IETF Logo Mail Archive

Re: [Idr] draft-uttaro-idr-bgp-persistence-00: Security Considerations

Robert Raszuk <robert@raszuk.net> Wed, 02 November 2011 22:35 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AB3A11E80F1 for <idr@ietfa.amsl.com>; Wed, 2 Nov 2011 15:35:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[AWL=0.082, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHGZY-lO60hA for <idr@ietfa.amsl.com>; Wed, 2 Nov 2011 15:35:05 -0700 (PDT)
Received: from mail37.opentransfer.com (mail37.opentransfer.com [76.162.254.37]) by ietfa.amsl.com (Postfix) with SMTP id AFAB111E80A5 for <idr@ietf.org>; Wed, 2 Nov 2011 15:35:04 -0700 (PDT)
Received: (qmail 19909 invoked by uid 399); 2 Nov 2011 22:35:02 -0000
Received: from unknown (HELO ?216.69.73.170?) (216.69.73.170) by mail37.opentransfer.com with SMTP; 2 Nov 2011 22:35:02 -0000
Message-ID: <4EB1C596.5030306@raszuk.net>
Date: Wed, 02 Nov 2011 23:35:02 +0100
From: Robert Raszuk <robert@raszuk.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Jakob Heitz <jakob.heitz@ericsson.com>
References: <4EA1F0FB.3090100@raszuk.net> <4EA487E4.2040201@raszuk.net> <B17A6910EEDD1F45980687268941550FA20750@MISOUT7MSGUSR9I.ITServices.sbc.com> <4EA84254.9000400@raszuk.net> <4EA8A91C.4090305@cisco.com> <7309FCBCAE981B43ABBE69B31C8D21391A447FB381@EUSAACMS0701.eamcs.ericsson.se>
In-Reply-To: <7309FCBCAE981B43ABBE69B31C8D21391A447FB381@EUSAACMS0701.eamcs.ericsson.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "idr@ietf.org List" <idr@ietf.org>, "UTTARO, JAMES" <ju1738@att.com>
Subject: Re: [Idr] draft-uttaro-idr-bgp-persistence-00: Security Considerations
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert@raszuk.net
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 22:35:05 -0000

Hi Jakob,

Let me try to understand the issue you are describing a bit better.

If we have a below scenario:

           / PE2
PE1 -- RR
           \ PE3

When PE2 disappears RR will re-advertise his routes as persistent to PE1 
with some labels - for simplicity let's assume those are L3VPN labels.

There are two options ...

* PE2 went down for good - RR by advertising persistent routes may at 
most cause to blackhole the traffic - that is why I started by 
recommending a MUST for next hop reachability

* PE2 restarted - here I assume RR would withdraw previous STALE routes 
by both implicit withdraw and explicit withdraw - when new session comes 
up between RR and PE2. RR knows the same rtr_id/peer_ip (session got 
reestablished). I really can not imagine otherwise regardless of 
persistence timer value setting.

Labels are of local significance. They alone mean nothing without the 
next hop. So I fail to see the case you describe or for that matter 
described by security section that even transiently labels advertised 
with BGP NLRIs are going to cause harm or inter-VPN disturbance.

En-light me pls ! I want to see the ghost ;-)

Cheers,
R.


> On Wednesday, October 26, 2011 5:43 PM, Enke Chen<>  wrote:
>
>> Hi, folks:
>>
>> I have a hard time in understanding what new problems (beyond the GR)
>> the draft try to solve :-(
>
> Me too.
>
> The persisting routers will persistently send labeled packets
> into the core. If the intended destination really has disappeared,
> and restarted, what is the chance that such labeled packets
> interfere with other unrelated services, just because of labels
> being reused?
>
> Quote from 3.1 of the draft:
> The persist-timer
>        should be set to a large value on the order of days to infinity.
>
> Customers rely on the separation between VPN's. The "P" means private.
> Anything that threatens that "P" should not be taken lightly.
>
> I'm starting to imagine my video stream intrespersed with dzzt, zzt
> from random packets being injected into it. How real is that?
>

v2.23.0 | Report a Bug | By Email