IETF Logo Mail Archive

Re: Gen-ART Review of draft-ietf-trill-pseudonode-nickname-05

Sandra Murphy <sandy@tislabs.com> Mon, 31 August 2015 20:20 UTC

Return-Path: <sandy@tislabs.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 145AC1B4C6C; Mon, 31 Aug 2015 13:20:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fuQ3gDKJOH8e; Mon, 31 Aug 2015 13:20:49 -0700 (PDT)
Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3B5A1B5D0B; Mon, 31 Aug 2015 13:20:48 -0700 (PDT)
Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 42D4F28B0041; Mon, 31 Aug 2015 16:20:48 -0400 (EDT)
Received: from [IPv6:::1] (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id 223121F8051; Mon, 31 Aug 2015 16:20:48 -0400 (EDT)
Subject: Re: Gen-ART Review of draft-ietf-trill-pseudonode-nickname-05
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_1C9E37A0-7ABD-4CF4-9A43-665DC4CC5F5D"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <46A1A261-E9F4-414D-AAD8-9C85A8B53283@vigilsec.com>
Date: Mon, 31 Aug 2015 16:20:34 -0400
Message-Id: <09245052-ABC3-451F-B0F9-BAA1C4E1A5DC@tislabs.com>
References: <46A1A261-E9F4-414D-AAD8-9C85A8B53283@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/AVIaG4Q1j-M6ZXxZjG6Hs4W5Fso>
Cc: IETF Gen-ART <gen-art@ietf.org>, IETF <ietf@ietf.org>, draft-ietf-trill-pseudonode-nickname.all@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 20:20:51 -0000

On Aug 27, 2015, at 5:59 PM, Russ Housley <housley@vigilsec.com> wrote:

> 
> (3)  In Section 11, we learn that the VLAN membership of all the
> RBridge ports in an LAALP MUST be the same.  Any inconsistencies in
> VLAN membership may result in packet loss or non-shortest paths.
> Is there anything that can be added to the Security Considerations
> that can help avoid these inconsistencies?

Interesting.  In the trill draft I recently reviewed for secdir (draft-ietf-trill-aa-multi-attach) it makes a similar statement that VLAN membership had to be consistent across all ports on all RBridges in a LAALP.  In that draft, the consistency meant the VLANs could be left out of the protocol packet.

  All enabled VLANs MUST be consistent on all ports connected to an
  LAALP. So the enabled VLANs need not be included in the AA-LAALP-
  GROUP-RBRIDGES TRILL APPsub-TLV. They can be locally obtained from
  the port attached to that LAALP.

I wondered if the LAALP was responsible for ensuring the consistency.  If it is left to the operator configuration, that’s tough.  Turns out there’s a dynamic VLAN registration protocol (VRP), but I could not discover that it is doing a consistency check.

If the draft you are looking at implies inconsistency is a possibility, then it must be that neither the LAALP or VRP ensures the consistency.

—Sandy

v2.23.0 | Report a Bug | By Email