IETF Logo Mail Archive

Re: [Idr] Bug in draft-ietf-idr-rfc5575bis, worth fixing?

Robert Raszuk <robert@raszuk.net> Wed, 23 September 2020 22:23 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7A143A153D for <idr@ietfa.amsl.com>; Wed, 23 Sep 2020 15:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQDsko_94PeT for <idr@ietfa.amsl.com>; Wed, 23 Sep 2020 15:23:04 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A503A153F for <idr@ietf.org>; Wed, 23 Sep 2020 15:23:04 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id o8so1715791ejb.10 for <idr@ietf.org>; Wed, 23 Sep 2020 15:23:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Fdt60jwD+lvk0CRUzzZRfVsEgdxvbaN018QldpZE0PA=; b=Y3RMEtjsgr18RFvZHwtr4QDl+quQhVk8BuNygFYgH+3ZX8W/SucXbwzm3PrHvWRKg6 xBzeEihlP2pKuMrpT92kMSOYSMEEljLglKc+282PnhsYeYYlNIqHKLZlfXHRnSDTJqZx mpYKqINadTVoPRYlHNKDeIMUCFHPztkpuehyE54IZ0Wkhqz8YW/IoFCA37Hhqi5jWr2n BjsldkNXIgCZXJSEWge6jvZ67OMbRyPfJjVBRqcNpYy3nbkWF9zF97NBsg4gsW6pnv3W Lh4qvhZZesFM1qkoEF3QQZhhOc8y6WRWWhnTZ40ZOqCbrst6/A7S2haIROo4mjYFLNvq y8ig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Fdt60jwD+lvk0CRUzzZRfVsEgdxvbaN018QldpZE0PA=; b=dAvXE/SmfqimBSpwJt8+Lx6VL/PPqaFIe31vp37n+kRrYPvnI/R+0GFDCAAuwbJHyQ P7aCWoR9Wgq74XghNpeKxi+Myg9NoqDiiUw9QeYqfhZziVc9AT7izErSC0haNd8LVgga Eu80nXpnHvpO9LVh9ksRXW+fBW8emKnBPBih4aTWbThSLfyiJ2rAwJwF9PqFoWofBNi4 gP5TxMLMA+6PFtxh1+VtgT92E4BG7mI3BQOkjwlHjjY+QA42j1zzMsYg+xY4Qu94dWQQ 7Nc1EyfxETYmL9v6cBm9tEGy4KNFHqfL6vtwZHbjSCQ5pmwKfeJZmzK43IJEQPM1baKh CpMA==
X-Gm-Message-State: AOAM530hsnc++1xTlYEo7OvFtvhE9ZRS1j7E6vor3xO0YWZRVTWyIoWc vC+wHMDBey2b2gVZCTxpu6T8u6PL1Kert7TuIdhucQ==
X-Google-Smtp-Source: ABdhPJykMcXcx2EmUSTs8U3Y64O8KfrPN8zw0qo1jDrkk5+IdIVuX2+B54ymqgsZIOSQ6kXwgKeVStjpVxeA8SXDfq0=
X-Received: by 2002:a17:907:213b:: with SMTP id qo27mr1683094ejb.441.1600899782522; Wed, 23 Sep 2020 15:23:02 -0700 (PDT)
MIME-Version: 1.0
References: <303E54F6-833A-4458-B3E6-DE90E7CA121B@juniper.net> <CAMMESsy8uZb9GLgh12LD9SvYSxZeMczy52TDM30w88Fbx5+2Nw@mail.gmail.com>
In-Reply-To: <CAMMESsy8uZb9GLgh12LD9SvYSxZeMczy52TDM30w88Fbx5+2Nw@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 24 Sep 2020 00:22:52 +0200
Message-ID: <CAOj+MMExdcyUP+eLdqPYRSYzg_9wVRRtSTGfQ4comC_pYteT7w@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, John Scudder <jgs@juniper.net>
Cc: "idr@ietf. org" <idr@ietf.org>, "draft-ietf-idr-rfc5575bis@ietf.org" <draft-ietf-idr-rfc5575bis@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dbd34805b00286d1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/7cNMOHNkPDjwVIQIef4oXX5INFU>
Subject: Re: [Idr] Bug in draft-ietf-idr-rfc5575bis, worth fixing?
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 22:23:07 -0000

Hi Alvaro & John

That change originated based on your below review comments:

[major] "...for the purposes of BGP route propagation, this prefix should
still be transmitted since BGP route distribution is independent on NLRI
semantics." I think this is a vulnerability: a (large) set of meaningless
Flow Specifications may be injected in the routing system...

[major] Also, propagating these unknown components may result in a router
down the line, which understands them, reacting. While the reaction
shouldn't result in reset adjacencies, it may result in inconsistent
forwarding or other unexpected outcomes...

[major] This treatment of unknown extensions is in conflict with the text
in §11. See my comments there.


- - -


It seems clear we have few point of view here to consider:


a) Yes John is right that just because my RRs do not recognize the NLRI
encoding should I block myself for propagating it ... well today it is
dropped in all other AFI/SAFIs so why should flowspec be any different ?


b) Alvaro's review was (I believe) targeting more inter-as propagation
cases and we discussed this and decided it is better to be safe than sorry
and removed that text.


c) We are talking here about BGP NLRI ... not some opaque attribute. If you
allow "garbage" to be sent within NLRI - which as we all know is a BGP db
key to store information - I think we are opening a much bigger security
hole as our imagination can reach.


To summarize at the end of the day I support current text.


Thx,

Robert (as co-author of this change).







On Wed, Sep 23, 2020 at 11:37 PM Alvaro Retana <aretana.ietf@gmail.com>
wrote:

> John:
>
> Hi!
>
> Personal opinion:  I believe that the “specified here” part (meaning this
> document) is already covering the unknown case.  However, I have no
> objections to adding the phrase in.
>
>
> Thanks!
>
> Alvaro.
>
> On September 23, 2020 at 5:14:50 PM, John Scudder (jgs@juniper.net) wrote:
>
> Hi All,
>
> I’m a little concerned about a change I failed to notice earlier in
> 5575bis. Version 17 had this paragraph in Section 4.2:
>
>    All combinations of component types within a single NLRI are allowed,
>    even if the combination makes no sense from a semantical perspective.
>    *If a given component type within a prefix in unknown, the prefix in*
>    *question cannot be used for traffic filtering* purposes by the
>    receiver.  Since a Flow Specification has the semantics of a logical
>    AND of all components, if a component is FALSE, by definition it
>    cannot be applied.  However, for the purposes of BGP route
>    propagation, this prefix should still be transmitted since BGP route
>    distribution is independent on NLRI semantics.
>
>
> Version 18 removed the paragraph. I believe it was removed because of good
> and reasonable concerns about the “prefix should still be transmitted”
> part. But, it appears we threw out the baby with the bathwater: the final
> version of the draft has nothing that corresponds to the underlined part.
> It is underspecified with respect to what should be done with unknown
> component types. The closest it comes is this paragraph in Section 4.2 of
> version 26:
>
>    A NLRI value not encoded as specified specified here is considered
>    malformed and error handling according to Section 10 <https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-26#section-10> is performed.
>
>
> But I think this falls well short of being either clear or unambiguous,
> because what does “as specified here” mean exactly?
>
> I’d like to open a discussion of whether the WG agrees that this is a bug
> and if so, whether it’s concerning enough to request a last-minute patch to
> the document, which is currently with the RFC Editor, so it’s almost an
> RFC. I think the least intrusive fix would be to insert the clause
> “including an NLRI that contains an unknown component type”, as in:
>
>    A NLRI value not encoded as specified here,
>
>    including an NLRI that contains an unknown component type,
>
>    is considered
>    malformed and error handling according to Section 10 <https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-26#section-10> is performed.
>
>
> Just as a side note, “error handling according to Section 10” points us to
> RFCs 7606 and 4760, which end up telling us to reset the session if the
> NLRI is malformed.
>
> Until we get a chance to discuss this, I’ve sent a note to the RFC Editor
> asking them to hold publication.
>
> Thanks,
>
> —John
>
> P.S.: The version 26 text also has a proofreading error, “specified
> specified”. But I assume the RFC Editor would fix that anyway.
>
>

v2.23.0 | Report a Bug | By Email