IETF Logo Mail Archive

Re: [Idr] draft-uttaro-idr-bgp-persistence-00: Security Considerations

"UTTARO, JAMES" <ju1738@att.com> Wed, 02 November 2011 20:20 UTC

Return-Path: <ju1738@att.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4E6711E8159 for <idr@ietfa.amsl.com>; Wed, 2 Nov 2011 13:20:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.105
X-Spam-Level:
X-Spam-Status: No, score=-106.105 tagged_above=-999 required=5 tests=[AWL=0.494, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DwLhebaLDn2 for <idr@ietfa.amsl.com>; Wed, 2 Nov 2011 13:20:51 -0700 (PDT)
Received: from mail119.messagelabs.com (mail119.messagelabs.com [216.82.241.195]) by ietfa.amsl.com (Postfix) with ESMTP id 0E26411E8122 for <idr@ietf.org>; Wed, 2 Nov 2011 13:20:50 -0700 (PDT)
X-Env-Sender: ju1738@att.com
X-Msg-Ref: server-9.tower-119.messagelabs.com!1320265246!47902297!1
X-Originating-IP: [144.160.20.145]
X-StarScan-Version: 6.3.6; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 6148 invoked from network); 2 Nov 2011 20:20:46 -0000
Received: from sbcsmtp6.sbc.com (HELO mlpd192.enaf.sfdc.sbc.com) (144.160.20.145) by server-9.tower-119.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 2 Nov 2011 20:20:46 -0000
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id pA2KLDdL025452; Wed, 2 Nov 2011 16:21:14 -0400
Received: from MISOUT7MSGHUB9E.ITServices.sbc.com (misout7msghub9e.itservices.sbc.com [144.151.223.61]) by mlpd192.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id pA2KL80v025345 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 2 Nov 2011 16:21:08 -0400
Received: from MISOUT7MSGUSR9I.ITServices.sbc.com ([169.254.1.231]) by MISOUT7MSGHUB9E.ITServices.sbc.com ([144.151.223.61]) with mapi id 14.01.0339.001; Wed, 2 Nov 2011 16:20:41 -0400
From: "UTTARO, JAMES" <ju1738@att.com>
To: 'Jakob Heitz' <jakob.heitz@ericsson.com>, Enke Chen <enkechen@cisco.com>
Thread-Topic: [Idr] draft-uttaro-idr-bgp-persistence-00: Security Considerations
Thread-Index: AQHMmZzjYL6llAJn90+pSAwemYlI5Q==
Date: Wed, 02 Nov 2011 20:20:40 +0000
Message-ID: <B17A6910EEDD1F45980687268941550FA226E0@MISOUT7MSGUSR9I.ITServices.sbc.com>
References: <4EA1F0FB.3090100@raszuk.net> <4EA487E4.2040201@raszuk.net> <B17A6910EEDD1F45980687268941550FA20750@MISOUT7MSGUSR9I.ITServices.sbc.com> <4EA84254.9000400@raszuk.net> <4EA8A91C.4090305@cisco.com> <7309FCBCAE981B43ABBE69B31C8D21391A447FB381@EUSAACMS0701.eamcs.ericsson.se>
In-Reply-To: <7309FCBCAE981B43ABBE69B31C8D21391A447FB381@EUSAACMS0701.eamcs.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.4.51]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "idr@ietf.org List" <idr@ietf.org>, "robert@raszuk.net" <robert@raszuk.net>
Subject: Re: [Idr] draft-uttaro-idr-bgp-persistence-00: Security Considerations
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 20:20:52 -0000

Jakob,

	See the security section of the draft.

Jim Uttaro

-----Original Message-----
From: Jakob Heitz [mailto:jakob.heitz@ericsson.com] 
Sent: Wednesday, November 02, 2011 4:06 PM
To: Enke Chen; UTTARO, JAMES
Cc: idr@ietf.org List; robert@raszuk.net
Subject: RE: [Idr] draft-uttaro-idr-bgp-persistence-00: Security Considerations

On Wednesday, October 26, 2011 5:43 PM, Enke Chen <> wrote:

> Hi, folks:
> 
> I have a hard time in understanding what new problems (beyond the GR)
> the draft try to solve :-(

Me too.

The persisting routers will persistently send labeled packets
into the core. If the intended destination really has disappeared,
and restarted, what is the chance that such labeled packets
interfere with other unrelated services, just because of labels
being reused?

Quote from 3.1 of the draft:
The persist-timer
      should be set to a large value on the order of days to infinity.

Customers rely on the separation between VPN's. The "P" means private.
Anything that threatens that "P" should not be taken lightly.

I'm starting to imagine my video stream intrespersed with dzzt, zzt
from random packets being injected into it. How real is that?

-- 
Jakob Heitz.

v2.23.0 | Report a Bug | By Email