IETF Logo Mail Archive

Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System

Dino Farinacci <farinacci@gmail.com> Sat, 29 October 2016 17:20 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B196312953A; Sat, 29 Oct 2016 10:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JW4xoJwkNic3; Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 972921293E1; Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
Received: by mail-pf0-x22a.google.com with SMTP id 197so54078165pfu.0; Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wwX3VhLDoyjL6lddO7keAUr6+n13WPK7PeIM7jXrL4c=; b=Tgw3ogzIY0LLcSTRspDnMPCGH/LtRysjprNyIdonPCl+W81tFqSKzoqwijpNmy52hO 1XwDhjEJGvjhuysVAyQuJvnvajmUzQcVyEnpFJv0qaoZUgYNdEROI+k8qcQvv/Gmd7xu C6eTm+QAIdV3LyhA7+LBysxtExSBbsIruDcPli+lkEzi4HFZ/uxFdGii5HKxnZaGRjqC B5weEkPkiyWBPha39o3hKuOomAdGJPup4HSKUeO4vity8ZT425WL8pYl2n+juMdrNHo+ alUgR+d+gffgP/eL9tF2bmPBQlNZgr7snEKfavELyC6tiR8IGXOxOyHiB6FtXHK4LGn3 IJ4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wwX3VhLDoyjL6lddO7keAUr6+n13WPK7PeIM7jXrL4c=; b=a1yR1CKb3TgEDn0w+bxRzGSe6KLkX/JP0CJB8WzwpKqUnVQVYO6KkxtV0XZYkEfhuE dz1o2HcY+QMKB6B9yLC9Sp0WTSh/X+Vr07rglP0KpNt1tLdwZ6YhOImJGbebgp/WOLZX GMed5DOwm5wG7j78AzDw8pfaR3JFq4EMBzb+sBFvWu7EDOltFv//fw2FEgeiYoDNtmqC bc4oRfKlkzrgMtnBo8pjrQeqPXbBLSNoikpl849L7bfJs0nnqNtwAM77rGN6m5OwGf8F S6KfL2jncMT4kaegTUMC+Fsav0PDvViytZrDxy5JWdmlSdDlaEAwcb/8pyrhQmZrdCl7 Su3Q==
X-Gm-Message-State: ABUngvczgfxnwo6MYutd7fhkNsfjQPWz3bayNPnxZjNL2ADUeOsu69asoy5TFErV4lkPRQ==
X-Received: by 10.98.43.136 with SMTP id r130mr34841607pfr.171.1477761615239; Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id u17sm26271289pfa.83.2016.10.29.10.20.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Oct 2016 10:20:14 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com>
Date: Sat, 29 Oct 2016 10:20:10 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com>
To: Padma Pillay-Esnault <padma.ietf@gmail.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/rnIPGcAXDu2KPgVPZSnX4fMM0AE>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 17:20:17 -0000

> In section 5 of draft-padma-ideas-problem-statement, there is a section in the table which specifically discuss about the structure of IDs and whether we should used them for specific classes or as the Network Mapping system is proposing to attach metadata to ID.

Maybe we can experiment with the EID-prefix block 2001:5::/32 from RFC 7954/7955 to allocate sub-blocks from large regions of the world. Yes, geographical allocations without the issue of the past, since EIDs are not injected into the underlay routing and are not based on Internet topology.

Do this first and then decide which, say continent block is registered to a regional mapping system. And if an ID needs to register to multiple mapping systems. The mapping systems should considered to be relatively local in scope and may overlap.

This could help mitigate DoS attacks to a smaller (but still scalable) part of the infrastructure.

Dino

v2.8.7 | Report a Bug | By Email