Re: [bess] Mirja Kühlewind's Discuss on draft-ietf-bess-mvpn-expl-track-12: (with DISCUSS and COMMENT)

Alvaro Retana <aretana.ietf@gmail.com> Thu, 25 October 2018 14:33 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E280A130E63; Thu, 25 Oct 2018 07:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.737
X-Spam-Level:
X-Spam-Status: No, score=-1.737 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hjv07wAKuU51; Thu, 25 Oct 2018 07:32:59 -0700 (PDT)
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2E5A130E61; Thu, 25 Oct 2018 07:32:58 -0700 (PDT)
Received: by mail-ot1-x32e.google.com with SMTP id p23so9298278otf.11; Thu, 25 Oct 2018 07:32:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=T6zQlhlLI3cC4NCsRFKSzz3lCjCAgrl7qtHv6sGB0v8=; b=VDT7l/EbssuPmDLv7k7uTHGfgYQLx36qXKEURqKaN/ruv9pzuOZQ7MsWG4lBx2pObd eU5Jdm03WHXnDxg3Or60aga2KFeMweliVtH61l/C0XmbmrPqtF2cagl60l+ukaBk3g6+ EM+QEWhulLM6c9UG7ctAet3ixE7pF08Y8nub8+jJEmcxhU9CnquW9CPU7Zf22JtTSZ/N Mb4mowoJnD/y3rW418y8ZzQili5e2fg7bYaXn0+1GUa8cXH78X/Xfa2cjFewPe3JV/ew Ym8uInsMS6JqmjJxKKKrnullEN5+5B6wIjGAJY9BYER6aA31lekD4qZ9nfsh4CUMl2Kh 90VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=T6zQlhlLI3cC4NCsRFKSzz3lCjCAgrl7qtHv6sGB0v8=; b=Xx5DVxHj6LbZ5mhQPE7e687Lm0YvYXc7q+HBuuJxfTB9yH/ScjwyoxjavRdPlSdlEp g7Va0zTU7MWvUVyW09O6EPsMXp1IvHKx/7MeAx6yDR15dv7OcYdotptcE1Tr+cz+D5+E NqQDQE2suZH2BYQSaOlWXoTk/IA4KDi4iTtrez53r31/8HQOw9nD/0zzUACcNiZczYaW 6tbjX48RA0BQ/qpDqCKI8fZAk+gR8nUCcsxIOQKUddDoYts7Ade3FlI/zEDHj2qv59b4 zE5GIYrbdRSiaR2KRMaCo4CeywwUwQtrQBV94pTj5UETTIV1eNEZutHaHl6PfA8wPEMg AEtQ==
X-Gm-Message-State: AGRZ1gKlDhCbmCMOIffpCHzXnrgCaQpzHjSfhekUpnKzbLejSncNyX/b TrHcmA6g5DNZ1Hpud4u0UYybbuDxwX/NsPJ7nXc=
X-Google-Smtp-Source: AJdET5fg+XZ9jmNes91Kt6sQcthJYnDi1Oq/d3nETbySM7rhLQjUFSe7qmFQP57oLzHVT6tc+IfRIKn7NhNYtH2rxQM=
X-Received: by 2002:a9d:7452:: with SMTP id p18mr1645700otk.50.1540477978329; Thu, 25 Oct 2018 07:32:58 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Thu, 25 Oct 2018 16:32:57 +0200
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <154038410206.6927.15775732681687781010.idtracker@ietfa.amsl.com>
References: <154038410206.6927.15775732681687781010.idtracker@ietfa.amsl.com>
X-Mailer: Airmail (527)
MIME-Version: 1.0
Date: Thu, 25 Oct 2018 16:32:57 +0200
Message-ID: <CAMMESsxDg0gWsGznQDxzKOdRP5jDTBtCCgDgUZ3NepWsieun-g@mail.gmail.com>
To: =?UTF-8?Q?Mirja_K=C3=BChlewind?= <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>
Cc: bess-chairs@ietf.org, bess@ietf.org, draft-ietf-bess-mvpn-expl-track@ietf.org, stephane.litkowski@orange.com
Content-Type: multipart/alternative; boundary="000000000000aec74a05790e7a8b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/pQVUDlG3FyuQQGoFxmvAjBAyiY4>
Subject: Re: [bess] =?utf-8?q?Mirja_K=C3=BChlewind=27s_Discuss_on_draft-ietf-?= =?utf-8?q?bess-mvpn-expl-track-12=3A_=28with_DISCUSS_and_COMMENT=29?=
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 14:33:01 -0000

Hi!

Protecting the control plane is a topic that is wider than this document…or
even wider than “just for BGP” (as covered by rfc7454).  Additional
recommendations are given in both rfc7454 and rfc6192 — this document
should then have a reference to them.

My 2c.

Alvaro.

On October 24, 2018 at 5:28:55 AM, Mirja Kühlewind (ietf@kuehlewind.net)
wrote:

----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

In section 9 (security considerations):
Thanks for discussing network load here! However, I find this sentence a bit

unsatisfactory:
„The specification of counter-measures for this problem is outside the scope

of this document.“
Isn’t there any easy way to make some more recommendations for counter
measures
that could be discussed here? E.g. implement some rate limiting or
filtering.
Or only accept LIR-PF request from preconfigured hosts (given that LIR-PF
support must anyway be pre-configured)? I’m not an expert on this topic and
therefore don’t know if any of such recommendations make sense, however, I
would quickly like to discuss if it is potentially possible to say more than

what’s current said. Thanks!