Re: [Ideas] [nvo3] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt

"Black, David" <David.Black@dell.com> Wed, 21 September 2016 23:20 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B7912B529; Wed, 21 Sep 2016 16:20:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=fail (1024-bit key) reason="fail (message has been altered)" header.from=David.Black@dell.com header.d=dell.com; dkim=pass (1024-bit key) header.d=dell.com header.b=KLH92tIG; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=Ho8eafmE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FbBMnxz2LfH1; Wed, 21 Sep 2016 16:20:55 -0700 (PDT)
Received: from esa7.dell-outbound.iphmx.com (esa7.dell-outbound.iphmx.com [68.232.153.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F1A612D0AF; Wed, 21 Sep 2016 16:19:28 -0700 (PDT)
DomainKey-Signature: s=smtpout; d=dell.com; c=simple; q=dns; h=Received:From:Cc:Received:Received:X-DKIM:DKIM-Signature: X-DKIM:Received:Received:Received:To:Subject:Thread-Topic: Thread-Index:Date:Message-ID:References:In-Reply-To: Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:x-originating-ip:Content-Type: Content-Transfer-Encoding:MIME-Version: X-Sentrion-Hostname:X-RSA-Classifications; b=L8uDuKzOgP5g5DeQEDdtYLlfS8pqUGPUOvHfEf8vSOTLEpm4U1sqE1L0 XUfzh2Mrbl9JFOKItQ7n4u+bB/4mJatG5pF7L10GwZJTO5xxm1VHIg0tO aN2qnMuhr+A4wafzn/hO4Q2ngo7/u2TgX1Kj12ca7OD06kDxwQjimscCk 8=;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1474499968; x=1506035968; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=MFVfshT1pRRbudRcBycS1hU092ICxV9K9kTBsvTfjh8=; b=KLH92tIGqhodqVhYZLmwiluINjhtUlDfAqRyxUDNWziEVFqfqppjW2Iu Er204mk13OVrHq4nZJFbgZUH7z8Vdj2q/K3TyeBTj6slDcBC964F1k5T8 tKNKp4vSu6WcjLQvRgFJq8sfYYxXRTlTXVfOzqcDnrN9hs1WvjP9r2KNf s=;
Received: from esa5.dell-outbound2.iphmx.com ([68.232.153.203]) by esa7.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2016 18:19:26 -0500
From: "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa5.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Sep 2016 05:19:25 +0600
Received: from maildlpprd04.lss.emc.com (maildlpprd04.lss.emc.com [10.253.24.36]) by mailuogwprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id u8LNJMlF019502 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 21 Sep 2016 19:19:24 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com u8LNJMlF019502
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1474499964; bh=9xewPXR6x/UdLoAcMFF4NguhZE4=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=Ho8eafmEM9YMcj/WtW4HbeAQPn39g3UycjM+HWsb4eHCYxftLDdg7Ta+betIuazx1 xpV4KcCvRvl6Yc2YixE56ZnPOCiFzPpYFvu+5gcASfDbS2MxaU1W+K0ki/PfunZuUC Mn8VQW9bNNnQQc6UGE4uTqsTQrf5kmpzMpjRMH28=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd01.lss.emc.com u8LNJMlF019502
Received: from mailusrhubprd02.lss.emc.com (mailusrhubprd02.lss.emc.com [10.253.24.20]) by maildlpprd04.lss.emc.com (RSA Interceptor); Wed, 21 Sep 2016 19:18:38 -0400
Received: from MXHUB319.corp.emc.com (MXHUB319.corp.emc.com [10.146.3.97]) by mailusrhubprd02.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id u8LNJ1gZ001801 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Wed, 21 Sep 2016 19:19:01 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB319.corp.emc.com ([10.146.3.97]) with mapi id 14.03.0266.001; Wed, 21 Sep 2016 19:19:01 -0400
To: Dino Farinacci <farinacci@gmail.com>
Thread-Topic: [nvo3] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt
Thread-Index: AQHSFE0AGalANv3mDky1UF0kWTQPrqCEz7uA///BHPA=
Date: Wed, 21 Sep 2016 23:19:00 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362F69ED1C@MX307CL04.corp.emc.com>
References: <32C28142-350A-4242-A9C6-9E32D9966601@gmail.com> <8CC1E61E-0A8F-41D3-B30D-5B037BAEDEB1@gmail.com>
In-Reply-To: <8CC1E61E-0A8F-41D3-B30D-5B037BAEDEB1@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.97.1.147]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd02.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/ODEnn_wh7Eo-xKPlGmt73UYi6Hk>
X-Mailman-Approved-At: Wed, 21 Sep 2016 16:25:01 -0700
Cc: "beta@lispers.net" <beta@lispers.net>, "ideas@ietf.org" <ideas@ietf.org>, LISP mailing list list <lisp@ietf.org>, NVO3 <nvo3@ietf.org>, "Black, David" <David.Black@dell.com>, LISPmob <users@lispmob.org>, "5gangip@ietf.org" <5gangip@ietf.org>, "lisp-beta@external.cisco.com" <lisp-beta@external.cisco.com>
Subject: Re: [Ideas] [nvo3] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2016 23:20:58 -0000

Hi Dino,

Here are a couple of areas to consider:

(1) I don't see any confidentiality requirements.   For this and other NVO3 security
requirements, please see the security considerations section of RFC 7365 (NVO3
framework) and draft-ietf-nvo3-arch.  The latter contains a new paragraph on
sensitivity of performance and  other monitoring data gathered by the control
plane - that paragraph was added at the behest of both Security ADs:

https://tools.ietf.org/html/rfc7365#section-5
https://tools.ietf.org/html/draft-ietf-nvo3-arch-08#section-16

(2) This item:

> >   7.  Message rate-limiting and other heuristics must be part of the
> >       foundational support of the mapping system to protect the system
> >       from invalid overloaded conditions.

suggests that congestion control is also a consideration to protect the network.
If an existing congestion-controlled transport protocol (e.g., TCP, SCTP, DCCP) is
not used for control traffic, then see draft-ietf-tsvwg-rfc5405bis for discussion
of applicable requirements:

https://datatracker.ietf.org/doc/draft-ietf-tsvwg-rfc5405bis/

Thanks, --David

> -----Original Message-----
> From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Dino Farinacci
> Sent: Wednesday, September 21, 2016 6:51 PM
> To: Dino Farinacci
> Cc: beta@lispers.net; ideas@ietf.org; LISP mailing list list; NVO3; LISPmob;
> 5gangip@ietf.org; lisp-beta@external.cisco.com
> Subject: Re: [nvo3] Mapping System Requirements and draft-padma-ideas-
> problem-statement-00.txt
> 
> Reposting since the cisco mailing lists are no longer in service. Please respond to
> this email.
> 
> Thanks and sorry for inconvenience,
> Dino
> 
> > On Sep 21, 2016, at 2:12 PM, Dino Farinacci <farinacci@gmail.com> wrote:
> >
> > Hello folks. In draft-padma-ideas-problem-statement-00.txt, we have a section
> on mapping system requirements for map-n-encap and translation based loc/id
> split protocols. Rather than having you go into the document in detail (we wish
> you would and comment though), I will provide the short list below to attempt a
> discussion on requirements.
> >
> > I have copied the possible WGs that may want to use the mapping system
> technology. And I have also copied the LISP working group who can shed
> expertise on the subject as well as some beta lists that have some operational
> experiences with mapping database deployment and management.
> >
> > The requirements below have a security and robustness twist to it but I think
> that is the best place to start and to consider security “up front”.
> >
> > Thanks in advance,
> > Dino
> >
> > ----
> >
> > 6.4.  Mapping System Security
> >
> >   The secure mapping system must have the following requirements:
> >
> >   1.  The components of the mapping system need to be robust against
> >       direct and indirect attacks.  If any component is attacked, the
> >       rest of the system should act with integrity and scale and only
> >       the information associated with the compromised component is made
> >       unavailable.
> >
> >   2.  The addition and removal of components of the mapping system must
> >       be performed in a secure matter so as to not violate the
> >       integrity and operation of the system and service it provides.
> >
> >   3.  The information returned by components of the mapping system
> >       needs to be authenticated as to detect spoofing from
> >       masqueraders.
> >
> >   4.  Information registered (by publishers) to the mapping system must
> >       be authenticated so the registering entity or the information is
> >       not spoofed.
> >
> >   5.  The mapping system must allow request access (for subscribers) to
> >       be open and public.  However, it is optional to provide
> >       confidentiality and authentication of the requesters and the
> >       information they are requesting.
> >
> >   6.  Any information provided by components of the mapping system must
> >       be cryptographically signed by the provider and verified by the
> >       consumer.
> >
> >   7.  Message rate-limiting and other heuristics must be part of the
> >       foundational support of the mapping system to protect the system
> >       from invalid overloaded conditions.
> >
> >   8.  The mapping system should support some form of provisioned
> >       policy.  Either internal to the system or via mechanisms for
> >       users of the system to describe policy rules.  Access control
> >       should not use traditional granular-based access lists since they
> >       do not scale and are hard to manage.  By the use of token- or
> >       key- based authentication methods as well as deploying multiple
> >       instances of the mapping system will allow acceptable policy
> >       profiles.  Machine learning techniques could automate these
> >       mechanisms.
> 
> _______________________________________________
> nvo3 mailing list
> nvo3@ietf.org
> https://www.ietf.org/mailman/listinfo/nvo3