Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt
Enke Chen <enkechen@cisco.com> Wed, 14 May 2008 19:58 UTC
Return-Path: <idr-bounces@ietf.org>
X-Original-To: idr-archive@megatron.ietf.org
Delivered-To: ietfarch-idr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA3F13A694F; Wed, 14 May 2008 12:58:39 -0700 (PDT)
X-Original-To: idr@core3.amsl.com
Delivered-To: idr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1923A3A693B for <idr@core3.amsl.com>; Wed, 14 May 2008 12:58:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwgGV+usiZ7Z for <idr@core3.amsl.com>; Wed, 14 May 2008 12:58:37 -0700 (PDT)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id EDC533A694F for <idr@ietf.org>; Wed, 14 May 2008 12:58:36 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,488,1204520400"; d="scan'208";a="8235648"
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-2.cisco.com with ESMTP; 14 May 2008 15:51:56 -0400
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m4EJpusG014497; Wed, 14 May 2008 15:51:56 -0400
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m4EJpu45023145; Wed, 14 May 2008 19:51:56 GMT
Received: from xfe-rtp-202.amer.cisco.com ([64.102.31.21]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 14 May 2008 15:51:47 -0400
Received: from [10.82.232.26] ([10.82.232.26]) by xfe-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 14 May 2008 15:51:46 -0400
Message-ID: <482B4315.1010807@cisco.com>
Date: Wed, 14 May 2008 12:52:53 -0700
From: Enke Chen <enkechen@cisco.com>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: Ilya Varlashkin <Ilya.Varlashkin@de.easynet.net>
References: <20080513174501.449F63A683C@core3.amsl.com> <7000E71D8C525042A815432358B2F1240138D4B2@paul.adoffice.local.de.easynet.net>
In-Reply-To: <7000E71D8C525042A815432358B2F1240138D4B2@paul.adoffice.local.de.easynet.net>
X-OriginalArrivalTime: 14 May 2008 19:51:46.0822 (UTC) FILETIME=[F1346260:01C8B5FB]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2076; t=1210794716; x=1211658716; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=enkechen@cisco.com; z=From:=20Enke=20Chen=20<enkechen@cisco.com> |Subject:=20Re=3A=20[Idr]=20I-D=20ACTION=3Adraft-ietf-idr-b gp-identifier-09.txt |Sender:=20 |To:=20Ilya=20Varlashkin=20<Ilya.Varlashkin@de.easynet.net>; bh=97ysmDXyh0v2Det9E0YYxwhBYWXP1cBlPljMBgO5Xec=; b=Jo27OV+E1Sh1liCHqnplm4eLR+ll0MYBAlb1+nTZVmCld1LUrUaWQE6gfx rFkpV5n3XPjytnNqcUibcYmEuGcqRqZzMfqVq4TDojp2Wd1/ULYd4fuhDCAB rMoEzKLv3Z;
Authentication-Results: rtp-dkim-1; header.From=enkechen@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: idr@ietf.org
Subject: Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: idr-bounces@ietf.org
Errors-To: idr-bounces@ietf.org
Hi, Ilya: Please note that the OPEN message processing (and the session establishment) is on a per-session basis. Thus the collision resolution of one session (either ibgp or ebgp) would not impact another session. Regards, -- Enke Ilya Varlashkin wrote: >> -----Original Message----- >> From: idr-bounces@ietf.org [mailto:idr-bounces@ietf.org] On >> Behalf Of Internet-Drafts@ietf.org >> Sent: Tuesday, May 13, 2008 7:45 PM >> To: i-d-announce@ietf.org >> Cc: idr@ietf.org >> Subject: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt >> >> A New Internet-Draft is available from the on-line >> Internet-Drafts directories. >> > > I've looked at the draft and in current state there are potentially > problems with sections 2.3 and 4 as follow: > > Consider existing iBGP session within AS-A where identifier of the > remote side is X, and then new session connection comes from AS-B but > also having BGP identifier of X. If AS-B is numerically larger than > AS-A, then according to section 2.3 of the draft iBGP session towards > router with id X should be closed. > This is security issue - an attacker > with high AS number could deliberately set router-id to be same as some > other router of a peering network (they may or may not be penalised for > this but perhaps they want to do it anyway), effectively causing > shutdown of iBGP session in remote AS. Nevertheless, section 4 of the > draft says that security issues are not changed by the draft - I believe > they're, and they make protocol weaker than original spec. > > If it's necessary to relax BGP ID definition and have it unique only > locally within given AS, then in all collision detections BGP ID should > only be compared when ASN are equal. If two sessions have same BGP ID on > remote end but each with different ASN, then they should be considered > as different routers. > > Kind regards, > iLya > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr > _______________________________________________ Idr mailing list Idr@ietf.org https://www.ietf.org/mailman/listinfo/idr
- [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09… Internet-Drafts
- Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifie… Ilya Varlashkin
- Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifie… Enke Chen