[Detnet] Robert Wilton's No Objection on draft-ietf-detnet-security-13: (with COMMENT)
Robert Wilton via Datatracker <noreply@ietf.org> Thu, 07 January 2021 13:24 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: detnet@ietf.org
Delivered-To: detnet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B5C33A10BC; Thu, 7 Jan 2021 05:24:23 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-detnet-security@ietf.org, detnet-chairs@ietf.org, detnet@ietf.org, Lou Berger <lberger@labn.net>, lberger@labn.net
X-Test-IDTracker: no
X-IETF-IDTracker: 7.24.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <161002586274.24158.18234355864793174101@ietfa.amsl.com>
Date: Thu, 07 Jan 2021 05:24:23 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/csmLln3NIRJxULlfH2FU--bBbxg>
Subject: [Detnet] Robert Wilton's No Objection on draft-ietf-detnet-security-13: (with COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 13:24:24 -0000
Robert Wilton has entered the following ballot position for draft-ietf-detnet-security-13: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-detnet-security/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this document. Sorry, I've run out time to review this in detail, although I don't immediately see any manageability concerns when I scanned through the document. A few minor comments for your consideration: 1) Perhaps it might be helpful to mention remind that DetNet isn't the same as TSN in the introduction? I don't know if these are already covered, or if they are not valid problems, but I guess a couple of attacks that I would be concerned with are: (2) Overloading the exception path queue on the router. E.g., if any of the DetNet streams require/expect some packets to be punted to the control plane or software data plane for processing (OAM related perhaps), and there is a single queue from the forwarding ASIC to a control plane or software data plane, then it could be possible for Non Detnet flows to overload that shared queue such that punted packets on the DetNet flows would end up being dropped. (2b) Related to (2), if an attacker was able to overload the router or linecard CPU, e.g., through excessive management API requests, then it may be plausible that it could also cause control plane processing of packets to be dropped, or slowed down. (2c) If the control plane is being managed by a separate controller than presumably both (2) and (2b) could equally apply to getting traffic to a controller, or processing events on the controller. (3) Is there any potential issue with traffic being carried over L2 load balanced links (e.g. LAG) that apply statistical QoS. E.g., by crafting traffic on a non DetNet flow that overloads one LAG member but doesn't overload the statistical QoS guarantees. Perhaps this is outside the considerations for DetNet, or already covered by TSN. I'll leave it to the authors to determine whether any of these are valid and require further text, or if they are either already sufficiently covered, out of scope, or not valid concerns. Regards, Rob
- [Detnet] Robert Wilton's No Objection on draft-ie… Robert Wilton via Datatracker
- Re: [Detnet] Robert Wilton's No Objection on draf… Ethan Grossman