Re: [Idr] RFC-4893 handling malformed AS4_PATH attributes
Danny McPherson <danny@tcb.net> Mon, 15 December 2008 19:38 UTC
Return-Path: <idr-bounces@ietf.org>
X-Original-To: idr-archive@megatron.ietf.org
Delivered-To: ietfarch-idr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 44D423A680C; Mon, 15 Dec 2008 11:38:26 -0800 (PST)
X-Original-To: idr@core3.amsl.com
Delivered-To: idr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA68A28C0F2 for <idr@core3.amsl.com>; Mon, 15 Dec 2008 11:38:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.056
X-Spam-Level:
X-Spam-Status: No, score=-1.056 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8TNPQNgDhj+i for <idr@core3.amsl.com>; Mon, 15 Dec 2008 11:38:25 -0800 (PST)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by core3.amsl.com (Postfix) with ESMTP id 0A5F33A680C for <idr@ietf.org>; Mon, 15 Dec 2008 11:38:25 -0800 (PST)
Received: by dog.tcb.net (Postfix, from userid 0) id 687ED2684EA; Mon, 15 Dec 2008 12:38:18 -0700 (MST)
Received: from [192.168.0.100] (97-122-99-176.hlrn.qwest.net [97.122.99.176]) (authenticated-user danny) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; Mon, 15 Dec 2008 12:38:18 -0700 (MST) (envelope-from danny@tcb.net)
X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=97.122.99.176; client-port=62999; syn-fingerprint=65535:55:1:64:M1316,N,W3,N,N,T,S; data-bytes=0
Message-Id: <5340D990-F446-4C37-8307-1DB31ADF2273@tcb.net>
From: Danny McPherson <danny@tcb.net>
To: Enke Chen <enkechen@cisco.com>
In-Reply-To: <4946AC94.2080605@cisco.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Mon, 15 Dec 2008 12:38:17 -0700
References: <CD705FABA8532448AA1FB7A96C88FF140898F8A4@emailbng1.jnpr.net> <4D86C4C6-F7CD-46B9-ABBE-04530F4D1278@juniper.net> <164BE5B4-1A18-42D7-A11B-DE2056890C78@tcb.net> <4946AC94.2080605@cisco.com>
X-Mailer: Apple Mail (2.929.2)
Cc: Inter-Domain Routing List <idr@ietf.org>, quaizar.vohra@gmail.com
Subject: Re: [Idr] RFC-4893 handling malformed AS4_PATH attributes
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/idr>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: idr-bounces@ietf.org
Errors-To: idr-bounces@ietf.org
On Dec 15, 2008, at 12:14 PM, Enke Chen wrote: > > The issue of receiving unexpected AS_CONFED_xxx segment was actually > considered when we were working on the 4byte AS document before. The > thinking was that it's a generic issue with the confederation that > has been addressed by the confederation document. But it's not, because you're now tunneling these attributes in AS4_PATH and can result in *remote* non-adjacent session tear downs or even craft targeted attacks with such a behavior, not just adjacent eBGP speakers. > While the confederation document (RFC 5056) treats it as an error > condition to maintain the protocol correctness, the implementations > commonly just ignore the segments. "be conservative in what you > send, and be liberal in what you accept". I'm not sure what that means, are you saying that you propagate those segments and ignore the spec? or that you discard them and ignore the spec? If the latter, you're saying that's what you currently do, but the spec need not be updated to reflect this? And what if those segments were there because a broken generating implementation put them, rather than a confederation identifier, in the AS4_PATH attribute? Could this not result in routing information loops? Should the operator not be notified of this? Either way, I get the "people do stupid things, don't let them hurt you bit", but the fact that RFC 4893 enables this is a problem. -danny _______________________________________________ Idr mailing list Idr@ietf.org https://www.ietf.org/mailman/listinfo/idr
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… cayle.spandon
- [Idr] RFC-4893 handling malformed AS4_PATH attrib… Kaliraj Vairavakkalai
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Florian Weimer
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… cayle.spandon
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Jeffrey Haas
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Danny McPherson
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Kaliraj Vairavakkalai
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John Leslie
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John Leslie
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… John G. Scudder
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Enke Chen
- Re: [Idr] RFC-4893 handling malformed AS4_PATH at… Paul Jakma