IETF Logo Mail Archive

Re: [Int-area] Eric Rescorla's No Objection on draft-ietf-intarea-probe-09: (with COMMENT)

Ron Bonica <rbonica@juniper.net> Wed, 13 December 2017 21:43 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 208A4128C81; Wed, 13 Dec 2017 13:43:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Po7E_bVi-rrn; Wed, 13 Dec 2017 13:43:35 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBCC1127369; Wed, 13 Dec 2017 13:43:35 -0800 (PST)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vBDLem1F016735; Wed, 13 Dec 2017 13:43:33 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=J2hhoKUtdM9MhQCWIu7sXilohuxdlHqvgqy2rI0KQEo=; b=pAY+HVVNGClvzptPTiqrOpZCGBMzQPP95BINAUdl90tfkM4oPkmYH9kAQMIcTbXQlBcH m4o70i7rzjTnXbW9T7Z0FoeoXRKQpDSMiRT1dRzGNkRj9lDaqGOkPkEt7K/cVKvA88f3 j1u93CBCpWK3VHii3qF4ZxFy5ImJmGI3QNDovSqoUAFIhPWCgeFtjZIrc4XjhnXQcYvC m8CNE+3jPZVwuW64NpUAcLbFwq5XzuP/uEqDM04o/sLA/tR/JwZPn5QQ7Qti1UBlHJx6 FyuetOkzs9YqvCbZpnBL8bfcHwRj66HaQ16VUXsoEyGTb8NvNMs+g3fPmugmI0VBbSdj Ng==
Received: from nam01-bn3-obe.outbound.protection.outlook.com (mail-bn3nam01lp0181.outbound.protection.outlook.com [216.32.180.181]) by mx0b-00273201.pphosted.com with ESMTP id 2euapkg81e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 13 Dec 2017 13:43:23 -0800
Received: from BLUPR0501MB2051.namprd05.prod.outlook.com (10.164.23.21) by BLUPR0501MB2050.namprd05.prod.outlook.com (10.164.23.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.323.4; Wed, 13 Dec 2017 21:43:20 +0000
Received: from BLUPR0501MB2051.namprd05.prod.outlook.com ([10.164.23.21]) by BLUPR0501MB2051.namprd05.prod.outlook.com ([10.164.23.21]) with mapi id 15.20.0323.011; Wed, 13 Dec 2017 21:43:20 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Eric Rescorla <ekr@rtfm.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-intarea-probe@ietf.org" <draft-ietf-intarea-probe@ietf.org>, Luigi Iannone <ggx@gigix.net>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>, "ggx@gigix.net" <ggx@gigix.net>, "int-area@ietf.org" <int-area@ietf.org>
Thread-Topic: Eric Rescorla's No Objection on draft-ietf-intarea-probe-09: (with COMMENT)
Thread-Index: AQHTc6g+tW20fOciNUynHVaa5fIyuaNBygAQ
Date: Wed, 13 Dec 2017 21:43:20 +0000
Message-ID: <BLUPR0501MB2051F3ACC596CA21B7AE537DAE350@BLUPR0501MB2051.namprd05.prod.outlook.com>
References: <151312445212.30031.10241103164330453479.idtracker@ietfa.amsl.com>
In-Reply-To: <151312445212.30031.10241103164330453479.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BLUPR0501MB2050; 6:5gHIwJC0l3DHk/DJKYIagmFqiNNYshvjCxTwz6zOK46XkAuA23bwjrJjgoI/zc27VhGRLkx5AZEhYOsX3ERfxOCqyQPH4P8iQ0vA8kud8wkbNOkENGPvnkxWa5Qps0utQ8vz6UGXb/X0xCQZGT69P2BDAhxMNF5nk3AE0vxUgyOOLE68CB0S/deO1+3+2w9KDK7/z/D+JmVEi9SnLmLn4QqsXvSh8Y+/othJXfg27liCkjtPYMEjTCtizZ9Klq+NMx6JkkJsXwkSHTZde2+9qykvAQsEFEIV2prIpp7ZLafIyYPS6dDCYG+6h49Z2Cm0mTz2/l/5NtqBs+859t0gBuU5rxqDxySz82vsrZ3mnY8=; 5:To9KJ7FhFPfPWayU7NrnkK9hWizMmr1lDnTnm4mDqSmCCF9OkDf2BjicGSnGocLu/RSzEMCh+J2lKCWV3tUIkTcaKkxpC2OajogzJko9lRbNGUqXFhEqijv67KtpJ/5O1buy1JBhWDgLjUR9RWz6OEpULUVUvULF9QJCUtvJfXg=; 24:tdLYDKHTvpWsDZvHxqKR4zLDHeJbwzaoNW7KjUo3H37n308Sk/9TX4pMDkXhDVO+bm+kgI1hyL7H86nN/wRAFMggli1szBVr9lcZQoi1Hio=; 7:ne0o8KBftG/bwOm2Q26miyXxQaYIDiPG2gtPUCmJU5F5Vql10RAKkGOCSShn/QXxYo+ShL3Sdcit8QKao4omupqknuQl/W5f8+WsgN/2RqclFJSLvjJTaU2ZTN8O2HO+o5ihYmVPhOhY9IRF1tcMd1kngA1xiIglJQzQbQX03oU+b0DIb2GPfHHBd24QZ8X7RkKbT1LiTo1TGcaRRs+62d4suWcopCIUB2q1uBMEv8YdOWjj1DVNF2tDeZ93GhOy
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 7e2597b5-2e8e-41bc-8bcd-08d542728756
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603307); SRVR:BLUPR0501MB2050;
x-ms-traffictypediagnostic: BLUPR0501MB2050:
x-microsoft-antispam-prvs: <BLUPR0501MB2050E2C3280064DDBB94F775AE350@BLUPR0501MB2050.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(20558992708506)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231023)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123564025)(6072148)(201708071742011); SRVR:BLUPR0501MB2050; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BLUPR0501MB2050;
x-forefront-prvs: 052017CAF1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(39860400002)(376002)(366004)(13464003)(189003)(199004)(51914003)(4326008)(7736002)(106356001)(2950100002)(6246003)(99286004)(110136005)(53546011)(105586002)(86362001)(229853002)(8936002)(3846002)(6116002)(25786009)(102836003)(54906003)(305945005)(7696005)(2906002)(76176011)(81156014)(68736007)(53936002)(14454004)(81166006)(2900100001)(59450400001)(5660300001)(74316002)(230783001)(33656002)(77096006)(3280700002)(478600001)(66066001)(6506007)(9686003)(3660700001)(6436002)(97736004)(316002)(8676002)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR0501MB2050; H:BLUPR0501MB2051.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e2597b5-2e8e-41bc-8bcd-08d542728756
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2017 21:43:20.6625 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0501MB2050
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-13_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1712130298
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/pBkduai-bpy44NlafI77_4sbfCU>
Subject: Re: [Int-area] Eric Rescorla's No Objection on draft-ietf-intarea-probe-09: (with COMMENT)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 21:43:38 -0000

Hi Eric,

Thanks for the review. Responses inline......

                        Ron


> -----Original Message-----
> From: Eric Rescorla [mailto:ekr@rtfm.com]
> Sent: Tuesday, December 12, 2017 7:21 PM
> To: The IESG <iesg@ietf.org>
> Cc: draft-ietf-intarea-probe@ietf.org; Luigi Iannone <ggx@gigix.net>;
> intarea-chairs@ietf.org; ggx@gigix.net; int-area@ietf.org
> Subject: Eric Rescorla's No Objection on draft-ietf-intarea-probe-09: (with
> COMMENT)
> 
> Eric Rescorla has entered the following ballot position for
> draft-ietf-intarea-probe-09: No Objection
[RB ] 
[snip]
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> I share Yaron Sheffer's concern about the incoming ACL. Do you really mean
> to list all the probe-capable nodes?
[RB ] 
The ACL doesn't list all probe-capable nodes. It is configure on a probe-capable node and it enumerates the prefixes from which it will accept an ICMP Extended Echo Request.

For example, assume that an ISP deploys PROBE capable software on its routers. By default, these routers won't accept an ICMP Extended Echo Request from anybody. The ISP will probably want to enable PROBE, but only if the ICMP Extended Echo Request comes from the NOC or from a few other trusted prefixes. So, the ISP will put those prefixes into the ACL.

I am thinking that the number of prefixes will typically be very small (e.g., the NOC).

> 
>    or IPv6 Neighbor Cache [RFC4861].  Otherwise, it reports that the
>    interface does not exist.
> Hmm... So you don't try to ping it yourself? That's interesting.
[RB ] 
The proxy node could ping the probed interface, but that would require the router to main state. We don't want to go there for scaling and security reasons.

Rather than doing that, PROBE looks for an entry in the ARP Table and Neighbor Cache. Prior version 08 of this draft, the proxy node assumed that the probed interface does not exist if it is not in the ARP Table and Neighbor Cache. IETF LC reviewers pointed out that this assumption is not safe. So now, the proxy node reports that the table entry does not exist. In no longer reports that the interface does not exist.

> 
>       the probed node.  The L-bit is clear if the probed interface is
>       directly connected to the probed node.
> Maybe I'm missing something here, but how does the probing node know?
> I.e., can it address by IP address and set L=0?
[RB ] 
This is a parameter to the Probe application. See the appendix.
> 
> View Inlinedraft-ietf-intarea-probe.txt:365
>       Ethernet is running on the probed interface.  Otherwise, the E-bit
>       is clear.
> This seems pretty limited. Does "WiFi" count for instance?
> 
[RB ] 
The E-bit was removed in response to last call comments

v2.23.0 | Report a Bug | By Email