Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt

prz <prz@zeta2.ch> Mon, 06 July 2015 21:55 UTC

Return-Path: <prz@zeta2.ch>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7252A1A1B7D for <isis-wg@ietfa.amsl.com>; Mon, 6 Jul 2015 14:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.981
X-Spam-Level:
X-Spam-Status: No, score=0.981 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RDNS_DYNAMIC=0.982] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SshYphMmvzHn for <isis-wg@ietfa.amsl.com>; Mon, 6 Jul 2015 14:55:19 -0700 (PDT)
Received: from zeta2.ch (zux172-086.adsl.green.ch [80.254.172.86]) by ietfa.amsl.com (Postfix) with ESMTP id 073121A1A56 for <isis-wg@ietf.org>; Mon, 6 Jul 2015 14:55:18 -0700 (PDT)
Received: from www.zeta2.ch (localhost [127.0.0.1]) (Authenticated sender: prz) by zeta2.ch (Postfix) with ESMTPA id C17FF18E2D; Mon, 6 Jul 2015 23:55:15 +0200 (CEST)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Date: Mon, 06 Jul 2015 14:55:15 -0700
From: prz <prz@zeta2.ch>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
In-Reply-To: <F3ADE4747C9E124B89F0ED2180CC814F594897C5@xmb-aln-x02.cisco.com>
References: <770_1436211470_559AD90E_770_16843_1_36185c15-983d-4b98-8b77-109c5a808142@OPEXCLILMA2.corporate.adroot.infra.ftgroup> <209a2aab5b750fd710592ab775396fedb395204e@webmail.genotec.ch> <F3ADE4747C9E124B89F0ED2180CC814F594897C5@xmb-aln-x02.cisco.com>
Message-ID: <99ac20d37abca6611bceeca8cc1b761e@zeta2.ch>
X-Sender: prz@zeta2.ch
User-Agent: Roundcube Webmail/0.4.2
X-MailScanner-ID: C17FF18E2D.A2057
X-MailScanner: Found to be clean
X-MailScanner-SpamScore: s
X-MailScanner-From: prz@zeta2.ch
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/9E27gXkXLrBCoCvCyOjJ7QQIYnU>
X-Mailman-Approved-At: Thu, 09 Jul 2015 02:56:27 -0700
Cc: bruno.decraene@orange.com, SCHMITZ Christof IMT/OLN <christof.schmitz@orange.com>, isis-wg@ietf.org
Subject: Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 21:55:20 -0000

 On Mon, 6 Jul 2015 21:47:41 +0000, "Les Ginsberg (ginsberg)" 
 <ginsberg@cisco.com> wrote:
> Tony –
>
> Sounds like you are proposing that the LSP be modified when it is
> flooded – whether it be using an optional TLV as in RFC 3358 or some
> other means. This is a significant change to the Update Process and
> will have an impact on the existing checksum and crypto hash
> calculations as well. This in turn will affect how to determine
> whether LSPDBs are synced.

 Les, fully agreed, I think I allured in my email that it ain't gonna 
 come cheap. Yepp, it would be a signifcant change.

 agreeing fully with the rest of your email.


 --- tony

>
> I think there are safe solutions that don’t have interoperability
> issues – but I think the first question to be answered is whether WG
> agrees that this is a problem worth solving.
>
> There are two motivations for solving this:
>
> 1)Protection against the odd form of corruption that could occur due
> to malfunctioning hardware/software
>
> 2)Protection against an attacker who could create LSP storms by
> modifying the Remaining Lifetime of LSPs as they fly by.
>
> (As always in the case of IGPs, an attacker has to be inside the
> network to accomplish such an attack.)
>
> If you find the problem worthwhile to solve I think we can safely do
> so.
>