Re: [Idr] draft-keyupate-idr-bgp-prefix-sid-00 & SP isolations
Robert Raszuk <robert@raszuk.net> Tue, 18 November 2014 17:44 UTC
Return-Path: <rraszuk@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 766071A1B20 for <idr@ietfa.amsl.com>; Tue, 18 Nov 2014 09:44:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8ZmS5LBrJu0 for <idr@ietfa.amsl.com>; Tue, 18 Nov 2014 09:44:04 -0800 (PST)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E30701A1B87 for <idr@ietf.org>; Tue, 18 Nov 2014 09:43:58 -0800 (PST)
Received: by mail-ig0-f181.google.com with SMTP id l13so8062091iga.8 for <idr@ietf.org>; Tue, 18 Nov 2014 09:43:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Z6RBrvzTkCRJaCcjfoB51PGLQ5kzfAbgzUNwgsMtQS4=; b=pGrTm+ohwfL1Oc+rhTMt8ZgzIsZw57D/neKZX5UytOaLSqk8w31t/ntPN86hICkfWx ihTSNY7pLPYc5HF0c7IAPTJld3R03TCZijRNjDgcLZOCWSJYf9yH4+U96xoM96R07/Ef +8wrj3I3DR4ukypkrPtvCpFlPc6cI1yefekhnoG+akz3xJ4NnDC6WZawIug/ZQnTTmz/ aQHGPBikOiHntGIk6UCkr4MneixfDi5IjHpdJbIOkFO2slOKlAOFYgCLtKJ2ksZREXGn Vf47o1Amyhycr3sHVNtujr6w+iI5uOIoS2hPPZoQpcp3LbIS5MmXdfOrAz8W3o5SBzpG nx/Q==
MIME-Version: 1.0
X-Received: by 10.50.138.197 with SMTP id qs5mr5000207igb.17.1416332637959; Tue, 18 Nov 2014 09:43:57 -0800 (PST)
Sender: rraszuk@gmail.com
Received: by 10.107.171.149 with HTTP; Tue, 18 Nov 2014 09:43:57 -0800 (PST)
In-Reply-To: <7375_1416331847_546B8247_7375_486_1_53C29892C857584299CBF5D05346208A07265BDE@PEXCVZYM11.corporate.adroot.infra.ftgroup>
References: <8569_1416329672_546B79C8_8569_2021_1_53C29892C857584299CBF5D05346208A07265A06@PEXCVZYM11.corporate.adroot.infra.ftgroup> <CA+b+ER=MbsHbSU=qY7mwLEvjQPqKEjy3rW2WqCQqoTXfzqmpEQ@mail.gmail.com> <7375_1416331847_546B8247_7375_486_1_53C29892C857584299CBF5D05346208A07265BDE@PEXCVZYM11.corporate.adroot.infra.ftgroup>
Date: Tue, 18 Nov 2014 18:43:57 +0100
X-Google-Sender-Auth: VMAI4-O0n3QbIWcVpHVWSYdootk
Message-ID: <CA+b+ER=r5P7YTBLAN1Mf2inzX4iiJE5AgxOfVJOP1bnoAEW89A@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
To: Bruno Decraene <bruno.decraene@orange.com>
Content-Type: multipart/alternative; boundary="089e010d9e32c5210f050825a359"
Archived-At: http://mailarchive.ietf.org/arch/msg/idr/Fa6Oq8_QP1-i14jw7aytH7Gv82w
Cc: "idr@ietf. org" <idr@ietf.org>
Subject: Re: [Idr] draft-keyupate-idr-bgp-prefix-sid-00 & SP isolations
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2014 17:44:07 -0000
Hi, I think the more we stuff with critical information for reachability (next hops, SIDs, labels etc ...) into optional non negotiated attributes the more we are at risks of attack potentials and hard to detect brokeness of a networks in various ways. This draft is nothing new .. just adds more of such potential to such bag. One thing is to add protocol controls to BGP attributes the other is send what really should belong to negotiated by capabilities information for operational correctness. However on this draft itself I still must say that it may work only in one very specific application which by itself is questionable (see comments on spring list). Cheers, R. On Tue, Nov 18, 2014 at 6:30 PM, <bruno.decraene@orange.com> wrote: > Hi Robert, > > > > Please see inlined [Bruno] > > > > Bruno > > > > > > *From:* rraszuk@gmail.com [mailto:rraszuk@gmail.com] *On Behalf Of *Robert > Raszuk > *Subject:* Re: [Idr] draft-keyupate-idr-bgp-prefix-sid-00 & SP isolations > > > > Some routes may be received unlabeled (from untrusted sources) and > redistributed as labeled. e.g. IPv6 → 6PE, IP --> VPN IP > How would the AS protect itself (from SID collision) from non > labeled/trusted routes received with a SID attributes, and then > re-advertised as labelled? > > > > Hi Bruno, > > > > Doesn't the above concern is solved by the below sentence from the draft: > > > > "The BGP Label Index attribute SHOULD only be announced with BGP Prefixes > carried in a labeled address-family (SAFI value 4 or SAFI value 128)." > > > > > > With this in mind how can you receive SID attribute with unlabeled route > ? > > > > [Bruno] Someone doing an “experiment” or an attack and attaching this > attribute deliberately. > > (also it’s only a SHOULD; implementation may have bugs) > > > > Cheers, > R. > > > > > > > > > " A BGP speaker receiving a BGP Label index attribute from its EBGP > neighbor SHOULD discard the attribute unless it is configured to > accept the attribute from the EBGP neighbor." > > Is good but may not be sufficient as the above BGP speaker (ASBR) may not > support this document and hence will propagate the attribute over iBGP > sessions. (unless we require that all routers support this document in > which case we may not need a transitive attribute, which would by itself > address the problem) > > One option would be to mandate that by default a BGP session/peer > group/AFI remove the received SID attribute. (or at least do not honor it, > but I don't see the use case to keep the attribute that we don't want to > use) > e.g. something like "To contain distribution of the BGP > Label Index attribute beyond its intended scope of applicability, > attribute filtering MAY be deployed." > > But for _received_ routes and with :s/MAY/SHOULD. > > At least the currently empty security consideration section should > probably discuss this. > > Thanks, > Regards. > Bruno > > PS: On a side note "Segment Routing Architecture" should probably be a > normative reference. > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez > recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and > delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr > > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr > >
- [Idr] draft-keyupate-idr-bgp-prefix-sid-00 & SP i… bruno.decraene
- Re: [Idr] draft-keyupate-idr-bgp-prefix-sid-00 & … Robert Raszuk
- Re: [Idr] draft-keyupate-idr-bgp-prefix-sid-00 & … bruno.decraene
- Re: [Idr] draft-keyupate-idr-bgp-prefix-sid-00 & … Robert Raszuk