Re: [Idr] Review of draft-ietf-idr-error-handling-18
Jeffrey Haas <jhaas@pfrc.org> Fri, 13 March 2015 15:40 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33AC11A876C; Fri, 13 Mar 2015 08:40:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_31=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 621_A72AjgqE; Fri, 13 Mar 2015 08:40:37 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id B6AF01A8773; Fri, 13 Mar 2015 08:40:35 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 6E13CC22C; Fri, 13 Mar 2015 11:40:35 -0400 (EDT)
Date: Fri, 13 Mar 2015 11:40:35 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Message-ID: <20150313154035.GD6431@pfrc>
References: <D1235488.9A4A0%aretana@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <D1235488.9A4A0%aretana@cisco.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/0TuMhbFLMR-EAfcbIZypkxKVb-4>
Cc: "idr@ietf.org" <idr@ietf.org>, "draft-ietf-idr-error-handling.all@ietf.org" <draft-ietf-idr-error-handling.all@ietf.org>, "rob.shakir@bt.com" <rob.shakir@bt.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>
Subject: Re: [Idr] Review of draft-ietf-idr-error-handling-18
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 15:40:38 -0000
Alvaro, On Mon, Mar 09, 2015 at 05:45:13PM +0000, Alvaro Retana (aretana) wrote: > 5. Security Considerations (Section 10). It is true that malformed optional transitive attributes should not cause remote session resets. Are remote withdrawals a new threat? Following the logic in the introduction, an update with a malformed optional transitive attribute may not be properly checked for several hops..but once the error is detected then the NLRI may use Treat-as-withdraw.. Assuming an AS-level granularity in checking, this won?t cause loops or major disruptions, but nonetheless it can result in not everyone receiving the information it should.. I'm not sure one can really stretch this point to be an attack vector. Normal BGP operational policy permits an operator to advertise or not a given prefix. If an upstream injects malformed information and some subset of routers are capable of announcing it and others are not the issue remains that the upstream reachability is invalid. -- Jeff
- [Idr] Review of draft-ietf-idr-error-handling-18 Alvaro Retana (aretana)
- Re: [Idr] Review of draft-ietf-idr-error-handling… Jeffrey Haas
- Re: [Idr] Review of draft-ietf-idr-error-handling… Alvaro Retana (aretana)