Progress with draft-ietf-ccamp-rsvp-restart-ext
"Adrian Farrel" <adrian@olddog.co.uk> Sat, 30 June 2007 22:45 UTC
Return-path: <owner-ccamp@ops.ietf.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I4lhG-00015Z-Dd for ccamp-archive@ietf.org; Sat, 30 Jun 2007 18:45:42 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I4lhC-0006GT-1V for ccamp-archive@ietf.org; Sat, 30 Jun 2007 18:45:42 -0400
Received: from majordom by psg.com with local (Exim 4.67 (FreeBSD)) (envelope-from <owner-ccamp@ops.ietf.org>) id 1I4lY1-0007In-J0 for ccamp-data@psg.com; Sat, 30 Jun 2007 22:36:09 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.8
Received: from [62.128.193.153] (helo=mta3.iomartmail.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67 (FreeBSD)) (envelope-from <adrian@olddog.co.uk>) id 1I4lXq-0007IA-7R for ccamp@ops.ietf.org; Sat, 30 Jun 2007 22:36:04 +0000
Received: from mta3.iomartmail.com (localhost.localdomain [127.0.0.1]) by mta3.iomartmail.com (8.12.11.20060308/8.12.11) with ESMTP id l5UMYfu1022331; Sat, 30 Jun 2007 23:34:41 +0100
Received: from your029b8cecfe (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by mta3.iomartmail.com (8.12.11.20060308/8.12.11) with ESMTP id l5UMYdkf022229; Sat, 30 Jun 2007 23:34:40 +0100
Message-ID: <04a201c7bb66$d83dde20$0a23fea9@your029b8cecfe>
Reply-To: Adrian Farrel <adrian@olddog.co.uk>
From: Adrian Farrel <adrian@olddog.co.uk>
To: ccamp@ops.ietf.org
Cc: Ross Callon <rcallon@juniper.net>, dward@cisco.com, 'Sam Hartman' <hartmans-ietf@mit.edu>, "Brungard, Deborah A, ALABS" <dbrungard@att.com>
Subject: Progress with draft-ietf-ccamp-rsvp-restart-ext
Date: Sat, 30 Jun 2007 23:34:33 +0100
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Sender: owner-ccamp@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6e922792024732fb1bb6f346e63517e4
Hi, The Routing ADs and chairs got together with Sam (as Security AD) to work through Sam's Discuss on this I-D. Sam had some clear concerns about the trust model and security consequences introduced by the restart mechanisms introduced by this I-D. By dint of some hard work and open communication we have netted down the concerns and come up with a small set of changes to the draft that address Sam's concerns and make the draft clearer. I don't believe that these edits in any way change the technical content of the draft, but they do make it clearer what you are not allowed to do. So I won't be issuing another WG last call, and there won't be another IETF last call. But please look through the changes (below) and shout if there are any issues. It is still not too late to fine tune. Thanks, Adrian === Abstract Add new 4th paragraph. These extensions are not used to create or restore data plane state. === Section 3. Introduction Paragraph 2 begins... This document presents extensions to address two aspects of graceful restart not previously supported. The presented extensions enable a restarting node to recover all objects in previously transmitted Path messages including the Explicit Route Object (ERO), from its downstream neighbors. Append to this... and so recover control plane state. The extensions do not facilitate the recovery or creation of data/forwarding plane state, and can only be used to re-establish control plane state which matches in-place data/forwarding state. === Section 4.3. Related Procedures Add new 4th paragraph. There are no changes to the procedures with respect of the data/forwarding plane as described in [RFC3473]. In particular, a restarting node MUST NOT create data/forwarding plane state as the result of any of the extensions defined in this document. === 4.5.2. Procedures for the Restarting Node Add to end of first paragraph. The restarting node MUST NOT create data plane or forwarding state to match the received RecoveryPath message. === 4.5.2.2. Re-Synchronization Procedures Replace the final paragraph OLD If no forwarding state is located, the node treats the path message as a setup for a new LSP. The outgoing interface and label(s) indicated in the RecoveryPath message SHOULD be reused, when possible. All other information contained in the RecoveryPath message MAY also be used. NEW If no forwarding state is located, the node treats the received Path message as a setup request for a new LSP. The outgoing interface and label(s) indicated in the RecoveryPath message SHOULD be reused, when possible. All other information contained in the RecoveryPath message MAY also be used. That is, forwarding state MUST NOT be created except after receipt of a Path message from upstream or, at an ingress node, the receipt of a command from the management plane. Further, the forwarding state created is subject to local policy and the information received from downstream in the RecoveryPath message is treated only as advisory. === 6. Security Considerations Add a final paragraph. Note that the procedures defined in this document cannot be used to create false forwarding state. The restarting node that receives a RecoveryPath message that does not match the existing forwarding state MUST NOT create or modify its forwarding state to match. A restarting node SHOULD log such an event or otherwise notify the operator since it might represent an attack.
- Progress with draft-ietf-ccamp-rsvp-restart-ext Adrian Farrel