IETF Logo Mail Archive

Re: [CCAMP] Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)

Alvaro Retana <aretana.ietf@gmail.com> Fri, 01 December 2017 18:33 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: ccamp@ietfa.amsl.com
Delivered-To: ccamp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 396CE127873; Fri, 1 Dec 2017 10:33:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P_S3bL_oRGYc; Fri, 1 Dec 2017 10:33:51 -0800 (PST)
Received: from mail-ot0-x242.google.com (mail-ot0-x242.google.com [IPv6:2607:f8b0:4003:c0f::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 982F712762F; Fri, 1 Dec 2017 10:33:51 -0800 (PST)
Received: by mail-ot0-x242.google.com with SMTP id j2so9791433ota.13; Fri, 01 Dec 2017 10:33:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=TJ15yTka8tEY3ZpftwtEoh9wVISp1Fomr7HC5YSflZQ=; b=QDk6mwjgppcWnN+qoFdbFR0/ksFnQMAKVtr0UUSbQciDACCgb5OBkqeJhRwrKhVtVg CnO7Ue23E1zW9lUyFbyzT8FNxJ3YbbFx7jJShfMJuTMUem/PA1OC1duW3R9dBxM6M/N6 Blg1vZjySxottKX0+V/0jNDKNFgmFIhoy41FW1FQo48G+0VHiSaWCIG2WqJhzSne1Sbt An6yR7/UfzjsSShC3MNy4PeEfK7IVc3M9APJ0POMW3we8C9G6py8DMcjIlyYy+cLX+U4 jVHI21h1qjXa8WiBFIehE6sIt7n4+5nIguvjs7EP/u57R3rjjYbjrsIakavGZ7m/7X4T vFsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=TJ15yTka8tEY3ZpftwtEoh9wVISp1Fomr7HC5YSflZQ=; b=RMruyO/032uCq87WQWVhVv2Qr8GhXDs+0N5bajYdA5yWRAUL10HtM1k30BmbaYQFQW 2cm+nMnrcSmlXhwIl0C1yE8vvm/DUsXVsVwpI/iFeIQGCH3anHR1y27KLorJZbhAkuqn BhjpDRj5eyjHXIOlDDJuxkDzZHWpuAr3wbqMYqUNTZwDOR4fj73GIigY6+PAppoQRKfl aGjWyWOOuDVCvEZX1ALa2+Zkno+dDT54CwlYwubin4kpLs3OuY/tV2hA2b2yhGXR24DC 1wXOET0pgB674GjXT/iR3M0o+toZOHgCQwVZoyNWZJs0AqI+NA2ASA8s1PeCyYLdNWo2 PRXA==
X-Gm-Message-State: AJaThX6CFJKJe299Zx+hnaGTG+HllHGNYgy5AHfz9eZJjeNtxQpvlhBL fs6JXc4nfa+o0WWW+pNK6U3i4C254ZK7t3qtFAM=
X-Google-Smtp-Source: AGs4zMYm7SWZLGRFfnD/5p+OWwg4Xi9qCeiT9xON/zwAFj3YFOy4QbOsiUSHR0DBZw8OEE5gfKls6fW2foumE5PKIMU=
X-Received: by 10.157.53.16 with SMTP id o16mr9095037otc.307.1512153230778; Fri, 01 Dec 2017 10:33:50 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 1 Dec 2017 13:33:50 -0500
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <F64C10EAA68C8044B33656FA214632C8881D7A8C@MISOUT7MSGUSRDE.ITServices.sbc.com>
References: <150766267307.13579.9907623355727477623.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FC7591FFA@DGGEMA501-MBX.china.huawei.com> <CAMMESszqT+Tj6iVg8SBdAsmC3hkX9N7WDsMqZLo98H4H50uwPQ@mail.gmail.com> <HE1PR0701MB2714C95C04A08482402C103FF0480@HE1PR0701MB2714.eurprd07.prod.outlook.com> <CAMMESszDqJCkWg1yrgjxAuLr+bKEZU=r+cP1Xsi3U5GKVeByhg@mail.gmail.com> <F64C10EAA68C8044B33656FA214632C8881D7A8C@MISOUT7MSGUSRDE.ITServices.sbc.com>
X-Mailer: Airmail (461)
MIME-Version: 1.0
Date: Fri, 01 Dec 2017 13:33:50 -0500
Message-ID: <CAMMESsw5y+EiUqNF3JQoxNQ-d6tJQRzb6hRxdMTHd49m8DHUJg@mail.gmail.com>
To: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>, "Yemin (Amy)" <amy.yemin@huawei.com>, "BRUNGARD, DEBORAH A" <db3546@att.com>
Cc: Fatai Zhang <zhangfatai@huawei.com>, "draft-ietf-ccamp-ospf-availability-extension@ietf.org" <draft-ietf-ccamp-ospf-availability-extension@ietf.org>, "ccamp-chairs@ietf.org" <ccamp-chairs@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a113dff2c2aa580055f4b9c9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ccamp/Z3sFQ2zco_78lA-GsYMX8fmWWMg>
Subject: Re: [CCAMP] Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)
X-BeenThere: ccamp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion list for the CCAMP working group <ccamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ccamp>, <mailto:ccamp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ccamp/>
List-Post: <mailto:ccamp@ietf.org>
List-Help: <mailto:ccamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ccamp>, <mailto:ccamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 18:33:55 -0000

Hi!

This works for me.

Thanks!

Alvaro.

On November 28, 2017 at 6:13:15 PM, BRUNGARD, DEBORAH A (db3546@att.com)
wrote:

Hi,



I’ve been following this discussion, and as many aspects, I was not sure if
the concern was about IP routing impacts, IP traffic routed on a GMPLS
controlled transport network, or (multi-layer) computation impacts (TED).



As the authors note, this text has been used over and over. I think when
they were GMPLS-authored, it was to clarify GMPLS opaque LSAs are used for
GMPLS-control not (“normal/SPF”) IP-routing decisions.



Going forward, it may not be so clearly separated (e.g. multi-layer TED,
SDN, whatever). I think this is Alvaro’s concern – the (computation) user
impact? So the previous answer while true may not be the answer to the
question which Alvaro is asking.



How about we remove the sentence on the impact to IP routing? And add
specifically the computation impact (e.g. RFC3630 wording):

“This document specifies the contents of Opaque LSAs in OSPFv2. Tampering
with GMPLS TE LSAs may have an effect on traffic engineering computations.
[OSPF-TE] suggests mechanisms such as [OSPF-SIG] to protect the
transmission of this information, and those or other mechanisms should be
used to secure and/or authenticate the information carried in the Opaque
LSAs.”



Ok?

Deborah







*From:* iesg [mailto:iesg-bounces@ietf.org] *On Behalf Of *Alvaro Retana
*Sent:* Tuesday, November 28, 2017 3:15 PM
*To:* Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>; Yemin (Amy) <
amy.yemin@huawei.com>
*Cc:* ccamp-chairs@ietf.org; ccamp@ietf.org; Fatai Zhang <
zhangfatai@huawei.com>; The IESG <iesg@ietf.org>;
draft-ietf-ccamp-ospf-availability-extension@ietf.org
*Subject:* RE: Alvaro Retana's No Objection on
draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)



Daniele/Amy:



Hi!  Sorry for the long delay.



In short — no, the proposed text doesn’t address my concern because I think
that the extension being defined here can have an impact on routing.



Let me try and make my point (about the Security Considerations) again:



This document defines an extension that "can be used for route computation
in a network that contains links with variable discrete bandwidth” — but
"the use of the distributed information for route computation are [sic]
outside the scope of this document”.  IOW, the intent of the extension is
to provide information that can be used to calculate routes, even if the
document doesn’t say how to figure out those routes.



The Security Considerations then says that "This document does not
introduce security issues beyond those discussed in [RFC4203]…the
extensions specified here have no direct effect on IP routing.”  If the
extension can be used for route computation, how can it have no direct
effect on routing?  Maybe we’re just talking about semantics from the point
of view that OSPF is not using the extensions for IP routing (which is
true), but someone will be!  From the point of view of someone using the
extension to calculate routes, then tampering/changing the LSAs could have
an impact on the routing decisions, right?



IOW, I think that (even if OSPF is not using the information itself)
there’s a threat that can be realized from changing the contents of this
extension that may result in inconsistent or incorrect routing.



Looking closer at rfc4203, the information there can clearly also be used
for making routing decisions — again, not by OSPF but by the consumer of
the information.  I can’t of course do anything wrt that text…



In summary, I can see the point that the extension doesn’t cause issues for
OSPF…but I think the document is incomplete if it doesn’t address the
potential risk to the consumer of the information.



In the end, these are non-blocking comments — I’ll defer to whatever you
decide.



Thanks!



Alvaro.



On October 13, 2017 at 8:52:45 AM, Daniele Ceccarelli (
daniele.ceccarelli@ericsson.com) wrote:

Hi Alvaro,



thanks a lot for your review, the text is being improved significantly.

I just wanted to add a comment to the discussion on the security section.
The text Amy is proposing is exactly the one you can find in RFC4203:



   This document specifies the contents of Opaque LSAs in OSPFv2.  As

   Opaque LSAs are not used for SPF computation or normal routing, the

   extensions specified here have no direct effect on IP routing.

   Tampering with GMPLS TE LSAs may have an effect on the underlying

   transport (optical and/or SONET-SDH) network.  [OSPF-TE
<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4203-23ref-2DOSPF-2DTE&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=4800_ytNzwILzJb3et85wgOtdPOTzm0yCbl9yZl-DyQ&e=>]
suggests

   mechanisms such as [OSPF-SIG
<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4203-23ref-2DOSPF-2DSIG&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=hNtWEwh7IAyTvrWImp4G_2AyyWGt6yvE7ahmB5MCtLE&e=>]
to protect the transmission of this

   information, and those or other mechanisms should be used to secure

   and/or authenticate the information carried in the Opaque LSAs.



I might agree or disagree with your concern (actually tend to agree), but
this is not an issue we can solve in this draft, since it is inherited by a
previous RFC.

This draft is only defining a new sub-TLV inside the ISCD tlv, like many
other existing RFCs. We have the same reference in many existing RFC, like
for example RFC7138.



What RFC 7138 adds is a reference to RFC5920 that could work also in our
case:



   Please refer to [RFC5920
<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5920&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=YAVnSItSKY0WtdbyE6wpf-IRtecHLUUVgTHxQWCFaXg&e=>]
for details on security threats; defensive

   techniques; monitoring, detection, and reporting of security attacks;

   and requirements.



Would this solve the issue?



Thanks

Daniele







*From:* Alvaro Retana [mailto:aretana.ietf@gmail.com]
*Sent:* giovedì 12 ottobre 2017 18:40
*To:* Yemin (Amy) <amy.yemin@huawei.com>
*Cc:* The IESG <iesg@ietf.org>;
draft-ietf-ccamp-ospf-availability-extension@ietf.org; Fatai Zhang <
zhangfatai@huawei.com>; ccamp-chairs@ietf.org; ccamp@ietf.org
*Subject:* Re: Alvaro Retana's No Objection on
draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)



On Wed, Oct 11, 2017 at 10:48 PM, Yemin (Amy) <amy.yemin@huawei.com> wrote:

Amy:

Hi!

3) Where is this signaling defined?  How does a node know that others
support the Availability ISCD/LSA?



The Interface Switching Capability Descriptor (ISCD) allows routing
protocols such as OSPF and ISIS to carry technology specific information in
the Switching Capability-specific information (SCSI) field.

If a node received the Availability in the ISCD, it knows that the sender
support Availability.

Please add something like that, or point to the appropriate document.



 4) Security Considerations, how about change the text as following:



This document extends [RFC4203].  As with [RFC4203], it specifies the
content of an Opaque LSAs in OSPFv2. As Opaque LSAs are not used for
Shortest Path First (SPF) computation or normal routing, the extensions
specified here have no direct effect on IP routing. Tampering with GMPLS TE
LSAs may have an impact on the ability to set up connections in the
underlying data plane network. Mechanisms such as [RFC2154] and [RFC5304]
to protect the transmission of this information are suggested. As the
additional availability information may represent information that an
operator may wish to keep private, consideration should be given to
securing this information. [RFC3630] notes that the security mechanisms
described in [RFC2328] apply to Opaque LSAs carried in OSPFv2. An analysis
of the security of OSPF is provided in [RFC6863] and applies to the
extensions to OSPF as described in this document. Any new mechanisms
developed to protect the transmission of information carried in Opaque LSAs
will also automatically protect the extensions defined in this document.



The text above (1) still says that the extensions have no direct effect on
IP routing, and (2) don't address that threat.  I think that the threat
with tampering may not just impact the ability to set up a connection, but
it may cause routing not to be correct: use a congested path or follow a
path with not enough bw, etc..  It shouldn't result in 100% lost traffic,
but the routing could definitely be suboptimal.



Thanks!



Alvaro.

v2.23.0 | Report a Bug | By Email