IETF Logo Mail Archive

Re: [Ila] [5gangip] ILA forwaring [Was Re: Problem Statement]

Alberto Rodriguez-Natal <rodrigueznatal@gmail.com> Tue, 01 May 2018 21:59 UTC

Return-Path: <rodrigueznatal@gmail.com>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC7C1200C5; Tue, 1 May 2018 14:59:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ToKcLvr1FfM; Tue, 1 May 2018 14:59:27 -0700 (PDT)
Received: from mail-lf0-x230.google.com (mail-lf0-x230.google.com [IPv6:2a00:1450:4010:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56620126DFB; Tue, 1 May 2018 14:59:27 -0700 (PDT)
Received: by mail-lf0-x230.google.com with SMTP id z130-v6so18033946lff.5; Tue, 01 May 2018 14:59:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1oi57z8K8P690+538nKHmi6mR11CPmLC1CIKvohsbBQ=; b=a4JZ1wrGhlEItjSoZxO80Psl9eRVAw3NsJ5c1ucGSnAamffQoMRlzTOOTBEk1fS2V5 jKXi0hZDy3GOlzkcn2jS2ZmVpOYSWzv+m8h41hi6EowHw2D3xVkTs1o+igTT7s7MM67/ n66wORuGVx/tF5bNQMgIjjsZCRTd9EqPdYhlLDXxtWeqqgTwjmwOmGuP73m4cCMwh+Jf C/1hNPUVVDFd6sGz6tsNVrPVFhiAcZn57v7qs2ETIrJFs0WKEVnrN/qkETQMTzL5iwxi rIgSjRhKktMZldBBroA6pwpQaydWUPfvM0cNbVj1X49Qpsue7S5o5dPXt+UladyRST0C D8LA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1oi57z8K8P690+538nKHmi6mR11CPmLC1CIKvohsbBQ=; b=kRhTbDsj/k6ywgL+bQyXX6THA8/rViaWNg4rLHXb4joONDj8Cf1YnlEQ1BtpeN1o3L /SDK52d+QSbR5dSwr387xj0qbBy9w6ZElzHrdZwt0ov4ZnsmUYgVRco/gFFK/Gtnk6i4 mRRNj80hbnWAlN4H0TcDDPtlu2y9BIbG6U2VPjf/OXKuq3gxmkSRr7WmzG4bpkBpA8ad bNJFAvFjtYRrhhxpeGIS/CpALFveRwqkL3AyMVcz2s7/dLzMwpPtvSddZOeWrRS315ig 6Zu38E9Njrcrf6/jDgzDNzr+fPXYYk89l3xPpz4FJoKgisFl/Qeq3R0tNYrxsgLT5Ica z9BQ==
X-Gm-Message-State: ALQs6tAKsUuLyh+FuYwBJi8+cQQVG3qSGgQV4R92+9UtLhcLFs7tga4T aRQLLX1KloK0zhfKv32F9Ht+8FMsDf5TBDw0djDpxg==
X-Google-Smtp-Source: AB8JxZq8oyvkRy9ykmugMrXEn5VRodmulMQPzg3DhhktRb2ylZCq+WsiiF8K7EavKYVci9Ies4+CbD5/mcBf3dFgacY=
X-Received: by 2002:a2e:8705:: with SMTP id m5-v6mr12041511lji.62.1525211965485; Tue, 01 May 2018 14:59:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.31.18 with HTTP; Tue, 1 May 2018 14:59:05 -0700 (PDT)
In-Reply-To: <CALx6S34=Yeu3-hHTiVCOoQUM7KwvXPpGMmu8Ss-ZHeuOU6b7ug@mail.gmail.com>
References: <CALx6S37_oce-S0pEUgB8CpkWemcHhrb4HoDXUfPHZMGiokCqcA@mail.gmail.com> <253963a3-9e0b-2cb9-e216-745c6b99766c@joelhalpern.com> <CAPDqMeqsdG5FKtMaq9bjcJYDMw69Ow=OkeqMdba8aqRh9ayPrQ@mail.gmail.com> <08110014-adce-3f88-02d1-643871e46dcb@joelhalpern.com> <CALx6S34=Yeu3-hHTiVCOoQUM7KwvXPpGMmu8Ss-ZHeuOU6b7ug@mail.gmail.com>
From: Alberto Rodriguez-Natal <rodrigueznatal@gmail.com>
Date: Tue, 01 May 2018 14:59:05 -0700
Message-ID: <CA+YHcKF3z+LoVE=18HMgTNTpCN+23dDjkDx8bhZzWPdTeiX-_Q@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Cc: "Joel M. Halpern" <jmh@joelhalpern.com>, ila@ietf.org, Tom Herbert <tom@quantonium.net>, 5GANGIP <5gangip@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000068f912056b2c15ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/0puqZVPl08s6NAOMeU6mfGtptes>
Subject: Re: [Ila] [5gangip] ILA forwaring [Was Re: Problem Statement]
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2018 21:59:30 -0000

On Tue, May 1, 2018 at 10:16 AM, Tom Herbert <tom@herbertland.com> wrote:

> I think you've misunderstood my position. Caches are _very_ important
> to eliminate the cost triangular routing (latency, average path load).
> This reduces latency and reduces average load on ILA-Rs. But, and this
> is the critical part, caches are only an _optimization_ in ILA. That
> means if the cache is rendered ineffective (like by a well crafted DOS
> attack) then the only effect is that the optimization is loss (i.e.
> greater latency due to triangular router)-- this is quantitively the
> worst effect of the attack on an ILA cache. This can be contrasted
> that to LISP where the worst case effects of a DOS attack on the cache
> is loss of service for users (infinite latency since packets can be
> dropped or indefinitely blocked on a cache miss).
>

This can be misleading. This is not comparing LISP vs ILA, this is
comparing the models of Request/Reply at the edge vs Notifications (aka
Redirects) at the core. Both LISP-CP and ILAMP support these two models.

Besides, this is assuming an scenario where the only feasible DOS
mitigation is absorbing the attack. There are other scenarios where other
countermeasures are possible. For instance, if you have a deployment where
you can prevent address spoofing, counting and blocking misbehaving nodes
offers similar DOS protection and requires way less infrastructure
resources.

Alberto

v2.23.0 | Report a Bug | By Email