Re: [babel] Alvaro Retana's Discuss on draft-ietf-babel-rfc6126bis-12: (with DISCUSS and COMMENT)
Alvaro Retana <aretana.ietf@gmail.com> Fri, 09 August 2019 11:38 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5008120168; Fri, 9 Aug 2019 04:38:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jeZGydAqGiKM; Fri, 9 Aug 2019 04:38:34 -0700 (PDT)
Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9539512016A; Fri, 9 Aug 2019 04:38:33 -0700 (PDT)
Received: by mail-ed1-x541.google.com with SMTP id s49so59861281edb.1; Fri, 09 Aug 2019 04:38:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=T+e2O2YgOg2CeIsFY4wTK+kMP3rFyNpMgbpWNPTpCZ0=; b=HfnbAZf+cs81TyyUsQOG993j3qHq1n4AAr940ljeUcVUkmpzlxXzgZ0gGQ3hEvsQBX b5ZZbP2GfMcaptMUSc1ZKwjmoiLCw+dgKfYA2ynjVLPZXGPJh9i3AsjBsT7VuB2GB3Se 6pTya2BjFA0DNtEDIJz3ylU9wkuisYzTQDVNWuVBTvU3vDsiOwd/+cvIGx/KvAaNrtVR SA9Y2ee4gxfG4pXjxO/yaHOn7Nek+reLwVxCVLJpZxC31Ttsczww1SV+fJosPxGhpiB5 WddGH4e2Y+4+7Nlm1SxQCR4r3alXmR9qmHfOb85OrkfeYRkFmZf3LcuBuHK1I6XbFW5q CAkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=T+e2O2YgOg2CeIsFY4wTK+kMP3rFyNpMgbpWNPTpCZ0=; b=OXu4ra7aSYCiJGxu7jH3qWSw+y1Gwl0EZY4baHGrGn+o0Aigbjf5A/vhl3uFPBHjoG rrr36QJUQcTIAITbeU0lce6B+9Cn9gh+lFpLunRJT7HbNNR3wBQJ4HvytcrwugK/Nje5 10N5pwKOYroF9xJLc4qDww61CIAqDQG5BoFfPRuRhgYP5Ddl4UBbIKq1T22SgHP1nSBf o1IKT6ZqOLbek1pxd1aBjIz2BSSimLkg/CEW5OQeqDQxopsnLsTjKR8z9DgZSCwDZXo4 9c1ZooVuzb7Z1GFOmj8YU9r1cK84Qqq/ldhmxh7rJ2m3DLBSZPXe2BpdmGAiiB9Pt8q6 HElQ==
X-Gm-Message-State: APjAAAX7BEsK54Txdbf7sN+VR5cpMTfeEZgJ5GntCl/a8WorZmpWKmSD maxL0F9gdESCBYSUTngLxGyTwWaCi02+LXpN/iI=
X-Google-Smtp-Source: APXvYqyjGLm20ak5d26m95DS+grlo9jp7FPuUqyQwbK8rG0rAykfPFuy1vTyczIdaxfanAzaeELdP8alEf/LxHv/dOU=
X-Received: by 2002:a17:906:505:: with SMTP id j5mr17895000eja.261.1565350712164; Fri, 09 Aug 2019 04:38:32 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 9 Aug 2019 06:38:31 -0500
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <87tvarmhmi.wl-jch@irif.fr>
References: <156518456148.8400.6644665367614468260.idtracker@ietfa.amsl.com> <87y303x17h.wl-jch@irif.fr> <CAMMESszr+AC3-dhxKS0YhWJwADHVLSeQnUbYQ6Bz_QVN4yB-Qw@mail.gmail.com> <87tvarmhmi.wl-jch@irif.fr>
MIME-Version: 1.0
Date: Fri, 09 Aug 2019 06:38:31 -0500
Message-ID: <CAMMESszAsgyEc78VbuSBn-H+b5RuxQsyF_sDjER2me7DHEZJkg@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: The IESG <iesg@ietf.org>, draft-ietf-babel-rfc6126bis@ietf.org, Donald Eastlake <d3e3e3@gmail.com>, babel-chairs@ietf.org, babel@ietf.org
Content-Type: multipart/alternative; boundary="00000000000025cad2058fad9ddb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/DAFcOPcj0G3SDimuDJHtnWEIrgI>
Subject: Re: [babel] Alvaro Retana's Discuss on draft-ietf-babel-rfc6126bis-12: (with DISCUSS and COMMENT)
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2019 11:38:37 -0000
On August 8, 2019 at 6:12:24 PM, Juliusz Chroboczek (jch@irif.fr) wrote: ... > Please take a look at rfc5082 and consider using that mechanism instead. That's what ND does, right? It was considered (in the dark times before Babel was at IETF), and rejected. We behave like RIPng and OSPFv3: we use link-local addresses with a TTL of 1, and require checking that the source address of a received packet is link-local. But that doesn’t cover IPv4 properly. Are you saying that if both an IPv4 and IPv6 network-layer is available then IPv6 should be preferred? I think that would be a good statement to make. At any rate, changing it at this stage would break compatibility with the installed base, which would be the death of Babel. Not if you make it optional. >> - §4.6.10: "...if AE is 0 (in which case Plen MUST be 0 and Prefix is of >> length 0)." > No clarification is necessary here, just like no clarification is > necessary that for an IPv4 address, plen <= 32. > What do you mean by “no clarification is necessary”? I'll add a mention, but I believe it is redundant. No explicit mention that IPv4 routes with a prefix length of 57 are malformed and must be ignored. That's because IPv4 routes have a maximum prefix length of 32. Analoguously, AE 0 has a maximum prefix length of 0, and it si redundant to mention explicitly that AE 0 routes must not have a plen of 57. I brought this comment up because the text says that “Plan MUST be 0”. There are (I think) two different cases: - Plen doesn’t make sense, IPv4/57, for example. This is clearly malformed. - Plen doesn’t matter. In the case of AE = 0 in a Route Request, does it really matter what Plen is set to? IOW, if the request is ignored then no routes are provided… Going back to the use of MUST. I think consistency is important. In this case, there’s no explicit text saying that for AE = 1 Plen MUST be <=32. I then think it is ok to not make normative the setting for AE = 0. s/Plen MUST/Plen must >> - §4.6.10/§4.6.11: Is AE 3 a valid value in a request? I assume it isn't. >> What should a receiver do if AE = 3. > This case is allowed -- there's nothing in the protocol that disallows > announcing routes within fe80::/64. Of course, it would be silly to do so. > Silly doesn’t mean that someone won’t try it…and may end up filling up someone > else’s table with garbage. I think this is a vulnerability. Sure. I agree with you that a robust implementation of Babel should filter out fe80::/64, ff00::/8, as well as 0/8, 127.0.0.1/32 and 224.0.0/24. I just don't agree this filter needs to be hardwired in the protocol specification, it's an implementation detail and should be configurable. A case in point: babeld used to filter out Class-E addresses, and then this happened: https://alioth-lists.debian.net/pipermail/babel-users/2018-December/003492.html > As a point of reference, OSPFv3 doesn’t allow the advertisement of link-local > addresses as destinations. OSPFv3, like all link-state protocols, requires uniform filtering rules within an area, so it makes sense to standardise a default set of filtering rules. Babel, like any distance-vector protocol, has no such limitation (nodes with different filtering rules will interoperate just fine), so it's much more reasonable to leave filtering to the implementation. Ok. While I still think that not filtering out link-local routes is a vulnerability, please at least mention it: “An implementation may consider filtering useless information…or should provide configuration filters…. These are the considerations to do so (or not): potential too much garbage…” Thanks! Alvaro.
- [babel] Alvaro Retana's Discuss on draft-ietf-bab… Alvaro Retana via Datatracker
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Alvaro Retana
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Juliusz Chroboczek
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Vigoureux, Martin (Nokia - FR/Paris-Saclay)
- Re: [babel] Alvaro Retana's Discuss on draft-ietf… Donald Eastlake