IETF Logo Mail Archive

Re: [CCAMP] Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)

"BRUNGARD, DEBORAH A" <db3546@att.com> Tue, 28 November 2017 23:13 UTC

Return-Path: <db3546@att.com>
X-Original-To: ccamp@ietfa.amsl.com
Delivered-To: ccamp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02906128B44; Tue, 28 Nov 2017 15:13:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.899
X-Spam-Level:
X-Spam-Status: No, score=-4.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kfeUjcUTpfkw; Tue, 28 Nov 2017 15:13:21 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68C13126C26; Tue, 28 Nov 2017 15:13:21 -0800 (PST)
Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.21/8.16.0.21) with SMTP id vASN5pba007646; Tue, 28 Nov 2017 18:13:10 -0500
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049459.ppops.net-00191d01. with ESMTP id 2ehfgqjj32-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 28 Nov 2017 18:13:09 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id vASND8nA016078; Tue, 28 Nov 2017 18:13:08 -0500
Received: from mlpi409.sfdc.sbc.com (mlpi409.sfdc.sbc.com [130.9.128.241]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id vASND135016051 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 28 Nov 2017 18:13:04 -0500
Received: from MISOUT7MSGHUBAG.ITServices.sbc.com (MISOUT7MSGHUBAG.itservices.sbc.com [130.9.129.151]) by mlpi409.sfdc.sbc.com (RSA Interceptor); Tue, 28 Nov 2017 23:12:45 GMT
Received: from MISOUT7MSGUSRDE.ITServices.sbc.com ([169.254.5.97]) by MISOUT7MSGHUBAG.ITServices.sbc.com ([130.9.129.151]) with mapi id 14.03.0361.001; Tue, 28 Nov 2017 18:12:44 -0500
From: "BRUNGARD, DEBORAH A" <db3546@att.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>, "Yemin (Amy)" <amy.yemin@huawei.com>
CC: "ccamp-chairs@ietf.org" <ccamp-chairs@ietf.org>, "ccamp@ietf.org" <ccamp@ietf.org>, Fatai Zhang <zhangfatai@huawei.com>, The IESG <iesg@ietf.org>, "draft-ietf-ccamp-ospf-availability-extension@ietf.org" <draft-ietf-ccamp-ospf-availability-extension@ietf.org>
Thread-Topic: Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)
Thread-Index: AQHTQfuP0O3yUo5o5E6HqeQoL4mL+aLfyEaAgADoZ4CAAVK6AIBI15MA///KkBA=
Date: Tue, 28 Nov 2017 23:12:44 +0000
Message-ID: <F64C10EAA68C8044B33656FA214632C8881D7A8C@MISOUT7MSGUSRDE.ITServices.sbc.com>
References: <150766267307.13579.9907623355727477623.idtracker@ietfa.amsl.com> <9C5FD3EFA72E1740A3D41BADDE0B461FC7591FFA@DGGEMA501-MBX.china.huawei.com> <CAMMESszqT+Tj6iVg8SBdAsmC3hkX9N7WDsMqZLo98H4H50uwPQ@mail.gmail.com> <HE1PR0701MB2714C95C04A08482402C103FF0480@HE1PR0701MB2714.eurprd07.prod.outlook.com> <CAMMESszDqJCkWg1yrgjxAuLr+bKEZU=r+cP1Xsi3U5GKVeByhg@mail.gmail.com>
In-Reply-To: <CAMMESszDqJCkWg1yrgjxAuLr+bKEZU=r+cP1Xsi3U5GKVeByhg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.10.228.34]
Content-Type: multipart/alternative; boundary="_000_F64C10EAA68C8044B33656FA214632C8881D7A8CMISOUT7MSGUSRDE_"
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-28_13:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1711280308
Archived-At: <https://mailarchive.ietf.org/arch/msg/ccamp/bzMTLgDeRhtV5WZ-L8HZhbJ7xP0>
Subject: Re: [CCAMP] Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)
X-BeenThere: ccamp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion list for the CCAMP working group <ccamp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ccamp>, <mailto:ccamp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ccamp/>
List-Post: <mailto:ccamp@ietf.org>
List-Help: <mailto:ccamp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ccamp>, <mailto:ccamp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 23:13:24 -0000

Hi,

I’ve been following this discussion, and as many aspects, I was not sure if the concern was about IP routing impacts, IP traffic routed on a GMPLS controlled transport network, or (multi-layer) computation impacts (TED).

As the authors note, this text has been used over and over. I think when they were GMPLS-authored, it was to clarify GMPLS opaque LSAs are used for GMPLS-control not (“normal/SPF”) IP-routing decisions.

Going forward, it may not be so clearly separated (e.g. multi-layer TED, SDN, whatever). I think this is Alvaro’s concern – the (computation) user impact? So the previous answer while true may not be the answer to the question which Alvaro is asking.

How about we remove the sentence on the impact to IP routing? And add specifically the computation impact (e.g. RFC3630 wording):
“This document specifies the contents of Opaque LSAs in OSPFv2. Tampering with GMPLS TE LSAs may have an effect on traffic engineering computations.  [OSPF-TE] suggests mechanisms such as [OSPF-SIG] to protect the transmission of this information, and those or other mechanisms should be used to secure and/or authenticate the information carried in the Opaque LSAs.”

Ok?
Deborah



From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Alvaro Retana
Sent: Tuesday, November 28, 2017 3:15 PM
To: Daniele Ceccarelli <daniele.ceccarelli@ericsson.com>; Yemin (Amy) <amy.yemin@huawei.com>
Cc: ccamp-chairs@ietf.org; ccamp@ietf.org; Fatai Zhang <zhangfatai@huawei.com>; The IESG <iesg@ietf.org>; draft-ietf-ccamp-ospf-availability-extension@ietf.org
Subject: RE: Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)

Daniele/Amy:

Hi!  Sorry for the long delay.

In short — no, the proposed text doesn’t address my concern because I think that the extension being defined here can have an impact on routing.

Let me try and make my point (about the Security Considerations) again:

This document defines an extension that "can be used for route computation in a network that contains links with variable discrete bandwidth” — but "the use of the distributed information for route computation are [sic] outside the scope of this document”.  IOW, the intent of the extension is to provide information that can be used to calculate routes, even if the document doesn’t say how to figure out those routes.

The Security Considerations then says that "This document does not introduce security issues beyond those discussed in [RFC4203]…the extensions specified here have no direct effect on IP routing.”  If the extension can be used for route computation, how can it have no direct effect on routing?  Maybe we’re just talking about semantics from the point of view that OSPF is not using the extensions for IP routing (which is true), but someone will be!  From the point of view of someone using the extension to calculate routes, then tampering/changing the LSAs could have an impact on the routing decisions, right?

IOW, I think that (even if OSPF is not using the information itself) there’s a threat that can be realized from changing the contents of this extension that may result in inconsistent or incorrect routing.

Looking closer at rfc4203, the information there can clearly also be used for making routing decisions — again, not by OSPF but by the consumer of the information.  I can’t of course do anything wrt that text…

In summary, I can see the point that the extension doesn’t cause issues for OSPF…but I think the document is incomplete if it doesn’t address the potential risk to the consumer of the information.

In the end, these are non-blocking comments — I’ll defer to whatever you decide.

Thanks!

Alvaro.


On October 13, 2017 at 8:52:45 AM, Daniele Ceccarelli (daniele.ceccarelli@ericsson.com<mailto:daniele.ceccarelli@ericsson.com>) wrote:
Hi Alvaro,

thanks a lot for your review, the text is being improved significantly.
I just wanted to add a comment to the discussion on the security section. The text Amy is proposing is exactly the one you can find in RFC4203:

   This document specifies the contents of Opaque LSAs in OSPFv2.  As
   Opaque LSAs are not used for SPF computation or normal routing, the
   extensions specified here have no direct effect on IP routing.
   Tampering with GMPLS TE LSAs may have an effect on the underlying
   transport (optical and/or SONET-SDH) network.  [OSPF-TE<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4203-23ref-2DOSPF-2DTE&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=4800_ytNzwILzJb3et85wgOtdPOTzm0yCbl9yZl-DyQ&e=>] suggests
   mechanisms such as [OSPF-SIG<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4203-23ref-2DOSPF-2DSIG&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=hNtWEwh7IAyTvrWImp4G_2AyyWGt6yvE7ahmB5MCtLE&e=>] to protect the transmission of this
   information, and those or other mechanisms should be used to secure
   and/or authenticate the information carried in the Opaque LSAs.

I might agree or disagree with your concern (actually tend to agree), but this is not an issue we can solve in this draft, since it is inherited by a previous RFC.
This draft is only defining a new sub-TLV inside the ISCD tlv, like many other existing RFCs. We have the same reference in many existing RFC, like for example RFC7138.

What RFC 7138 adds is a reference to RFC5920 that could work also in our case:


   Please refer to [RFC5920<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5920&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=5_Z-kEXVIiiwdIClSEqWVu4ZJeBrN8G31Hr9gX-epiY&s=YAVnSItSKY0WtdbyE6wpf-IRtecHLUUVgTHxQWCFaXg&e=>] for details on security threats; defensive

   techniques; monitoring, detection, and reporting of security attacks;

   and requirements.

Would this solve the issue?

Thanks
Daniele



From: Alvaro Retana [mailto:aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>]
Sent: giovedì 12 ottobre 2017 18:40
To: Yemin (Amy) <amy.yemin@huawei.com<mailto:amy.yemin@huawei.com>>
Cc: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; draft-ietf-ccamp-ospf-availability-extension@ietf.org<mailto:draft-ietf-ccamp-ospf-availability-extension@ietf.org>; Fatai Zhang <zhangfatai@huawei.com<mailto:zhangfatai@huawei.com>>; ccamp-chairs@ietf.org<mailto:ccamp-chairs@ietf.org>; ccamp@ietf.org<mailto:ccamp@ietf.org>
Subject: Re: Alvaro Retana's No Objection on draft-ietf-ccamp-ospf-availability-extension-10: (with COMMENT)

On Wed, Oct 11, 2017 at 10:48 PM, Yemin (Amy) <amy.yemin@huawei.com<mailto:amy.yemin@huawei.com>> wrote:
Amy:
Hi!

3) Where is this signaling defined?  How does a node know that others support the Availability ISCD/LSA?



The Interface Switching Capability Descriptor (ISCD) allows routing protocols such as OSPF and ISIS to carry technology specific information in the Switching Capability-specific information (SCSI) field.

If a node received the Availability in the ISCD, it knows that the sender support Availability.
Please add something like that, or point to the appropriate document.


 4) Security Considerations, how about change the text as following:



This document extends [RFC4203].  As with [RFC4203], it specifies the content of an Opaque LSAs in OSPFv2. As Opaque LSAs are not used for Shortest Path First (SPF) computation or normal routing, the extensions specified here have no direct effect on IP routing. Tampering with GMPLS TE LSAs may have an impact on the ability to set up connections in the underlying data plane network. Mechanisms such as [RFC2154] and [RFC5304] to protect the transmission of this information are suggested. As the additional availability information may represent information that an operator may wish to keep private, consideration should be given to securing this information. [RFC3630] notes that the security mechanisms described in [RFC2328] apply to Opaque LSAs carried in OSPFv2. An analysis of the security of OSPF is provided in [RFC6863] and applies to the extensions to OSPF as described in this document. Any new mechanisms developed to protect the transmission of information carried in Opaque LSAs will also automatically protect the extensions defined in this document.

The text above (1) still says that the extensions have no direct effect on IP routing, and (2) don't address that threat.  I think that the threat with tampering may not just impact the ability to set up a connection, but it may cause routing not to be correct: use a congested path or follow a path with not enough bw, etc..  It shouldn't result in 100% lost traffic, but the routing could definitely be suboptimal.

Thanks!

Alvaro.

v2.23.0 | Report a Bug | By Email