Re: [Idr] Shepherd's review of draft-ietf-idr-te-pm-bgp

Robert Raszuk <robert@raszuk.net> Fri, 05 October 2018 14:13 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 281F6130E5D for <idr@ietfa.amsl.com>; Fri, 5 Oct 2018 07:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31YHtBlPNjWG for <idr@ietfa.amsl.com>; Fri, 5 Oct 2018 07:13:20 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C75F12DD85 for <idr@ietf.org>; Fri, 5 Oct 2018 07:13:20 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id m8-v6so7988987qka.12 for <idr@ietf.org>; Fri, 05 Oct 2018 07:13:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BHA+tbpcADrWxFxqHv14DIsX/t4J5KCAsVWRsa6AOSU=; b=FcTrNfKmpFOJE8LqnEGQvVNkrIVhS2jemUIX826Lnog5M+XQx2EgxLrJJ55qcnQlCH 9Z4gGWPMglUv7Jug9cYjTo1eQDMj0rMWPNoi824BCmPIjNdKQ6poS5CkGAOxedqxeO06 Dpc5zqoGBsoBfM8zqOLNuFjncVHF4o2e8HlnAM0RACabVGLpQ7IGu3r7yxAqGXFnWKIW CzRYBTbYIovKVzg4ngARHr5/G2Zvqk2QeCstFiXRJB6TlLkXP2BYSDubs98brOekYajf 3Ih37CCFRFb/1cUPQAy2wABYM1oPe7Hpx9ohLPX8a4k93IrfQoFV7fc4q7xWpuNK/ZiA ZsHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BHA+tbpcADrWxFxqHv14DIsX/t4J5KCAsVWRsa6AOSU=; b=EMBQYuYpXQ7s8k2hQOIGZRFuIU2X+92kz5aYnbhchPJ6QbjHtFKPXseo49MTwD+p+C VbAZGCvcpAGosqSFc7SjWzVXD9qV368CEn9pI3MFucnwezIF6vRkZ4Yas1oCuqlyXjCE BKs4YGBxAuEYHFE/Mi5/59Rrmpg6kHWq4rtOCDys4srfKbXU6fMR5YX56KjLhsSMFf3b /A8qrG2rBCZ5AjFkGl2ncmuIp07mGGY36VpCqyUDAhB3Q9EEwoe5m+Tvh9LeFRvvXFCJ 2vE1c0hMt9kRHWxND/TzwXSPPBCxlOz0mmMFI2qp1uW2+NUcKR7wTkwjyODmIEPENCS9 ksIg==
X-Gm-Message-State: ABuFfogyRQmPdoVH1GFTNcOWyjQehUfAj8o30nLglRxfW+A0dHRQxEjU vOjO0U4W6JH7qH/MSdjyQcz9ny2YNhVjaZ3BipjBQQ==
X-Google-Smtp-Source: ACcGV61hbrAOZyWJK7LhiLF6OczbLkQJZRci3PRSXjMRg6NzcpbVvgE99U9lzoypDmKLI2bLGxox48x+hsoOj7hE1Vg=
X-Received: by 2002:a37:694:: with SMTP id 142-v6mr8683852qkg.189.1538748799531; Fri, 05 Oct 2018 07:13:19 -0700 (PDT)
MIME-Version: 1.0
References: <001701d45c18$8d087820$a7196860$@ndzh.com> <800a8356a4f44e4db70f13a36c6f5552@XCH-ALN-001.cisco.com> <007701d45caf$96612c90$c32385b0$@ndzh.com>
In-Reply-To: <007701d45caf$96612c90$c32385b0$@ndzh.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Fri, 5 Oct 2018 16:13:04 +0200
Message-ID: <CAOj+MMHO8+aqGD1o+WTRKBR9L4GOWHiU0CFpVF4VS=pvOGcrxw@mail.gmail.com>
To: shares@ndzh.com
Cc: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, idr@ietf.org, draft-ietf-idr-te-pm-bgp@ietf.org
Content-Type: multipart/alternative; boundary="000000000000984d2605777bdfe0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/BNdFbChS4D9IIKMJAIVIZDjmHxc>
Subject: Re: [Idr] Shepherd's review of draft-ietf-idr-te-pm-bgp
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 14:13:29 -0000

Hi Sue,

Technical information:  IGP information may provide information on places
> within a network that have high or critical load.  An attacker could use
> this information to launch a directed attack.
>

Seems like we have been through this topic already, but it seems to come
back :)

Your point is very valid however it applies to base RFC7752 not to few
add-on extensions as proposed here by Les at other co-authors.

All they are doing here are just defining and loading few additional bags
on the plane which do not make it any more vulnerable. Entire plane which
seems to be already in operation is a problem ..

During time of standardization the promise has been made that it will
operate separate from any other BGP traffic even including different and
separate infrastructure (ex. separate RRs). Well the reality is that this
is not something anyone can control and in practice this promise is not
met.

So IMO we should not put any obstacles into draft-ietf-idr-te-pm-bgp and
allow it to progress.

But if you have solid evidence then base RFC7752 should undergo real
security review and if decided so should be recalled or transport of it
should be clearly decoupled from port 179.

As example as a trivial start the following draft could be used to decouple
it from routing BGP: https://goo.gl/FC9qda

If we want to go further that that we could also move transport of RFC7752
to a message bus (ZMQ, RabbitMQ, NATS or Kafka etc ...to just name a few
options). I am sure there would be many more "stuff" in current BGP which
would gladly jump over to such new transport model - as example even number
of SAFIs could use customized RT based distribution instead of struggling
with pushing RTC like filters around to get tiny subset of entire load
carried in specific SAFIs. Sure it will not happen overnight - but until we
start it will never happen.

Thx,
Robert.