IETF Logo Mail Archive

Progress with draft-ietf-ccamp-rsvp-restart-ext

"Adrian Farrel" <adrian@olddog.co.uk> Sat, 30 June 2007 22:45 UTC

Return-path: <owner-ccamp@ops.ietf.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I4lhG-00015Z-Dd for ccamp-archive@ietf.org; Sat, 30 Jun 2007 18:45:42 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I4lhC-0006GT-1V for ccamp-archive@ietf.org; Sat, 30 Jun 2007 18:45:42 -0400
Received: from majordom by psg.com with local (Exim 4.67 (FreeBSD)) (envelope-from <owner-ccamp@ops.ietf.org>) id 1I4lY1-0007In-J0 for ccamp-data@psg.com; Sat, 30 Jun 2007 22:36:09 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.8
Received: from [62.128.193.153] (helo=mta3.iomartmail.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67 (FreeBSD)) (envelope-from <adrian@olddog.co.uk>) id 1I4lXq-0007IA-7R for ccamp@ops.ietf.org; Sat, 30 Jun 2007 22:36:04 +0000
Received: from mta3.iomartmail.com (localhost.localdomain [127.0.0.1]) by mta3.iomartmail.com (8.12.11.20060308/8.12.11) with ESMTP id l5UMYfu1022331; Sat, 30 Jun 2007 23:34:41 +0100
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by mta3.iomartmail.com (8.12.11.20060308/8.12.11) with ESMTP id l5UMYdkf022229; Sat, 30 Jun 2007 23:34:40 +0100
Message-ID: <04a201c7bb66$d83dde20$0a23fea9@your029b8cecfe>
Reply-To: Adrian Farrel <adrian@olddog.co.uk>
From: Adrian Farrel <adrian@olddog.co.uk>
To: ccamp@ops.ietf.org
Cc: Ross Callon <rcallon@juniper.net>, dward@cisco.com, 'Sam Hartman' <hartmans-ietf@mit.edu>, "Brungard, Deborah A, ALABS" <dbrungard@att.com>
Subject: Progress with draft-ietf-ccamp-rsvp-restart-ext
Date: Sat, 30 Jun 2007 23:34:33 +0100
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Sender: owner-ccamp@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6e922792024732fb1bb6f346e63517e4

Hi,

The Routing ADs and chairs got together with Sam (as Security AD) to work 
through Sam's Discuss on this I-D.

Sam had some clear concerns about the trust model and security consequences 
introduced by the restart mechanisms introduced by this I-D. By dint of some 
hard work and open communication we have netted down the concerns and come 
up with a small set of changes to the draft that address Sam's concerns and 
make the draft clearer.

I don't believe that these edits in any way change the technical content of 
the draft, but they do make it clearer what you are not allowed to do. So I 
won't be issuing another WG last call, and there won't be another IETF last 
call.

But please look through the changes (below) and shout if there are any 
issues. It is still not too late to fine tune.

Thanks,
Adrian
===
Abstract
Add new 4th paragraph.

   These extensions are not used to create or restore data plane state.

===
Section 3. Introduction

Paragraph 2 begins...

   This document presents extensions to address two aspects of graceful
   restart not previously supported.  The presented extensions enable a
   restarting node to recover all objects in previously transmitted Path
   messages including the Explicit Route Object (ERO), from its
   downstream neighbors.

Append to this...

   and so recover control plane state. The extensions do not facilitate
   the recovery or creation of data/forwarding plane state, and can only
   be used to re-establish control plane state which matches in-place
   data/forwarding state.

===
Section 4.3.  Related Procedures

Add new 4th paragraph.

   There are no changes to the procedures with respect of the
   data/forwarding plane as described in [RFC3473]. In particular, a
   restarting node MUST NOT create data/forwarding plane state as the
   result of any of the extensions defined in this document.

===
4.5.2.  Procedures for the Restarting Node

Add to end of first paragraph.

   The restarting node MUST NOT create data plane or forwarding
   state to match the received RecoveryPath message.

===
4.5.2.2.  Re-Synchronization Procedures

Replace the final paragraph

OLD
   If no forwarding state is located, the node treats the path message
   as a setup for a new LSP.  The outgoing interface and label(s)
   indicated in the RecoveryPath message SHOULD be reused, when
   possible.  All other information contained in the RecoveryPath
   message MAY also be used.

NEW
   If no forwarding state is located, the node treats the received Path
   message as a setup request for a new LSP.  The outgoing interface and
   label(s) indicated in the RecoveryPath message SHOULD be reused, when
   possible.  All other information contained in the RecoveryPath
   message MAY also be used. That is, forwarding state MUST NOT be
   created except after receipt of a Path message from upstream or, at
   an ingress node, the receipt of a command from the management plane.
   Further, the forwarding state created is subject to local policy and
   the information received from downstream in the RecoveryPath message
   is treated only as advisory.

===
6.  Security Considerations

Add a final paragraph.

   Note that the procedures defined in this document cannot be used to
   create false forwarding state.  The restarting node that receives a
   RecoveryPath message that does not match the existing forwarding
   state MUST NOT create or modify its forwarding state to match.  A
   restarting node SHOULD log such an event or otherwise notify the
   operator since it might represent an attack.

v2.23.0 | Report a Bug | By Email