IETF Logo Mail Archive

Re: [Ideas] [nvo3] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt

Dino Farinacci <farinacci@gmail.com> Fri, 23 September 2016 22:43 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB38612B892; Fri, 23 Sep 2016 15:43:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ior9jqhIxic; Fri, 23 Sep 2016 15:43:40 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E23A12B7D8; Fri, 23 Sep 2016 15:43:40 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id s13so11760641pfd.2; Fri, 23 Sep 2016 15:43:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zftCp6Uiazu3/OFDhNpRLcYA0dsmfWljpzlgE/QfJD4=; b=rs6dwK5RW2ONlGk/sPQXtsiWEIWBBoZMsES4z5LqIMImBqrzqnWXG1t1WAV0xeAOm/ CKpYzF88eFw9UK5wbApTgh4vYgUCgX9HkFy8uIRtcR+EoGM0Dk6HZ4vkAl8rMdDPF7J/ bRZA14yMTF+eb+w2hrKuEdw9v1QukKJCxT6HwlNrjjF5GZCDLVthuH4yLZuAUn3QBbpQ 5LrJ0qjqW8xZc5jXUXwNLZq+mOR4vvvdnzjfcBeJnftONvQvejk7tp4Px8resZOdHJXn GUPrvOlCZ7o3llThhGzOrYTE/4b3nqPyMH/n0pcK7IyiGa97d8lw++CvlihV9NxCQ1Os b4hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zftCp6Uiazu3/OFDhNpRLcYA0dsmfWljpzlgE/QfJD4=; b=NPN+DEU32wCdfCFx7QcAFbIDydwzdoYrjWlaOjgpKZShs1kouBCOhFBO0QZEVRNN7i NCDxrhiVBLyZQ4fnt07kDY5nO6fkXWOeOptpSzrd44qIozyKtuHZeRvBjOjHxLf2ERpe eT0pD0MoUdzDkQEIGH6A8/Nb546roGD88gDvaCPUjDEeAWe/zgLM2gJJp4r9v9jujsY4 kzahW/iyfAhq3pLC4ZXaANo6wjBrV71y0TjmYZRUQTog4FgiKEJO8SI3LaAA3LfBye8w 1PQhRlfQaVPPHb6tloJdOxvtEnrOy+qFJP1JYUMEWJDWae4KbpGTrNCdhgdMMSOXy92S tIWA==
X-Gm-Message-State: AE9vXwPiiTE4FglR2WQUweMwERAT6F1W807txytIvK8Nt0NB6hTYUOgAVrEQFK8oW0x2mg==
X-Received: by 10.98.196.206 with SMTP id h75mr16554543pfk.156.1474670619940; Fri, 23 Sep 2016 15:43:39 -0700 (PDT)
Received: from ?IPv6:2601:646:8d01:89f0:9852:e79f:5f4e:878c? ([2601:646:8d01:89f0:9852:e79f:5f4e:878c]) by smtp.gmail.com with ESMTPSA id tn5sm13866312pac.6.2016.09.23.15.43.38 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 23 Sep 2016 15:43:39 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949362F69ED1C@MX307CL04.corp.emc.com>
Date: Fri, 23 Sep 2016 15:43:38 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <878F281A-F391-4BED-988D-7CF6A7F6AA91@gmail.com>
References: <32C28142-350A-4242-A9C6-9E32D9966601@gmail.com> <8CC1E61E-0A8F-41D3-B30D-5B037BAEDEB1@gmail.com> <CE03DB3D7B45C245BCA0D243277949362F69ED1C@MX307CL04.corp.emc.com>
To: "Black, David" <David.Black@dell.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/owkextgWsUeuGVmmZwyeTefOF_k>
Cc: "beta@lispers.net" <beta@lispers.net>, "ideas@ietf.org" <ideas@ietf.org>, LISP mailing list list <lisp@ietf.org>, NVO3 <nvo3@ietf.org>, LISPmob <users@lispmob.org>, "5gangip@ietf.org" <5gangip@ietf.org>, "lisp-beta@external.cisco.com" <lisp-beta@external.cisco.com>
Subject: Re: [Ideas] [nvo3] Mapping System Requirements and draft-padma-ideas-problem-statement-00.txt
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 22:43:44 -0000

> Hi Dino,

Thanks so much David for the reply. The pointers you provided will be useful.

> Here are a couple of areas to consider:
> 
> (1) I don't see any confidentiality requirements.   For this and other NVO3 security
> requirements, please see the security considerations section of RFC 7365 (NVO3

I can see this for east-west traffic patterns. Assuming the mapping database would be managed internal to a data center where there would not be regisrations from any VTEPs/xTRs outside of the data center.

But what if there was an overlay among CPE routers, access-points, and top-of-rack data center switches. Then the registration and requesting of mappings may travel outside of a secured physical area. Any reaction to this?

> framework) and draft-ietf-nvo3-arch.  The latter contains a new paragraph on
> sensitivity of performance and  other monitoring data gathered by the control
> plane - that paragraph was added at the behest of both Security ADs:
> 
> https://tools.ietf.org/html/rfc7365#section-5

For multi-tenancy, there can be an instance of a mapping system that runs for each tennant or a single mapping system run by the multi-tennant provider. In any case, encrypting Map-Registers and Map-Requests COULD be desirable. Not sure. Again, this requirement we have stated would be for private mapping systems and not a global mapping system that would be a public service much like DNS is.

> https://tools.ietf.org/html/draft-ietf-nvo3-arch-08#section-16

Since the draft-padma-ideas-problem-statement-00.txt is focusing on control-plane, there would be no mention of data-plane security but there are mechanisms for doing this.

For the control-plane reference in section 16, there is plans to have authentication and it could also be done with AE (Authenticated Encryption) mechanisms.

> 
> (2) This item:
> 
>>>  7.  Message rate-limiting and other heuristics must be part of the
>>>      foundational support of the mapping system to protect the system
>>>      from invalid overloaded conditions.
> 
> suggests that congestion control is also a consideration to protect the network.

Yes.

> If an existing congestion-controlled transport protocol (e.g., TCP, SCTP, DCCP) is
> not used for control traffic, then see draft-ietf-tsvwg-rfc5405bis for discussion
> of applicable requirements:

We were thinking not just high-rate due to speed mismatches but more importantly DoS attacks from rogue sources.

Thanks again,
Dino

> https://datatracker.ietf.org/doc/draft-ietf-tsvwg-rfc5405bis/
> 
> Thanks, --David
> 
>> -----Original Message-----
>> From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Dino Farinacci
>> Sent: Wednesday, September 21, 2016 6:51 PM
>> To: Dino Farinacci
>> Cc: beta@lispers.net; ideas@ietf.org; LISP mailing list list; NVO3; LISPmob;
>> 5gangip@ietf.org; lisp-beta@external.cisco.com
>> Subject: Re: [nvo3] Mapping System Requirements and draft-padma-ideas-
>> problem-statement-00.txt
>> 
>> Reposting since the cisco mailing lists are no longer in service. Please respond to
>> this email.
>> 
>> Thanks and sorry for inconvenience,
>> Dino
>> 
>>> On Sep 21, 2016, at 2:12 PM, Dino Farinacci <farinacci@gmail.com> wrote:
>>> 
>>> Hello folks. In draft-padma-ideas-problem-statement-00.txt, we have a section
>> on mapping system requirements for map-n-encap and translation based loc/id
>> split protocols. Rather than having you go into the document in detail (we wish
>> you would and comment though), I will provide the short list below to attempt a
>> discussion on requirements.
>>> 
>>> I have copied the possible WGs that may want to use the mapping system
>> technology. And I have also copied the LISP working group who can shed
>> expertise on the subject as well as some beta lists that have some operational
>> experiences with mapping database deployment and management.
>>> 
>>> The requirements below have a security and robustness twist to it but I think
>> that is the best place to start and to consider security “up front”.
>>> 
>>> Thanks in advance,
>>> Dino
>>> 
>>> ----
>>> 
>>> 6.4.  Mapping System Security
>>> 
>>>  The secure mapping system must have the following requirements:
>>> 
>>>  1.  The components of the mapping system need to be robust against
>>>      direct and indirect attacks.  If any component is attacked, the
>>>      rest of the system should act with integrity and scale and only
>>>      the information associated with the compromised component is made
>>>      unavailable.
>>> 
>>>  2.  The addition and removal of components of the mapping system must
>>>      be performed in a secure matter so as to not violate the
>>>      integrity and operation of the system and service it provides.
>>> 
>>>  3.  The information returned by components of the mapping system
>>>      needs to be authenticated as to detect spoofing from
>>>      masqueraders.
>>> 
>>>  4.  Information registered (by publishers) to the mapping system must
>>>      be authenticated so the registering entity or the information is
>>>      not spoofed.
>>> 
>>>  5.  The mapping system must allow request access (for subscribers) to
>>>      be open and public.  However, it is optional to provide
>>>      confidentiality and authentication of the requesters and the
>>>      information they are requesting.
>>> 
>>>  6.  Any information provided by components of the mapping system must
>>>      be cryptographically signed by the provider and verified by the
>>>      consumer.
>>> 
>>>  7.  Message rate-limiting and other heuristics must be part of the
>>>      foundational support of the mapping system to protect the system
>>>      from invalid overloaded conditions.
>>> 
>>>  8.  The mapping system should support some form of provisioned
>>>      policy.  Either internal to the system or via mechanisms for
>>>      users of the system to describe policy rules.  Access control
>>>      should not use traditional granular-based access lists since they
>>>      do not scale and are hard to manage.  By the use of token- or
>>>      key- based authentication methods as well as deploying multiple
>>>      instances of the mapping system will allow acceptable policy
>>>      profiles.  Machine learning techniques could automate these
>>>      mechanisms.
>> 
>> _______________________________________________
>> nvo3 mailing list
>> nvo3@ietf.org
>> https://www.ietf.org/mailman/listinfo/nvo3

v2.8.7 | Report a Bug | By Email