Re: [Ippm-ioam-ix-dt] IOAM DEX: Suggested Text to Address Security Concerns

Haoyu Song <haoyu.song@futurewei.com> Mon, 05 April 2021 16:45 UTC

Return-Path: <haoyu.song@futurewei.com>
X-Original-To: ippm-ioam-ix-dt@ietfa.amsl.com
Delivered-To: ippm-ioam-ix-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE1213A1F56 for <ippm-ioam-ix-dt@ietfa.amsl.com>; Mon, 5 Apr 2021 09:45:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UAzc-ZkaRXGu for <ippm-ioam-ix-dt@ietfa.amsl.com>; Mon, 5 Apr 2021 09:45:27 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2121.outbound.protection.outlook.com [40.107.236.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C93A3A1F54 for <ippm-ioam-ix-dt@ietf.org>; Mon, 5 Apr 2021 09:45:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m/Hmz6he2z1Jv0qFuUMTEF1BIPEyPf8lmksHcqu3h1ILB4WntD0vfd7RZ294j4BwoqDtgcvbXGJrBK6K98+EFbDKje0q7PBY1W+sGOQ2XqMLLwF5YZ7vZ0Iiz1GmN+IK53+gKNpSN7cLgx829Vp5jESwtWXB02/e3TxtuQkI7nvOBymGS//LIdQWMICDaVciWThn3QF8SOnko0u4r+swyA8GQBTRf3Cj7ml/VjCrLy83iNz2oiNTwH90j2HNvbordwtMeOKKGw8s8WZM1Gn1+7t29HYMnZbqWV7SUbxUQ9iNnHVfb+2aGW7hPU0ood1G8HbDENrHuK+nJarOku9I/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DdHo/XBeEoJzstVzY+IC7SJ7QtEfqUbkxFLpr8gNzl4=; b=cL287heizvTHgPoX5lMn7Y0tbjn5sXo/9eyd/ARQHIDasm0bVpCx0xn0SEx0hJVN8UeJ8AAvc6DAXZkDk2KCXrlJ7lwMGg859M1LxG7tzdwnjHww48IKgWg5pM88QTVGeHSsy6ctrkA72TzeJeHYo4KXzrmg/7PRnUBmP5Viz1JKhFEx+1nsnQSzm5H3mrirjhLMB3gcJH9BdyZ5QEEnTrIwZt4rwSPDvAsi64xfqb+fDgdAMOygqtOsVvH8JNrjwKe6C5bkTsMzD+HQVMQf7tRp26AqG1s0lsaEtUj+JLXc39ey6XN3hOtvXCyfoR2W2wzQmYagoAW4QwrsD6SttA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DdHo/XBeEoJzstVzY+IC7SJ7QtEfqUbkxFLpr8gNzl4=; b=oXqrKxWlCHC++o7L6E9bF9UQyUALXqPQ+7kqOTa3U/o/pCfNF4oo8FHrzcaxPcuIz26Fx7R9wOMydHYxmgd7vplNXKTMSfVYT6/a/KuZ+48swxRUhDeFbHkbH+b9YnTsGIEROf0Bxf86j/u+iSQM9owG5yA2P7xTHtF1LE7Gk+g=
Received: from DM6PR13MB2762.namprd13.prod.outlook.com (2603:10b6:5:13c::13) by DM6PR13MB3451.namprd13.prod.outlook.com (2603:10b6:5:1c3::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.8; Mon, 5 Apr 2021 16:45:24 +0000
Received: from DM6PR13MB2762.namprd13.prod.outlook.com ([fe80::a9c2:1087:cc9e:e9b8]) by DM6PR13MB2762.namprd13.prod.outlook.com ([fe80::a9c2:1087:cc9e:e9b8%2]) with mapi id 15.20.4020.016; Mon, 5 Apr 2021 16:45:24 +0000
From: Haoyu Song <haoyu.song@futurewei.com>
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>, "ippm-ioam-ix-dt@ietf.org" <ippm-ioam-ix-dt@ietf.org>
Thread-Topic: [Ippm-ioam-ix-dt] IOAM DEX: Suggested Text to Address Security Concerns
Thread-Index: AQHXKh9MYCaLqYz0Y0OVb6gUNJTRbaqmGqag
Date: Mon, 05 Apr 2021 16:45:23 +0000
Message-ID: <DM6PR13MB276257224A1080DDF12419999A779@DM6PR13MB2762.namprd13.prod.outlook.com>
References: <CABUE3XnzwsU4f0N_waqHONBrfUor_RCr=r_Ls97Bpbgb1BiwXQ@mail.gmail.com>
In-Reply-To: <CABUE3XnzwsU4f0N_waqHONBrfUor_RCr=r_Ls97Bpbgb1BiwXQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [2600:1700:38c4:650:a5c4:bbe7:27ef:8146]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 07fa88c7-d50a-4eee-b046-08d8f852357b
x-ms-traffictypediagnostic: DM6PR13MB3451:
x-microsoft-antispam-prvs: <DM6PR13MB34514C80E99DCD01C091D96D9A779@DM6PR13MB3451.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5q5FhCKGx7jbWnYBgXRC8L8dQ4jwpr/JhNDPYMzlvM71qpjD2x9sUS43Oc9NFEOliK4jVd73b0khVdFRQBDKJF9t3nbg0t8ibMd+U0P9VCK27MDomawFiH6bF3JP2equHeKdeHKCyZ/T9THEOZlu3pF40iiVXKyAGBFsCgprV4eVdybvZL1i7Bpz15Ez6vafiN96SkiZxodD2en/Phn9gCm9JpTC58K0DP9kJb3s5RQGAcuSYgg61QKPzBUAPj2ne9rOPMuCBRKknuBDtYW7fkxsjEPKEd1OlK/Dsac0Ea60CLUKlWbSwmso18g+6zlVhByuKee/2NVtOt72MAwLtOZP33B+BHyKApB/SGiBWCW2B9DskJgDnLmfgKGj07cdYCQKhTq8j2ZOesBFD0opdfPtWxYubMYtndc9+G9zvhHqiziZwRW1K+XgbzCUXQBfbadryY/wZuozKBcV3RHRtHgreSTmJjygUYEa+ov3L2HxDOlyBPNDKKg0cAbzqvlqSnATBaBZs9pTb3OSzS8qhNWgh9gq2V3lEFEbS//HxVSAjOYG2N5fwlIE6jydTMQdmFBlE04K2+HWs0J5yHArj60TR3Xd01M+otwcfP1sfRb16lrt3HUZiQojJrFnf7+O6ytLLtJUoJIObbzEkLVmi9oqCMCSqMZKdC6EJN9SBJsYkRN8TZnoPFz0hTZCkzJBMVNohQbkla4M2pFBjcMamL2M5xEWVh7GgVZUc1hR0O/Wk+5CJRwDOBEZgVb71bYI
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB2762.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(39840400004)(136003)(366004)(396003)(346002)(44832011)(966005)(71200400001)(5660300002)(33656002)(8936002)(86362001)(186003)(55016002)(316002)(6506007)(53546011)(83380400001)(9686003)(52536014)(7696005)(76116006)(2906002)(110136005)(66556008)(38100700001)(66476007)(45080400002)(66946007)(64756008)(66446008)(478600001)(15650500001)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: ADUnbmUEmBX4nnzsv8fP/EzeK3AyTBzNJStpb3yFFo0xN6RtJKJm86zjtbR0RKT/1TtVP6oSA/E8YhvBVAmxHJV9oLSs5rNcnjI7mumhA2HtHaOo5Oed9lMpeGPxq4NrU1iZS9p8XksjpRymNUxHDLrYfHLK++5QeDc04eUx1nkKmsTuPv2nmXWiDelMFWMjMS+yn0ho/tn6pEk9yYKaNPmVGM1NLCPLu2vkInK4GxmedBq8gb+XmnK+qPQvaSP7XDm6meaOXQaXq9EGfR+UFC/qR1NhcvV7fIgkm7w6T+xlR3RNBVL2qT4gT3WG8Vdbfa81n4gxYvavW1VxvcKhZYUSmQptBlO5rY746jco4BJ8s+BBdzhosgtOWPgZldyDgk2uYxfesBah1K6VDrIH1xQq5qL42/LLx1wB5x4UNmdcH1YPypgTEop4Pug7WE8Tn2u7nqHMtXFPap8ENyeDQY6IX86Uh0RL0oTiaspN4WpNuIjjlqhph81qAsZx5HNR5vJw4BbLRtbK70MApJZ7uczCHJ2DWaRQjb8WSKydGPU4FZJ/zvxjBiyOf6iQXwIDeC/I9eWJKHqcJhbi7sjYXozjOA0TDlP5h+vYLywDXflpID1uOCyo25C5T3axYXZKL/hJYPNuDx5SiurTNgBb+gaJ30XtcDD8egSODypRzZ+810diq8WD4K4tGpg12sm9fdhpxLTMzwjKkHvu5Sb1YuvU9HOTbPRJcgcfPg4Of9dFSKtDbeCmPUTh1+9EpKPvOYAxm3WGt3mhg3I93ddYPW8QOhXMV0gVkZT2CGkJZwIBzJHU7+UpBrshpQBUSncygUgruuIAHomctsqz1JbccYwt1dsJqviD1Az8T29PRYI6UaLPKOELp+zbeIk177WYgGMdyVtZgQ0QMwdYlLwKXOCc6g+xuFaJB0xRnM2wgxUYFIvi6gNNFdSu5mZZA8Ny1CRNXs8FBXVj6md4Ys9wl0QcB+Sw8vxB/GSalCLbYDPzUFGid8XAvAt5dFS/2CYGuz5DQ9SWI1UI8iuIKKS0E+pfsXh5urO12Gkh1SyUcsdVxopeWahJrpdXBgb0xsep0MKAno2icg9Qp8T3nD3d3QxsbGqvNbVcNXzIi5/XjS/6RFb0kvCoBWhS91NS77D0YdlSifT7C6h32tU4AfJUxmJQIlskOrU/U/QMThBnz/68IQEjqdTelOKRjG6PYVumZxKlNzRS2/oQB2ibFRYFD5FKKsWBKOiuPOpYMCnG3xREIpOCDUYPg7S/ySrbwCeWli93csuI3hZoil62LCA47MC8pZE5dLFJFHIFospvVdt60RnGzXL7hifUHf7ya4ggra4CZiAfaU0O+SWSUfqkdNIg6V9QAlmA7r5ihtN/3/+msm2eaop1s+zfHCnUKd2F
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR13MB2762.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 07fa88c7-d50a-4eee-b046-08d8f852357b
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2021 16:45:23.8831 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5K8T7ZnS57STOhVu/0gqKI3ZwBrDNNy+6fhMduvcvIPq3UX1zxdrg+vSHTbhYYBWv+JXOzJJr7JOM0kwuozqsQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB3451
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm-ioam-ix-dt/ugMmg8CzhpIiGYpeUWbLN52M5Do>
Subject: Re: [Ippm-ioam-ix-dt] IOAM DEX: Suggested Text to Address Security Concerns
X-BeenThere: ippm-ioam-ix-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPPM iOAM Immediate Export \(IX\) design team" <ippm-ioam-ix-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm-ioam-ix-dt>, <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm-ioam-ix-dt/>
List-Post: <mailto:ippm-ioam-ix-dt@ietf.org>
List-Help: <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm-ioam-ix-dt>, <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2021 16:45:31 -0000

Hi Tal,

Thanks for preparing the updates! I only have a few questions on the parameter N.
If we want to provide a parameter N, we may need to describe how it can be enforced. For example, 1/N may be a time average capacity, but what's the time interval then? If the time interval is large, then the DEX export traffic may still raise the concerns of  overload due to the bursts.
Also, you suggest N >> M and N >100 if M is unknown. What's the rationale behind these selections?  How much is considered ">>"?

I think another way to avoid network/bandwidth overload due to DEX is that a node can decide by itself to process or not process a packet with DEX option based on its local traffic condition. This can certainly cause the loss of some export data for some packet with DEX option, but it's adaptive to the local condition. Combining this with the head node selection rate limiting, we can fully address the overloading concern.  

Thanks!
Haoyu
-----Original Message-----
From: Ippm-ioam-ix-dt <ippm-ioam-ix-dt-bounces@ietf.org> On Behalf Of Tal Mizrahi
Sent: Monday, April 5, 2021 6:26 AM
To: ippm-ioam-ix-dt@ietf.org
Subject: [Ippm-ioam-ix-dt] IOAM DEX: Suggested Text to Address Security Concerns

Hi,

In response to the security concerns that were raised in IETF 110, I would like to propose the text edits below. I am raising this for discussion before I actually update the document.

Comments will be welcomed.

Thanks,
Tal.

OLD:
<t>As in <xref target="I-D.ietf-ippm-ioam-data"/>, the DEX option may be incorporated into all or a subset of the traffic that is forwarded by the encapsulating node. Moreover, IOAM nodes MAY export data for all traversing packets that carry the DEX option, or MAY selectively export data only for a subset of these packets.</t>

NEW:
<t>As in <xref target="I-D.ietf-ippm-ioam-data"/>, the DEX option can be incorporated into all or a subset of the traffic that is forwarded by the encapsulating node, as further discussed in <xref target="SelectionSec"/> below. Moreover, IOAM nodes either export data for all traversing packets that carry the DEX option, or selectively export data only for a subset of these packets, as further discussed in <xref target="ExportSec"/> below.</t>


OLD:

NEW:

<section anchor="SelectionSec" title="DEX Packet Selection">

<t>If an IOAM encapsulating node incorporates the DEX option into all the traffic it forwards it may lead to an excessive amount of exported data, which may overload the network and the receiving entity.
Therefore, IOAM nodes SHOULD incorporate the DEX option selectively into a subset of the packets that are forwarded through them.</t>

<t>Various methods of packet selection or sampling have been previously defined, such as <xref target="RFC7014"/> or <xref target="RFC5475"/>.
Similar techniques can be applied by an IOAM encapsulating node to apply DEX to a subset of the forwarded traffic.</t>

<t>The subset of traffic that is forwarded or transmitted with a DEX option SHOULD not exceed 1/N of the interface capacity on any of the IOAM encapsulating node's interface. It is noted that this requirement applies to the total traffic that incorporates a DEX option, including traffic that is forwarded by the IOAM encapsulating node and probe packets that are generated by the IOAM encapsulating node.
In this context N is a parameter that MAY be configurable by network operators. If M is an upper bound on the number of IOAM transit nodes in any path in the network, then it is RECOMMENDED to use an N such that N >> M. If there is no prior knowledge about the network topology or size, it is RECOMMENDED to use N>100.</t> </section>


OLD:
<t>The DEX option specifies which data fields should be exported, as specified in <xref target="OptionSec"/>.
The format and encapsulation of the packet that contains the exported data is not within the scope of the current document. For example, the export format can be based on <xref target="I-D.spiegel-ippm-ioam-rawexport"/>.</t>

NEW:

<section anchor="ExportSec" title="Exporting">

<t>The DEX option specifies which data fields should be exported, as specified in <xref target="OptionSec"/>.
The format and encapsulation of the packet that contains the exported data is not within the scope of the current document. For example, the export format can be based on <xref target="I-D.spiegel-ippm-ioam-rawexport"/>.</t>

<t>An IOAM node that performs DEX exporting MUST send the exported data to a pre-configured trusted receiving entity.</t>

<t>An IOAM node that performs DEX exporting SHOULD limit the rate of the exported packets so that it does not exceed 1/N of the interface capacity on any of the IOAM node's interfaces. As in the previous section, it is RECOMMENDED to use N>100.</t>

<t>Exported packets SHOULD not be exported over a path or a tunnel that is subject to IOAM direct exporting. This requirement is intended to prevent nested exporting and/or exporting loops.</t> </section>

--
Ippm-ioam-ix-dt mailing list
Ippm-ioam-ix-dt@ietf.org
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fippm-ioam-ix-dt&amp;data=04%7C01%7Chaoyu.song%40futurewei.com%7C35045da009b547e7607d08d8f8366d9f%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637532259948289136%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=hEyvdsOekNwNchLUGJ%2B%2BgYdShhkz6nV%2BU2bKHiyOq%2B0%3D&amp;reserved=0