IETF Logo Mail Archive

[bess] Re: Secdir last call review of draft-ietf-bess-evpn-mh-split-horizon-09

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 08 July 2024 16:30 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F569C28EB25; Mon, 8 Jul 2024 09:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.994
X-Spam-Level:
X-Spam-Status: No, score=-1.994 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QTMKhUntMP1; Mon, 8 Jul 2024 09:30:11 -0700 (PDT)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CDACC1E5907; Mon, 8 Jul 2024 09:30:06 -0700 (PDT)
Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-4265b7514fcso15665475e9.1; Mon, 08 Jul 2024 09:30:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720456194; x=1721060994; darn=ietf.org; h=content-transfer-encoding:cc:to:references:message-id:in-reply-to :thread-topic:subject:from:date:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=53C0HUf7fp+aBNkdJXKVEvHubpKbD0PfZvOwiAAqENM=; b=hKs0I/VktsmfG8OioCh4v9u296fFakf8k1SoiYITnlugTHes+cjdrIr48gVIBo4u4L Pnh1IPIyOAUyGlg1+k3sRtb8okEpkhmCbEY1RgB/fLGWrsvERiWHqLdcNi1qbhXuYU6s 5/usF1In1KfTzSjlnUAZR2mvS9qYVUM4OhzqxtHHSNKW22vGy01t5b8Thn+xbNmCmp7u bRZnSH92aVJHYPEy0QwPgmSWBM5kFVXyUdfbCtTWbYwEZDjwwnRLCjU9pzIl7VRefb+6 MNwu9loJVymsNf2rpWVR21gyWSidQxgtzKPPLcYo3ND+5hJa7h41eBlb4NrNbX5jux0I ngOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720456194; x=1721060994; h=content-transfer-encoding:cc:to:references:message-id:in-reply-to :thread-topic:subject:from:date:mime-version:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=53C0HUf7fp+aBNkdJXKVEvHubpKbD0PfZvOwiAAqENM=; b=TaUU4QW3LwkglQRPzhpn2dXnzDahXtJymli6PA5RnyQvsObwva9l0znO577kkGb11y RW/nM164WmlC5XDB3DikEezqWmG58EMHebsl/ARWQfvdGO4mIZH2fnlUCIsYqbp0r3Q+ OqF/uoEHxmkktCl4qoaqtLbd/r7pkoCJM2cniJuX0cO6DyZx8fzW32acAyYcktBHPkk2 Qz7HzHIPF6RK3ynrgdibKSlw47C8hENuCuAXlgQnUlYRZLgoD9rG96ZkCgwv9U4HC2Id Wh6JG0gE+NMQ3RrCwA85ZmIWnWfo6vBhmDWTy9UbGJlOVIttjglInXswSWNpMbOP5x73 WeHA==
X-Forwarded-Encrypted: i=1; AJvYcCXHTiiZtA5HZK8ZtXAtkVOemNiIwQfiRps+0oy6I9wGb+yDH95tX2/uHhmoRvYcRnA6L8OmujvI4bdwBGAxwedJ+wj1wCIhwJFWY45PYBMe8b9JmXa2BaoRlVR5JZrds6fnCoriDM8jnWDCAKt1OaARSVLdJiP/7PhvK9/Ap44indh61d74bVk=
X-Gm-Message-State: AOJu0Yx8yiuRXUtp1aDo2iu+ZdoZ2KCHokeKEoiMN4zojK/7WuDI2+ey if4IHMn+fwSZ3bTKctf0urP60vj/5IXogPAIue8bb8wDr3pIioC0O+/lMw==
X-Google-Smtp-Source: AGHT+IGBkfRntKfabLLGDHPNJ7Z+KBgCzmqh3RSHULb1u3YLaPotZ6AsPi8jLWJ/ekpKduLNdxJEoQ==
X-Received: by 2002:a7b:c413:0:b0:426:5b17:8458 with SMTP id 5b1f17b1804b1-4265b17853emr75874755e9.12.1720456194307; Mon, 08 Jul 2024 09:29:54 -0700 (PDT)
Received: from macos-F7LQR2FV6V (IGLD-84-229-146-123.inter.net.il. [84.229.146.123]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4264a1d6435sm168464005e9.15.2024.07.08.09.29.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jul 2024 09:29:53 -0700 (PDT)
MIME-Version: 1.0
Date: Mon, 08 Jul 2024 19:29:50 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Thread-Topic: Secdir last call review of draft-ietf-bess-evpn-mh-split-horizon-09
In-Reply-To: <SA1PR08MB7215683DADBD7F51B7DD70B5F7DA2@SA1PR08MB7215.namprd08.prod.outlook.com>
Message-ID: <D2634058-59D8-1F42-BEA2-B2F37ECFEE6D@hxcore.ol>
References: <171976427129.304681.11374299341736937769@dt-datatracker-5f88556585-g8gwj>,<SA1PR08MB7215683DADBD7F51B7DD70B5F7DA2@SA1PR08MB7215.namprd08.prod.outlook.com>
To: "Jorge Rabadan (Nokia)" <jorge.rabadan@nokia.com>, "secdir@ietf.org" <secdir@ietf.org>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
Message-ID-Hash: MFGDIP7NF3XS2ZFUNJZ3SICOXUFBYTI2
X-Message-ID-Hash: MFGDIP7NF3XS2ZFUNJZ3SICOXUFBYTI2
X-MailFrom: yaronf.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-bess.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "bess@ietf.org" <bess@ietf.org>, "draft-ietf-bess-evpn-mh-split-horizon.all@ietf.org" <draft-ietf-bess-evpn-mh-split-horizon.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [bess] Re: Secdir last call review of draft-ietf-bess-evpn-mh-split-horizon-09
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/5OlcIeKVRpLmxrYMpJ_J9rHgKQs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Owner: <mailto:bess-owner@ietf.org>
List-Post: <mailto:bess@ietf.org>
List-Subscribe: <mailto:bess-join@ietf.org>
List-Unsubscribe: <mailto:bess-leave@ietf.org>

Looks good. Thank you Jorge!

 

From: Jorge Rabadan (Nokia) <jorge.rabadan@nokia.com>
Date: Monday, 8 July 2024 at 18:23
To: Yaron Sheffer <yaronf.ietf@gmail.com>, secdir@ietf.org <secdir@ietf.org>
Cc: bess@ietf.org <bess@ietf.org>, draft-ietf-bess-evpn-mh-split-horizon.all@ietf.org <draft-ietf-bess-evpn-mh-split-horizon.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>
Subject: Re: Secdir last call review of draft-ietf-bess-evpn-mh-split-horizon-09

Hi Yaron,

 

Thanks very much for the review. Version 10 has just been published, addressing your comments.

 

Please find in-line some responses to your comments, with [jorge].

Thank you!

Jorge

 

From: Yaron Sheffer via Datatracker <noreply@ietf.org>
Date: Sunday, June 30, 2024 at 9:17AM
To: secdir@ietf.org <secdir@ietf.org>
Cc: bess@ietf.org <bess@ietf.org>, draft-ietf-bess-evpn-mh-split-horizon.all@ietf.org <draft-ietf-bess-evpn-mh-split-horizon.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>
Subject: Secdir last call review of draft-ietf-bess-evpn-mh-split-horizon-09


CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.



Reviewer: Yaron Sheffer
Review result: Has Nits

This document defines a way to explicitly share the multi-homing split horizon
procedures over BGP, for a large variety of NVO use cases. This reviewer is not
familiar with the EVPN ecosystem, and comments below may reflect my own
ignorance.

In general: the document is clear, and does not appear to create any novel
security risks.

2.1: the first two paragraphs are duplicates.

[jorge] good catch. Removed the first one, thanks.



2.2: "A received A-D per ES route where Single-Active and SHT bits are
different from zero MUST be treat-as-withdraw" - IIUC, this is very fragile
behavior, where an incorrect flag results in the entire path being removed. Why
does this behavior make more sense than simply ignoring the SHT bits?

[jorge] If the single-active bit is set, then the Ethernet Segment only supports one split horizon type and there is no need to signal anything in the SHT. Receiving something different from 00 may mean that the advertising node has a bug and it may intend to do something wrong. Since the split horizon function deals with loop/packet duplication, which may be harmful in most cases, we thought we should be strict about this, hence the treat-as-withdraw behavior. Hope it is ok.



2.2: For the Geneve use case: is the value "10" always valid, or is it only
valid if the ESI-Label is present? The text is unclear.

[jorge] good point. Changed to:

“A value of 10 indicates the intent to use ESI Label-based Split Horizon, and it is only valid if an Ethernet option TLV with non-zero Source-ID is present”



4: "The security considerations relevant to multihoming" - is it clear to all
readers which security considerations these are? Are you referring to the
entirety of Sec. 19 of RFC7432?

[jorge] I think it is better to change it to :

“All the security considerations described in RFC7432 are applicable to this document.”



4: "unauthorized changes to the SHT configuration by an attacker should not
cause traffic disruption" - when various kinds of misconfiguration are "treat
as withdraw", how does that NOT cause traffic disruption? I would assume that
when the route is withdrawn, eventually traffic is disrupted.

[jorge] the assumption is that the misconfigurations are options allowed in this document. Only the options that are invalid may cause the treat-as-withdraw behavior. I tried to clarify with this modified paragraph:

“Apart from this risk, this document describes procedures to ensure that all Provider Edge (PE) devices or Network Virtualization Edges (NVEs) connected to the same Ethernet Segment (ES) agree on a common SHT method, with a fallback to a default behavior in case of a mismatch in the SHT bits being advertised by any two PEs or NVEs in the Ethernet Segment. Consequently, unauthorized changes to the SHT configuration by an attacker on a single PE or NVE of the Ethernet Segment should not cause traffic disruption (as long as the SHT value is valid as per this document) but may result in alterations to forwarding behavior.”

 

 



7: the Contributors section is empty.

[jorge] removed. Thanks!

 

v2.35.0 | Report a Bug | By Email | System Status