Regardless, I will respond next week
(it's already Saturday here). Our Chinese colleagues are all off now
for their National Day holiday week.

Regards
   Brian

On 01/10/2016 06:15, Michael Richardson wrote:
> 
> I read draft-ietf-anima-grasp-07 from beginning to end.
> This is probably my first read through in many months.
> I will be happy to turn these into issues in the tracker if told to do so.
> 
> I am overall pleased with the document, it read well.
> 
> I did feel like there was a section missing between 2 and 3, that gives a
> detailed architecture use of GRASP, without resorting to bits on the wire.
> 
> I think that section 3.3 is trying to do this, but it failing because it gets
> into security before it has explained anything about how things work.
> Maybe if 3.3.1/3.3.2 were moved to a new section 3.3b entitles "Protocol Security"
> or some such.
> 
> I had to go learn about CDDL from  draft-greevenbosch-appsawg-cbor-cddl-08
> (now -09), and then how it maps to bytes on the wire.
> 
> Can we please have some worked through examples with bytes on the wire?
> I will attempt to contribute some.
> 
> 
> Some specific text that I didn't like:
> 
> 3.3.4,  Discovery Procedures section says:
> 
>          An exponential backoff SHOULD be
>          used for subsequent repetitions, in order to mitigate possible
>          denial of service attacks.
> 
> I agree that an exponential backoff SHOULD be used by senders in order to
> deal with overloads due to unintentional in corrolations of senders.
> But, telling well-behaved senders what to do does nothing to mitigate denial
> of service attacks.  The point is that the malicious attackers are not
> well-behaved.
> 
> If the point is to tell responders that they should backoff in their replies,
> or rate limit their replies, then that would make sense, but since the reply
> will be by TCP (as I understand it), then the opportunity to do forged source
> address attacks is rather low.
> 
> Later in that section, it says:
>          A GRASP device with multiple link-layer interfaces (typically a
>          router) MUST support discovery on all interfaces.  If it
>          receives a Discovery message on a given interface for a
>          specific objective that it does not support and for which it
>          has not previously cached a Discovery Responder, it MUST relay
>          the query by re-issuing a Discovery message as a link-local
>          multicast on its other interfaces.  The relayed discovery
>          message MUST have the same Session ID as the incoming discovery
>          message and MUST be tagged with the IP address of its original
>          initiator.  Since the relay device is unaware of the timeout
>          set by the original initiator it SHOULD set a timeout at least
>          equal to GRASP_DEF_TIMEOUT milliseconds.
> 
> 
> Could we rewrite this into positive language, and also split it up, and maybe
> even number some of these things.   I suggest:
> 
> 3.3.4.1     GRASP discovery relaying by routers
> 
>          A GRASP device with multiple link-layer interfaces (typically a
>          router) MUST support discovery on all interfaces.
> 
>          Different interfaces may be at different security levels: each group
>          of interfaces with the same security level SHOULD be serviced by the
>          same GRASP process, except for Limited Security Instances which are
>          always single-interface instances.
> 
>          When a router receives a Discovery message on any interface,
>          for an objective that it supports, then acting like any other
>          GRASP device, it replies to it.
> 
>          When a router receives a Discovery message for an objective that
>          it does not support, but which for which it has previously cached
>          a response, then it replies to that request with the cached
>          information.
> 
>          When a router receives a Discovery message for an objective that
>          it does not support, and for which it has no cached response, then
>          it MUST relay the query by re-issuing a Discovery message as a link-local
>          multicast on ALL of its other interfaces which are at the same
>          security level as the incoming interface.
> 
>          The relayed discovery message formed MUST have the same Session ID
>          as the incoming discovery message and MUST be tagged (XXX HOW?)
>          with the IP address of its original initiator.  Since the relay
>          device is unaware of the timeout set by the original initiator it
>          SHOULD set a timeout at least equal to GRASP_DEF_TIMEOUT milliseconds.
> 
> 
> section 3.7.3 says:
>    The discovery initiator sends the Discovery messages via UDP to port
>    GRASP_LISTEN_PORT at the link-local ALL_GRASP_NEIGHBOR multicast
>    address.  It then listens for unicast TCP responses on the same port,
>    and stores the discovery results (including responding discovery
>    objectives and corresponding unicast locators).
> 
> 
> I have a problem with the mixing of UDP and TCP port numbers in this way.
> First of all, this is text is ambiguous because the binding of "same" is
> unclear to me.  Let me number things so that the ambiguity is clear:
>           sender:       UDP from: X  -> to: GRASP_LISTEN_PORT
>           responder:    TCP from: Z  -> to: Y
> 
>   "then listens for unicast TCP responses on the same port"
> 
> could mean that         Y = GRASP_LISTEN_PORT,
> or it could mean that   Y = X
> 
> Could we just *say* in the UDP which port the initiator is going to listen on?
> 
> Assuming Y=GRASP_LISTEN_PORT, may I suggest that if we say port '0' that it
> means grasp_listen_port, which is often GRASP_LISTEN_PORT, except if one
> might be debugging,etc. when one might set it to another port.   That is, we
> normally say, "0" to mean GRASP_LISTEN_PORT whatever it might be at that
> moment.  When we to reach at a port!="0", then we mean that port.
> 
> Y=X can be made to work if one picks X well, but may be unworkable on some
> platforms.
> 
> (I'm saying this mostly from experience with IKE, which originally said to
> ignore the source port of the UDP, and always use 500, which was a problem
> when it came to NAT traversal, but more to the point, it made it sometimes
> painful to test in-vitro).
> 
> I'm understanding that ONLY Discovery requests go out via UDP, but that all
> Discovery responses occur via TCP.  I'm a bit concerned about this process
> during bootstrap.  The Discovery initiator will have to be prepared for many
> TCP connections...  I guess we had assumed that the reply would be UDP as
> well.
> 
> 
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> 
> 
> 
> 
> 
> _______________________________________________
> Anima-signaling mailing list
> Anima-signaling@ietf.org
> https://www.ietf.org/mailman/listinfo/anima-signaling
>

v2.23.0 | Report a Bug | By Email