Re: [Idr] Shepherd's review of draft-ietf-idr-te-pm-bgp
Robert Raszuk <robert@raszuk.net> Fri, 05 October 2018 14:13 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 281F6130E5D for <idr@ietfa.amsl.com>; Fri, 5 Oct 2018 07:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31YHtBlPNjWG for <idr@ietfa.amsl.com>; Fri, 5 Oct 2018 07:13:20 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C75F12DD85 for <idr@ietf.org>; Fri, 5 Oct 2018 07:13:20 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id m8-v6so7988987qka.12 for <idr@ietf.org>; Fri, 05 Oct 2018 07:13:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BHA+tbpcADrWxFxqHv14DIsX/t4J5KCAsVWRsa6AOSU=; b=FcTrNfKmpFOJE8LqnEGQvVNkrIVhS2jemUIX826Lnog5M+XQx2EgxLrJJ55qcnQlCH 9Z4gGWPMglUv7Jug9cYjTo1eQDMj0rMWPNoi824BCmPIjNdKQ6poS5CkGAOxedqxeO06 Dpc5zqoGBsoBfM8zqOLNuFjncVHF4o2e8HlnAM0RACabVGLpQ7IGu3r7yxAqGXFnWKIW CzRYBTbYIovKVzg4ngARHr5/G2Zvqk2QeCstFiXRJB6TlLkXP2BYSDubs98brOekYajf 3Ih37CCFRFb/1cUPQAy2wABYM1oPe7Hpx9ohLPX8a4k93IrfQoFV7fc4q7xWpuNK/ZiA ZsHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BHA+tbpcADrWxFxqHv14DIsX/t4J5KCAsVWRsa6AOSU=; b=EMBQYuYpXQ7s8k2hQOIGZRFuIU2X+92kz5aYnbhchPJ6QbjHtFKPXseo49MTwD+p+C VbAZGCvcpAGosqSFc7SjWzVXD9qV368CEn9pI3MFucnwezIF6vRkZ4Yas1oCuqlyXjCE BKs4YGBxAuEYHFE/Mi5/59Rrmpg6kHWq4rtOCDys4srfKbXU6fMR5YX56KjLhsSMFf3b /A8qrG2rBCZ5AjFkGl2ncmuIp07mGGY36VpCqyUDAhB3Q9EEwoe5m+Tvh9LeFRvvXFCJ 2vE1c0hMt9kRHWxND/TzwXSPPBCxlOz0mmMFI2qp1uW2+NUcKR7wTkwjyODmIEPENCS9 ksIg==
X-Gm-Message-State: ABuFfogyRQmPdoVH1GFTNcOWyjQehUfAj8o30nLglRxfW+A0dHRQxEjU vOjO0U4W6JH7qH/MSdjyQcz9ny2YNhVjaZ3BipjBQQ==
X-Google-Smtp-Source: ACcGV61hbrAOZyWJK7LhiLF6OczbLkQJZRci3PRSXjMRg6NzcpbVvgE99U9lzoypDmKLI2bLGxox48x+hsoOj7hE1Vg=
X-Received: by 2002:a37:694:: with SMTP id 142-v6mr8683852qkg.189.1538748799531; Fri, 05 Oct 2018 07:13:19 -0700 (PDT)
MIME-Version: 1.0
References: <001701d45c18$8d087820$a7196860$@ndzh.com> <800a8356a4f44e4db70f13a36c6f5552@XCH-ALN-001.cisco.com> <007701d45caf$96612c90$c32385b0$@ndzh.com>
In-Reply-To: <007701d45caf$96612c90$c32385b0$@ndzh.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 05 Oct 2018 16:13:04 +0200
Message-ID: <CAOj+MMHO8+aqGD1o+WTRKBR9L4GOWHiU0CFpVF4VS=pvOGcrxw@mail.gmail.com>
To: shares@ndzh.com
Cc: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, idr@ietf.org, draft-ietf-idr-te-pm-bgp@ietf.org
Content-Type: multipart/alternative; boundary="000000000000984d2605777bdfe0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/BNdFbChS4D9IIKMJAIVIZDjmHxc>
Subject: Re: [Idr] Shepherd's review of draft-ietf-idr-te-pm-bgp
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 14:13:29 -0000
Hi Sue, Technical information: IGP information may provide information on places > within a network that have high or critical load. An attacker could use > this information to launch a directed attack. > Seems like we have been through this topic already, but it seems to come back :) Your point is very valid however it applies to base RFC7752 not to few add-on extensions as proposed here by Les at other co-authors. All they are doing here are just defining and loading few additional bags on the plane which do not make it any more vulnerable. Entire plane which seems to be already in operation is a problem .. During time of standardization the promise has been made that it will operate separate from any other BGP traffic even including different and separate infrastructure (ex. separate RRs). Well the reality is that this is not something anyone can control and in practice this promise is not met. So IMO we should not put any obstacles into draft-ietf-idr-te-pm-bgp and allow it to progress. But if you have solid evidence then base RFC7752 should undergo real security review and if decided so should be recalled or transport of it should be clearly decoupled from port 179. As example as a trivial start the following draft could be used to decouple it from routing BGP: https://goo.gl/FC9qda If we want to go further that that we could also move transport of RFC7752 to a message bus (ZMQ, RabbitMQ, NATS or Kafka etc ...to just name a few options). I am sure there would be many more "stuff" in current BGP which would gladly jump over to such new transport model - as example even number of SAFIs could use customized RT based distribution instead of struggling with pushing RTC like filters around to get tiny subset of entire load carried in specific SAFIs. Sure it will not happen overnight - but until we start it will never happen. Thx, Robert.
- [Idr] Shepherd's review of draft-ietf-idr-te-pm-b… Susan Hares
- Re: [Idr] Shepherd's review of draft-ietf-idr-te-… Les Ginsberg (ginsberg)
- Re: [Idr] Shepherd's review of draft-ietf-idr-te-… Susan Hares
- Re: [Idr] Shepherd's review of draft-ietf-idr-te-… Robert Raszuk
- Re: [Idr] Shepherd's review of draft-ietf-idr-te-… Susan Hares
- Re: [Idr] Shepherd's review of draft-ietf-idr-te-… Les Ginsberg (ginsberg)
- Re: [Idr] Shepherd's review of draft-ietf-idr-te-… Les Ginsberg (ginsberg)
- Re: [Idr] Shepherd's review of draft-ietf-idr-te-… Susan Hares