Re: [Idr] Secdir last call review of draft-ietf-idr-long-lived-gr-05
John Scudder <jgs@juniper.net> Wed, 12 July 2023 18:28 UTC
Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E1A6C14CF13; Wed, 12 Jul 2023 11:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="uwsmaeQb"; dkim=pass (1024-bit key) header.d=juniper.net header.b="JJFIdjgv"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0J_ksymMmUJ; Wed, 12 Jul 2023 11:28:29 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B367DC151066; Wed, 12 Jul 2023 11:28:29 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 36CHjagE031934; Wed, 12 Jul 2023 11:28:29 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=LH6zMsX3ivID2ZNkw3kZRwnLWc1MnoiNOUJPdhFI5Us=; b=uwsmaeQbv3YFIx7g4yPgqlBnkjqhQErF8/t9a8cWx3NHsxwrfm05/7+tYdEX+BRemzIQ Bu44KTX8zy57F0l9aX5o27DsKm58Vf5IPl7vRHMIYuH1OfFAB0zvxZhcFltYZU4uMF7Z xIz88gxwG1Fh8hnlWjq6HXG50sD8m6ygHJA9ZTsqTOuPAYdVxBFnnDmHiR3DZCO3PpaF onyb9pA0o7XRjXOy1gL0qR1aKADVKtVV95sqzV1N9D5mhWswAoCAna/enXD1utoJdflI SVp1+fuxciLnyPIaDB0W0goEnaM5cpxQMJsD1gTsMq3/2MUONkFZbOMtLndZPpsqY2od 1Q==
Received: from cy4pr02cu007.outbound.protection.outlook.com (mail-westcentralusazlp17011013.outbound.protection.outlook.com [40.93.6.13]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3rsgu3j1a3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 12 Jul 2023 11:28:28 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F82N+LY5SIgO2kKIxkkycZqlhxifCBp2SoJ7rkgln2r79/aR1Jffbc5SmyLlYsU/pCHrJJkY3nTZaqqrneCfc/z2cuWgLj6oTXE/yHZ6iqvgCM4KaqNlDLsLQKDTkFylGp6QWRDnwVZd/tNf21/LbgI31Ms/ksysEREvWOWmiHJ1O1fkccLBX+r8pryc17ecQLDFDp6Ao4lD/HzpZYILTrEdZ/JkV7/+o53z2ofzXhKX8eR/2B0eh81rrg4ezUath5DrwrSEy8T7L1mlK8AvZIrf//rXjIMaqq2UpsbxfsMbtFBc+Hmb+CtfOfA7c5sLXLctumthGyukyG7mK10nIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LH6zMsX3ivID2ZNkw3kZRwnLWc1MnoiNOUJPdhFI5Us=; b=nHeNqtnlqsjR/yA4AD6LrCuvOR4TLvS3146zerne4EOg9Oez1b7m0Ez1KJJ2pw4gUzULqri+B8hTPDekr0p5X5pby2CcxLvQFxXo6HNhgEkSW4SsXkp6GjUUaXjFGt7qC00yawIa3y+1DYV4PM1mbqOnB2mYTp0V89bIpG43c/8mgAC/+7JLS70u/GgbzrhjS8FAFcmD6LCRnk5pn3KlXVTULsglaLf8fr4VcQcyB0uKl91eB3gobV5viDevhJO31mPSB9C5/2waT4+Ga/EMIOOFourF5geWIdtEQZSCuu8ZCXSJh+lUJYM1gfpYf6MLtZwIFfpI+2YS6MHq81yVLw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LH6zMsX3ivID2ZNkw3kZRwnLWc1MnoiNOUJPdhFI5Us=; b=JJFIdjgvMfeTNRt0JYVhA5K0+27Fb8NbtNIr1W2PyYgtHubsHLsuistXp7hXeEk3pZp5gXpgPeTT+/oyxJdD2yPLiTdi43/t3ig/oXiK20xYLH2AlkRTUyNKUgIQ/dN8ShA+dxWS1tF7RqhS2kBu906g/QMEQxZidsuE9pzrtoQ=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by IA0PR05MB10096.namprd05.prod.outlook.com (2603:10b6:208:40c::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.31; Wed, 12 Jul 2023 18:28:27 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::9ab0:387b:409:ee41]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::9ab0:387b:409:ee41%7]) with mapi id 15.20.6588.022; Wed, 12 Jul 2023 18:28:26 +0000
From: John Scudder <jgs@juniper.net>
To: Valery Smyslov <valery@smyslov.net>
CC: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-idr-long-lived-gr.all@ietf.org" <draft-ietf-idr-long-lived-gr.all@ietf.org>, "idr@ietf.org" <idr@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-idr-long-lived-gr-05
Thread-Index: AQHZrk6Hr6OArlMak0eJZx8uin7/sq+2gK2A
Date: Wed, 12 Jul 2023 18:28:26 +0000
Message-ID: <71207892-ADFC-417E-B8C4-66B564C53934@juniper.net>
References: <168845800740.483.1479588038121884290@ietfa.amsl.com>
In-Reply-To: <168845800740.483.1479588038121884290@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.3)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR05MB6109:EE_|IA0PR05MB10096:EE_
x-ms-office365-filtering-correlation-id: 07f7b4cc-35b9-4641-9f3a-08db8305c878
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kRBhNGdGF7keorell4hqPyTfxlFN+oUjVPyhi9i0MKHwkruCA1qyahx65c3gOPuIOP5tZ2WLTo/CByVpRqx0UHfWyMkiudLGWnEcLwiEd1YNsaYRajzItIYSX9043T9vsTutRZI2vFFVuO1TGt0goP+KkuW6BdVC2/DGcaQiH9GfzZQBF8mvT+6X9mxdY9/HtNcdp2ifUv3dTXAi4z5L1+/0+NDm1ztu+NDeOvZAeMewkdVJnyqV2/RU1i0M0PY5I2TF0Ev2idBstKauinDGMw5IJje1ayuRR/lLvYzmmKSgCfxupbNRnSaqWBLlUEsQYWhW266oyQQ65+sZrslK03JMzBiYZpFPmaAUS9/GWvo1f6IWALBacdUSUuCvfhjgqsBoVfDL/31mzb63V6IvT5mwBFPh6/AzCUur3g1MNZuIe7prOdjJzW9+PTiiwxpjAEEsW8kLvVKNflZE3R0+Zo9TkFzufkk6zRL9igEPgYrHV5qlOjfmT97j4bRppgvyw/Df8R+0bx/dJe8GI+VlpsNa98GeCRVq5Yld/gnXOykbyo659MsAPISL1FFf9UdV5g7U4G7HH/xbDHiZ1W/BufOtVW/hPo7sKDDr3WcSRP/GlDLV+U7qCuBxVNajt6m9LaTitV9lrrzPtnJIl+CgcQUDWFJFWnJSxm0ogr+sLcVbAMMep6kKGJiC/MpCzISqSKa0l74jUTjOCk/utsLIpg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(376002)(366004)(39860400002)(346002)(396003)(451199021)(6486002)(478600001)(71200400001)(33656002)(83380400001)(2616005)(26005)(6506007)(186003)(36756003)(53546011)(66574015)(6512007)(316002)(2906002)(41300700001)(91956017)(122000001)(66476007)(6916009)(66946007)(66446008)(4326008)(76116006)(66556008)(64756008)(38100700002)(86362001)(8936002)(38070700005)(8676002)(5660300002)(54906003)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OpZmauNDgzVpZxX5hKgMkoTj7A7aiTHiloS0L/pgfCakePhTvY0ZCNnUhmfdzOCgDau+F8vDAqfYoBJktqgAlcjpUTY9D7JnSwLcSKopkof9+N7ox/poSwPVlwKpcU93vv4YkDfI2tKoTDLXcCqGOfUYAVJEBne/ow8BklMvalbA6YL9CmGU2FyS85zAX45nmOMMYmdcKwgl6Z/5xpkhTsKk+B9hMYhgl5OzP/yNaD1F5J0HsdN3TKB+5vW74xrJ5o3crOd3tm26AtlsjvBGea2pCRB5GeVTDFrK9H3keRerIyte9QlqgjVwKOFwfhYISrN5DzgD0qbo7qiWEfPoPSYBjkePtlehXIa4+wVe2a72wPJOjMA8WEzojiXrUXMzfpzd/A20ddg6VwDua7dDYfjNlDremxXWcg+8Yiq7FC+mNNP2KDuhveVD4oT2tvUH14/KElQeMoAIxVuxruRJYhH51wYkLv73kDq2cViOGtN4hQuHpf5BgDspRtMZOOZ5b63hGJSAZgCV9OzjkeGy8xxc/7DPUULntT0f7cJDMDVmAIoELj41gF5OZYaSipuNZCOuRo6onEMIKmjfIugR/fnGLUyQA6ToAXjRr+4eO/XwtbqTXFQMMZ+JaNWxBm7aM2XB4sccsMTpG32VKQXPBmVWEnEm3PTLeis5kJL2/+gHhQdPHZ1xOpkMf6KZ5K9vQyJYJEbwyOZm5Y07axcqEoSie6v6eXAnNfIK2ZWb8ZhkJhVimUcc3WrNYUw8KRuVZIvmQjGqaftwtJaeVOjGNjNroj9Wp8Pgotw3FOzRl2ReNi8SPNIRgWhOU9i7XifBLiqGL2MGxZgPps9r501R+ZEetrTc4NkMyO0tj+PO0r94FEuz7heX3hx/P+vQrmpbVLCbOrdf4nHyD6fqyx1Lnr2OvhFX1sWkV/Jeqh6tUEZMMvZOy7FkZTnsADeGgx0ZxnB8AxMkJmnETUrkL/0It2fkf6PI4Sg9CKJn+i9Ir6PpOFfL6MA870Jf4eUFzg7gWiDzZNZzbyvoyd1Z+4z1QV7Qc4We+vwnGxKGPg/Q5XDGr2SI3K6EwHOCGlys826nrNHenwn3l6EmbQ71DK4T/hxQ3vCu2W3B8GmI97TF/2ubiY5FyI6Ww/F6g1RBSdvOWuSG9mxsVS/eNqD1Cg9rf0Cr02jcB1ZiExZhmO6C293uetThyh1LQSjj/aG0tmth2qtnE8m2UHY6zIVkJvk/4NoO+uXNzi9hN+sg5ia9vtUUNuHWtNNyDui2IKRVLGv5FK2/YKmDfm2G7dgM9kkJjiAspVm6e2TS3uiFdc9o5mn0pqsNOyjlbRNgEJyF0qxDq7TZDf7ytXxWreFTpwoMLmzDEo1foOe2NxIA056tVRR3st3+Eej3L+r/u2Af607gqBtgbIgKdSLx5q4Fe0/1zoZfBQwUOPXOVvZCphhQAm8AWfsJdHucWml5K4L8M/v/5q9PkfbStT3k1tS1ZoIZ6edAjy4DqG/6JEpjwT1jbfYF76wcSkkO0U0MqCeCJ6EXOOrSuOMPXQmfrtuguodhGeiVIQn3iDh1QwinbksKvuwhXlSsHn2mxWHHJcHbF7SN
Content-Type: text/plain; charset="utf-8"
Content-ID: <2F142E49AB1F814B9157D1074B66FF53@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 07f7b4cc-35b9-4641-9f3a-08db8305c878
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2023 18:28:26.4219 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BamKsKLpNnQwic1OpS3r3SKj3ucddedFnvHzAKDno/svr96mUDEedM1KVqhLo/AP
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR05MB10096
X-Proofpoint-GUID: ew7bwA8ubH2e3hbyoKYp-LOzKlpSS5Us
X-Proofpoint-ORIG-GUID: ew7bwA8ubH2e3hbyoKYp-LOzKlpSS5Us
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-07-12_12,2023-07-11_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxlogscore=999 bulkscore=0 adultscore=0 spamscore=0 clxscore=1011 malwarescore=0 mlxscore=0 impostorscore=0 lowpriorityscore=0 priorityscore=1501 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2305260000 definitions=main-2307120166
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/g_Wg6oQHEqYgd3n-cGcXdvTx2fw>
Subject: Re: [Idr] Secdir last call review of draft-ietf-idr-long-lived-gr-05
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2023 18:28:33 -0000
Hi Valery, Thanks for your review. Some responses inline below. > On Jul 4, 2023, at 4:06 AM, Valery Smyslov via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Valery Smyslov > Review result: Has Issues > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > The document defines a new BGP capability "Long-lived Graceful Restart Capability" > that allows stale routes to be retained for a longer time than is currently allowed > by RFC 4724. The document is well written and is easy to understand. Thank you! > My concern is that the upper limit for the "Long-lived Stale Time" period is 2^24 - 1 seconds > (about 194 days) and the document doesn't specify any restrictions for this value. I’m not sure if this is different from what you meant by “any restrictions”, but Section 4.2 has "These timers MAY be modified by local configuration.” After discussing it with my co-authors, we agree that this is too easy to overlook, and propose to change it to "The timers received in the Long-lived Graceful Restart Capability SHOULD be modifiable by local configuration, which may impose either an upper or a lower bound, or both, on their respective values.” Then, we return to this in our updated Security Considerations section, read on. > It seems to me that having such long lived stale routes may open new possibilities for attackers. > In particular, a possibility of a resource exhausting for storing a lot of stale routes > for a very long time leading to a DoS attack come first to my mind. > This possibility is not mentioned in the Security Considerations. We worked through several scenarios and as best we can determine, this is adequately covered under "The security implications of the LLGR mechanism defined in this document are akin to those incurred by the maintenance of stale routing information within a network." The outline looks like: 1. To successfully mount a DoS attack against the network, the attacker has to be able to inject a large number of routes. If an attacker can do that, it’s a pre-existing vulnerability, not one created by LLGR. 2. The new vulnerability would be, if the DoS in (1) can be exacerbated by keeping the garbage routes stored in the network even after the attack against the proximate victim has been remediated. 2.a. But, if the attack is remediated, for instance by resetting the BGP session from the attacker to the victim (either manually, or as a result of the operation of an automatic defense feature such as max-prefixes), then the routes would promptly be flushed from the network as a consequence of the normal operation of the BGP protocol. 2.b. So, in order for the attack to succeed, the proximate victim would have to be prevented from withdrawing the routes. Ergo, the attacker would have to have the ability to not only inject routes in (1), but subsequently to silence the victim router (e.g. by crashing it into a non-recoverable state). 2.c. Even if that scenario were to be carried out (which implies underlying vulnerabilities probably more concerning than the LLGR resource-exhaustion vulnerability itself) the victim router’s next hop would disappear from the IGP, which would cause the LLGR routes to become non-resolvable, removing them from the FIB. Granted that RIB resources would still be consumed for the duration of the attack or the LLST, whichever is shorter, but in general FIB, not RIB, resources are the bottleneck. We’re not absolutely opposed to including an analysis like the above in the Security Considerations, but pending any further discussion, we’re comfortable with leaving it at the brief outline that’s already present. We did add one sentence to the introductory paragraph, so OLD: The security implications of the LLGR mechanism defined in this document are akin to those incurred by the maintenance of stale routing information within a network. NEW: The security implications of the LLGR mechanism defined in this document are akin to those incurred by the maintenance of stale routing information within a network. However, since the retention time may potentially be much longer, the window during which certain attacks are feasible may be substantially increased. > Then, it seems to me that the countermeasures suggested in Section 6 to avoid VPN breach > may not work for large values of the "Long-lived Stale Time" period. > > And a final nit: the last para of Section 6 looks to me like some sort of excuse, which > in my opinion is not appropriate for a technical document. No matter how complex an attack is, > if it is ever feasible with the given threat model, then we should just describe it > with no additional sentiments that it is hard. Perhaps it is better to describe possible > attacks in terms of attacker's capabilities. E.g.: "If an attacker is able to inject packets > into the network then the following attacks are possible...". Thanks for challenging us on these! Happily, the rewrite to fix the latter also led to improving the clarity of exposition regarding the countermeasure. Your point is still correct of course, that if it’s impossible to find a viable configuration that prevents overlap of label allocation reuse time and LLST, then the attack can’t be entirely ruled out; I hope the proposed text is sufficiently clear on this point. I’ve pasted the proposed update below. OLD: Therefore, to avoid VPN breach, before enabling BGP LLGR for a VPN address family, Service Providers need to check how fast a given label can be reused by a PE, taking into account: * The load of the BGP route churn on a PE (in terms of the number of VPN labels advertised and the churn rate). * The label allocation policy on the PE (possibly depending upon the size of the pool of the VPN labels (which can be restricted by hardware considerations or other MPLS usages), the label allocation scheme (for example per route or per VRF/CE), the re- allocation policy (for example least recently used label). Note that [RFC4781] which defines Graceful Restart Mechanism for BGP with MPLS is also applicable to BGP LLGR. These considerations notwithstanding, the LLGR mechanism described within this document is considered to be complex to exploit maliciously - in order to inject packets into a topology, there is a requirement to engineer a specific LLGR state between two PE devices, whilst engineering label reallocation to occur in a manner that results in the two topologies overlapping. Such allocation is particularly difficult to engineer (since it is typically an internal mechanism of a router). NEW: In order to exploit the vulnerability described above, there is a requirement to engineer a specific LLGR state between two PE devices, whilst engineering label reallocation to occur in a manner that results in the two topologies overlapping. Therefore, to avoid the potential for a VPN breach, before enabling BGP LLGR for a VPN address family, the operator should endeavor to ensure that the lower bound on when a label might be reused is greater than the upper bound on LLST. Section 4.2 discusses the provision of an upper bound on LLST. Details of features for setting a lower bound on label reuse time are beyond the scope of this document; however, factors that might need to be taken into account when setting this value include: * The load of the BGP route churn on a PE (in terms of the number of VPN labels advertised and the churn rate). * The label allocation policy on the PE (possibly depending upon the size of the pool of the VPN labels (which can be restricted by hardware considerations or other MPLS usages), the label allocation scheme (for example per route or per VRF/CE), the re- allocation policy (for example least recently used label). Note that [RFC4781] which defines Graceful Restart Mechanism for BGP with MPLS is also applicable to BGP LLGR. We’ll post a version 06 with the updates as soon as possible. Thanks again for your review. —John
- [Idr] Secdir last call review of draft-ietf-idr-l… Valery Smyslov via Datatracker
- Re: [Idr] Secdir last call review of draft-ietf-i… John Scudder
- Re: [Idr] Secdir last call review of draft-ietf-i… Valery Smyslov