[Isis-wg] Fingerprint generation issue-//FW: ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt

"Liubing (Leo)" <leo.liubing@huawei.com> Fri, 17 July 2015 07:28 UTC

Return-Path: <leo.liubing@huawei.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA2C11B3063 for <isis-wg@ietfa.amsl.com>; Fri, 17 Jul 2015 00:28:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZgX-16TNw7WE for <isis-wg@ietfa.amsl.com>; Fri, 17 Jul 2015 00:28:35 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 547431B2FD5 for <isis-wg@ietf.org>; Fri, 17 Jul 2015 00:28:34 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml401-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BYW31508; Fri, 17 Jul 2015 07:28:32 +0000 (GMT)
Received: from nkgeml405-hub.china.huawei.com (10.98.56.36) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 17 Jul 2015 08:28:30 +0100
Received: from NKGEML506-MBX.china.huawei.com ([169.254.3.44]) by nkgeml405-hub.china.huawei.com ([10.98.56.36]) with mapi id 14.03.0158.001; Fri, 17 Jul 2015 15:28:25 +0800
From: "Liubing (Leo)" <leo.liubing@huawei.com>
To: "isis-wg@ietf.org list" <isis-wg@ietf.org>
Thread-Topic: Fingerprint generation issue-//FW: ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt
Thread-Index: AQHQmsUvhOb/9lHMUk2S32rA0gaCAZ2+NYzwgBSD/NCACOMe8IACA39ggAHj7oA=
Date: Fri, 17 Jul 2015 07:28:24 +0000
Message-ID: <8AE0F17B87264D4CAC7DE0AA6C406F45C2212AE1@nkgeml506-mbx.china.huawei.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.117]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/Kt-jUyb5yHnytklFo0iVvpjXmFs>
Cc: "Les Ginsberg \(ginsberg\)" <ginsberg@cisco.com>, Martin Winter <mwinter@netdef.org>, David Lamparter <david@opensourcerouting.org>
Subject: [Isis-wg] Fingerprint generation issue-//FW: ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2015 07:28:36 -0000

Hi Dear all,

As discussed with Les as below, let me elaborate a bit more on the Fingerprint generation issue.

In section 3.3.3 in the draft, it lists some resources for generating distinguishers:
o  MAC address(es)
o  Configured IP address(es)
o  Hardware IDs (e.g.  CPU ID)
o  Device serial number(s)
o  System clock at a certain specific time
o  Arbitrary received packet

However, due to the feedback from the implementation team (as CCed), for small CPE boxes, at the initial stage only MAC address is available most of the time. 
So, it's reasonable to use MAC address as the Sys-id. For Fingerprint, it's tricky to generate high quality random numbers due to the lack of entropy.

For this reason, we defined a "Double-Duplication" resolution mechanism in the 04 version draft. At the time Double-Duplication is detected, the devices have been booted for some time, and there should be enough entropy to tiebreak the double-duplication.

Best regards,
Bing

-----Original Message-----
From: Liubing (Leo) 
Sent: Friday, July 17, 2015 2:41 PM
To: 'Les Ginsberg (ginsberg)'; isis-wg@ietf.org list
Subject: RE: ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt

> > [Bing] The logic is this:
> > 1. At the initial stage, there is not much entropy for generating a 
> > high quality Fingerprint. (This is the feedback from the 
> > implementation team.) 2. Then, very unfortunately, the sys-id and
> Fingerprint both duplicated.
> > 3. At the time the Double-Duplication is detected, there should be 
> > enough entropy (e.g. lots of random packets, LSP num etc.) to make 
> > tiebreaker of the duplication.
> > Does this sound reasonable for you?
> 
> [Les:] I would prefer that we define a robust fingerprint. This is not 
> that difficult.  If there are concerns about the difficulties please 
> make them public.

[Bing] It's not difficult to "define" one, but for small devices, there is some practical difficulties.
I'll initiate another thread to discuss this issue.