Re: [Idr] RFC-4893 handling malformed AS4_PATH attributes
Enke Chen <enkechen@cisco.com> Mon, 15 December 2008 20:10 UTC
Return-Path: <idr-bounces@ietf.org>
X-Original-To: idr-archive@megatron.ietf.org
Delivered-To: ietfarch-idr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E1C4728C122; Mon, 15 Dec 2008 12:10:09 -0800 (PST)
X-Original-To: idr@core3.amsl.com
Delivered-To: idr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9ACA328C0FE for <idr@core3.amsl.com>; Mon, 15 Dec 2008 12:10:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u+2bRKLUw64H for <idr@core3.amsl.com>; Mon, 15 Dec 2008 12:10:06 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id E967128C122 for <idr@ietf.org>; Mon, 15 Dec 2008 12:10:05 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.36,226,1228089600"; d="scan'208";a="213309049"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 15 Dec 2008 20:09:59 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id mBFK9xmg005224; Mon, 15 Dec 2008 12:09:59 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id mBFK9xWk001289; Mon, 15 Dec 2008 20:09:59 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 15 Dec 2008 12:09:59 -0800
Received: from enke-linux.cisco.com ([128.107.130.57]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 15 Dec 2008 12:09:58 -0800
Message-ID: <4946B996.4040907@cisco.com>
Date: Mon, 15 Dec 2008 12:09:58 -0800
From: Enke Chen <enkechen@cisco.com>
User-Agent: Thunderbird 2.0.0.18 (X11/20081105)
MIME-Version: 1.0
To: Danny McPherson <danny@tcb.net>
References: <CD705FABA8532448AA1FB7A96C88FF140898F8A4@emailbng1.jnpr.net> <4D86C4C6-F7CD-46B9-ABBE-04530F4D1278@juniper.net> <164BE5B4-1A18-42D7-A11B-DE2056890C78@tcb.net> <4946AC94.2080605@cisco.com> <5340D990-F446-4C37-8307-1DB31ADF2273@tcb.net>
In-Reply-To: <5340D990-F446-4C37-8307-1DB31ADF2273@tcb.net>
X-OriginalArrivalTime: 15 Dec 2008 20:09:58.0662 (UTC) FILETIME=[1ACE3260:01C95EF1]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2123; t=1229371799; x=1230235799; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=enkechen@cisco.com; z=From:=20Enke=20Chen=20<enkechen@cisco.com> |Subject:=20Re=3A=20[Idr]=20RFC-4893=20handling=20malformed =20AS4_PATH=20attributes |Sender:=20; bh=SnjwRI6FrbTcUlauK3IjaMzcQTx5DXS8jxVdKpCS0X4=; b=pizeRkFQbr26lMKl+c7CJ0621ibg0VpTJNWwMRh+LhXJdrp5YV3SYj4pSS 9CQWlVFCvJxN4O3rthNieK75bImVaHICDIeMj/Ui0D1LOQVrcI7Mr9LNvq/U q99HlqUpVU;
Authentication-Results: sj-dkim-4; header.From=enkechen@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: Inter-Domain Routing List <idr@ietf.org>, quaizar.vohra@gmail.com
Subject: Re: [Idr] RFC-4893 handling malformed AS4_PATH attributes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: idr-bounces@ietf.org
Errors-To: idr-bounces@ietf.org
Danny McPherson wrote: > > On Dec 15, 2008, at 12:14 PM, Enke Chen wrote: >> >> The issue of receiving unexpected AS_CONFED_xxx segment was actually >> considered when we were working on the 4byte AS document before. The >> thinking was that it's a generic issue with the confederation that >> has been addressed by the confederation document. > > But it's not, because you're now tunneling these attributes > in AS4_PATH and can result in *remote* non-adjacent session > tear downs or even craft targeted attacks with such a behavior, > not just adjacent eBGP speakers. > >> While the confederation document (RFC 5056) treats it as an error >> condition to maintain the protocol correctness, the implementations >> commonly just ignore the segments. "be conservative in what you >> send, and be liberal in what you accept". > > I'm not sure what that means, are you saying that you propagate > those segments and ignore the spec? or that you discard them > and ignore the spec? If the latter, you're saying that's what you > currently do, but the spec need not be updated to reflect this? For the implementations of confederation that I am familiar with, the AS_CONFED_xxx segments are discarded if received unexpectedly (e.g., from eBGP). The offense is not considered serious enough to tear down the session. Regarding the confederation spec, do not ask me. You are one of the co-authors of the latest version. > > And what if those segments were there because a broken generating > implementation put them, rather than a confederation identifier, > in the AS4_PATH attribute? Could this not result in routing > information loops? Should the operator not be notified of this? These questions have been answered by 15 years of confederation deployment. Don't they? > > Either way, I get the "people do stupid things, don't let them > hurt you bit", but the fact that RFC 4893 enables this is a > problem. Again, I do not see any reason why RFC 4893 should be different from RFC 5056 w.r.t. the processing of unexpected confed segments. -- Enke _______________________________________________ Idr mailing list Idr@ietf.org https://www.ietf.org/mailman/listinfo/idr
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… cayle.spandon
- [Idr] RFC-4893 handling malformed AS4_PATH attrib… Kaliraj Vairavakkalai
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Florian Weimer
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… cayle.spandon
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Kaliraj Vairavakkalai
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John Leslie
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John Leslie
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma