Re: [Int-area] Eric Rescorla's No Objection on draft-ietf-intarea-probe-09: (with COMMENT)
Eric Rescorla <ekr@rtfm.com> Wed, 13 December 2017 22:16 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 949EC128854 for <int-area@ietfa.amsl.com>; Wed, 13 Dec 2017 14:16:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vyYpdXeBddmJ for <int-area@ietfa.amsl.com>; Wed, 13 Dec 2017 14:16:40 -0800 (PST)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 417F61205F0 for <int-area@ietf.org>; Wed, 13 Dec 2017 14:16:38 -0800 (PST)
Received: by mail-yb0-x22c.google.com with SMTP id z11so2042410ybm.1 for <int-area@ietf.org>; Wed, 13 Dec 2017 14:16:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ar6pBxbLT8JNMgDv/1BNK5U7YZP/6wx26zj/1YPdRzY=; b=s+YbxQzzF4xclwrf4C2xRzF2W45hNBJNEB/6yGPBadBBuCjGqdktYlBUFBdcHVgQH3 jk/g8KKZfwrcPO8fJRljlywaOuSbY+70i6WNe1lc6nnjf8I9Ezp6Hex5GNg/uEQF2Xnn xoNzwSJFYTFZ36sMyqsxbSTgk3vi5/ORoe1oqErfFWfbEBYEMjqlEEgJJyGNMvkkODlY y64LDNAuXs1Elbj65QChQW/F+X9Y9RuyKRSxAdPfmy1naLg9tw/0QZRiKYYASDVboujR evonweEhmYMRzUWlUhHLMxoSlbumNxVm9qk6TvJHoZsOF+BMTOiOGFtAHJniSLE0pYnO YaFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ar6pBxbLT8JNMgDv/1BNK5U7YZP/6wx26zj/1YPdRzY=; b=HBQebMKPEe2ozjGCSETdb08VcT20sDf7vFPOiRrILBRbD7SFaPXyaaUjsIZFKjl8hF KGARymqC1LBymyrrSN4ZKVsscM9HzZugUuKtiDPF3Gw1ech3Mty5Z1SoKVV/Ub1uw92V G/sW38hFPYV9yrFsRMlJOk/y0ftRmySD9o+sTGV9zjufOzYeI1J3BLw4JbVgU0+rqnhO uC1gWJ5uwYEkNzsBK/W/+KPto+pTeez9ukohEskeKDBNqx6xHP0cwmFhUQ9OSZ8ZMSzx SuFpuF+EMsjf1ZhwiQuVln8v5ENp6SBUScDp5osievrA9tsYmpLQnKlEk8vxv+taNhUO ak3g==
X-Gm-Message-State: AKGB3mIOko/P178st14zsWCe5KUfMhTHgDcTkbPDX7QlUYxZMyDX/ch5 cwTxgISAJq8UhDWF8QBPWWHucgkaicT53SUVHM1bPg==
X-Google-Smtp-Source: ACJfBotyMWb1/qgW4yNwYkuC7VMDMkNiaPz8X4zRaNl1rgrfmqKv6FTJKwalrj6/RTzr7Bgx0O62lDJGW5u9n4U8kWs=
X-Received: by 10.37.224.215 with SMTP id x206mr3010053ybg.200.1513203397430; Wed, 13 Dec 2017 14:16:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.123.132 with HTTP; Wed, 13 Dec 2017 14:15:56 -0800 (PST)
In-Reply-To: <BLUPR0501MB2051F3ACC596CA21B7AE537DAE350@BLUPR0501MB2051.namprd05.prod.outlook.com>
References: <151312445212.30031.10241103164330453479.idtracker@ietfa.amsl.com> <BLUPR0501MB2051F3ACC596CA21B7AE537DAE350@BLUPR0501MB2051.namprd05.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 13 Dec 2017 14:15:56 -0800
Message-ID: <CABcZeBMOki4kyimav+XSjeOyJww8XoToMtO_QEDe0TmJUc9W-A@mail.gmail.com>
To: Ron Bonica <rbonica@juniper.net>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-intarea-probe@ietf.org" <draft-ietf-intarea-probe@ietf.org>, Luigi Iannone <ggx@gigix.net>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c086896fa27420560401e17"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/lBhO-h3r1F_2v38Bt6E9e87yloQ>
Subject: Re: [Int-area] Eric Rescorla's No Objection on draft-ietf-intarea-probe-09: (with COMMENT)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 22:16:42 -0000
On Wed, Dec 13, 2017 at 1:43 PM, Ron Bonica <rbonica@juniper.net> wrote: > Hi Eric, > > Thanks for the review. Responses inline...... > > Ron > > > > -----Original Message----- > > From: Eric Rescorla [mailto:ekr@rtfm.com] > > Sent: Tuesday, December 12, 2017 7:21 PM > > To: The IESG <iesg@ietf.org> > > Cc: draft-ietf-intarea-probe@ietf.org; Luigi Iannone <ggx@gigix.net>; > > intarea-chairs@ietf.org; ggx@gigix.net; int-area@ietf.org > > Subject: Eric Rescorla's No Objection on draft-ietf-intarea-probe-09: > (with > > COMMENT) > > > > Eric Rescorla has entered the following ballot position for > > draft-ietf-intarea-probe-09: No Objection > [RB ] > [snip] > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I share Yaron Sheffer's concern about the incoming ACL. Do you really > mean > > to list all the probe-capable nodes? > [RB ] > The ACL doesn't list all probe-capable nodes. It is configure on a > probe-capable node and it enumerates the prefixes from which it will accept > an ICMP Extended Echo Request. > > For example, assume that an ISP deploys PROBE capable software on its > routers. By default, these routers won't accept an ICMP Extended Echo > Request from anybody. The ISP will probably want to enable PROBE, but only > if the ICMP Extended Echo Request comes from the NOC or from a few other > trusted prefixes. So, the ISP will put those prefixes into the ACL. > > I am thinking that the number of prefixes will typically be very small > (e.g., the NOC). > Thanks. > or IPv6 Neighbor Cache [RFC4861]. Otherwise, it reports that the > > interface does not exist. > > Hmm... So you don't try to ping it yourself? That's interesting. > [RB ] > The proxy node could ping the probed interface, but that would require the > router to main state. We don't want to go there for scaling and security > reasons. > > Rather than doing that, PROBE looks for an entry in the ARP Table and > Neighbor Cache. Prior version 08 of this draft, the proxy node assumed that > the probed interface does not exist if it is not in the ARP Table and > Neighbor Cache. IETF LC reviewers pointed out that this assumption is not > safe. So now, the proxy node reports that the table entry does not exist. > In no longer reports that the interface does not exist. > OK. > the probed node. The L-bit is clear if the probed interface is > > directly connected to the probed node. > > Maybe I'm missing something here, but how does the probing node know? > > I.e., can it address by IP address and set L=0? > [RB ] > This is a parameter to the Probe application. See the appendix. > I did note that. It seems kind of limited, but it's your choice, obviously -Ekr
- [Int-area] Eric Rescorla's No Objection on draft-… Eric Rescorla
- Re: [Int-area] Eric Rescorla's No Objection on dr… Ron Bonica
- Re: [Int-area] Eric Rescorla's No Objection on dr… Eric Rescorla