Re: [Isis-wg] [Technical Errata Reported] RFC5309 (5007)

Alexander Vainshtein <Alexander.Vainshtein@ecitele.com> Sun, 30 April 2017 15:52 UTC

Return-Path: <Alexander.Vainshtein@ecitele.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E2E129486 for <isis-wg@ietfa.amsl.com>; Sun, 30 Apr 2017 08:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.38
X-Spam-Level:
X-Spam-Status: No, score=-6.38 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=eci365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74sQ2VFJibiY for <isis-wg@ietfa.amsl.com>; Sun, 30 Apr 2017 08:52:47 -0700 (PDT)
Received: from mail1.bemta6.messagelabs.com (mail1.bemta6.messagelabs.com [193.109.254.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D9E71293DF for <isis-wg@ietf.org>; Sun, 30 Apr 2017 08:51:05 -0700 (PDT)
Received: from [193.109.255.99] by server-5.bemta-6.messagelabs.com id 1E/74-03371-7E706095; Sun, 30 Apr 2017 15:51:03 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTe0hTURzHOzu7dzfxynFa/lpGOSkiH6iFXKL C7LWgoGgFRlHXum3DPWx3ygqiFWQ+oqIXcw1U1KKH1SqtKClNI80M8xFlCx+lvSALpESzdr1Z dv/6nO/3+zu/87ucw2D1D1rDCE6HYLfyZi0dpFwQlbI1rk9FpyW0DYZy37qfY274xADmfg5VI u7MjRrMteYXqLhrIz4VV/PYhbn62i8U13yP5g7eH6RTgnSH+qop3YdjXqR74y9V6E4N+yjdHY 9fpeu5tU1XVjak0LlyHlHrmM2UyZpuc26njMX9XarM9sfI2dXro11oxIfyURCjJDkYfl7tp6S FmpxQgK+zjZYXXQgedhYq8tFkhiaL4folf8BgmHCSBKX9MVIGk0IMeSdrKCkTRpbC0XOdKonD SSoUDTRhmReC94V3TFeS2VDnqqclZskWaPAWYWlPNdkNJS0JkjyZrICRxg6lxIhMhe+Nl8eOg EkEvHpbNMZACJTde4ZlngIfekfHBkCkAEFHz3FaNqLA/UbuC+QIhhZfhtQLyFoYujlPxmi4+X 6rVArEiyC3vg/J8QxoqihXjvPVd1VYDr1SwKj//B8jEjrquv8UXKPh+xOD/B804G/LQzJHwvv X1ZQ8gBW8ubLOklBoKHyrPI7meCbM5pkQ80yIyXosFN/9RsscA+dKPuFxbnrQq5ioFyPVRTRX FOzZgj1uflJ8ut1kMDosvMkcl5iQHG8RRJE3CGY+XYzfYbNcR4EbOSnw3UZPrqyvRdMYhXYK2 x1DpalD0m079xh50bjNnmUWxFoUyTBaYFtoOk0dahcMgnOXyRy41uM2MMHacLZKslkxk7eIJo NsNaIoTQR7QDKIZBizrH/Lxh/EczRDE8aiwEHUwZmC3WJy/O9/RBEM0oax0wPvRh1ssjr+7v4 x0FgRaLx/jlJq7OD/WRoXik4pX5u4S59clzuQP3X/2S7tkupFX3/tq/TM3FQanZQy2HzYfTQk /vPLVUMV2c2zsm3tefoeN15exQ9W0q/Touc25LQuvrihqrgod82yDRun+deMhq42JQ/Heh+o9 15IDUl1nv6kWtmXlaRvDtGv9roPFTx6qvckuitPLcjYbSuPrdAqRSOfOA/bRf43lSeNsQsEAA A=
X-Env-Sender: Alexander.Vainshtein@ecitele.com
X-Msg-Ref: server-12.tower-48.messagelabs.com!1493567459!57011724!1
X-Originating-IP: [52.33.64.93]
X-StarScan-Received:
X-StarScan-Version: 9.4.12; banners=ecitele.com,-,-
X-VirusChecked: Checked
Received: (qmail 1193 invoked from network); 30 Apr 2017 15:51:01 -0000
Received: from ec2-52-33-64-93.us-west-2.compute.amazonaws.com (HELO EUR03-AM5-obe.outbound.protection.outlook.com) (52.33.64.93) by server-12.tower-48.messagelabs.com with AES256-SHA256 encrypted SMTP; 30 Apr 2017 15:51:01 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ECI365.onmicrosoft.com; s=selector1-ecitele-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6d4ihQvPHRMwBApZ4TLbqDQy83+wO7Z8LEDCmqci8/o=; b=KIu/w0kU1wMGb7le10l8qizpdSwVr6vUa/PxY7QHZ3Xwmg+2PO6Q50L+70HHMIwfd622cn0Xry2qXO5BLlFtJCLNILxcIEQ/EVraazJutbdEaitSgeriMYm5MYBFDGsgDQxfGBPxqJ7aHGu4uOoO/iaxC5eJo/KudvRB2oJjccI=
Received: from AM4PR03MB1713.eurprd03.prod.outlook.com (10.167.88.15) by AM4PR03MB1716.eurprd03.prod.outlook.com (10.167.88.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.13; Sun, 30 Apr 2017 15:50:57 +0000
Received: from AM4PR03MB1713.eurprd03.prod.outlook.com ([fe80::dd45:832a:e658:e737]) by AM4PR03MB1713.eurprd03.prod.outlook.com ([fe80::dd45:832a:e658:e737%14]) with mapi id 15.01.1047.019; Sun, 30 Apr 2017 15:50:57 +0000
From: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
CC: "isis-wg@ietf.org" <isis-wg@ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>, "Naiming Shen (naiming)" <naiming@cisco.com>, "alex.zinin@alcatel-lucent.com" <alex.zinin@alcatel-lucent.com>, "akatlas@gmail.com" <akatlas@gmail.com>, "db3546@att.com" <db3546@att.com>, "Alvaro Retana (aretana)" <aretana@cisco.com>, "chopps@chopps.org" <chopps@chopps.org>, "hannes@gredler.at" <hannes@gredler.at>
Thread-Topic: [Isis-wg] [Technical Errata Reported] RFC5309 (5007)
Thread-Index: AQHSwYoCxBhcZtgLd0CoSDR/tVhrP6Hd9k4AgAAWr1A=
Date: Sun, 30 Apr 2017 15:50:57 +0000
Message-ID: <AM4PR03MB171368B3A0BC936159ABE14A9D150@AM4PR03MB1713.eurprd03.prod.outlook.com>
References: <20170430081555.026C1B8183C@rfc-editor.org> <bd426412060143b18b888f9fb9135728@XCH-ALN-001.cisco.com>
In-Reply-To: <bd426412060143b18b888f9fb9135728@XCH-ALN-001.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.234.241.1]
x-microsoft-exchange-diagnostics: 1; AM4PR03MB1716; 7:fQ528AiytcZlwwCJBEf9EOr9POxTu0HDKzqGWe4sl3BAHHfthlkmaaGu8LGxsAnbKBbLTvf+mfyix7Y98Uc2QCkVRkLEazrpD3VuQDq0+VGX9nA5b0xvigNkEZjVSN69Xvp+HGXeEbQJZap4A3/+4qMMnTXB2z9rk6rXe+CKSbg8Qg08EZvRspqXq/ITbxnaLghW1cOKkubEIIJko35E0ULX+QMoc+dfrgAp5yNNeEHrscqmThgyVufJBRi5S2UMcTulHP8wyNhv2+fNczSPTidmNp3lmj2iWcBObqRzesWoG5oaoQ/qOm8g47tbN/jb2wQImQmh84nOlFjwR4oXVw==
x-ms-office365-filtering-correlation-id: aef96e95-39f6-452c-6030-08d48fe0b121
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081)(201702281549075); SRVR:AM4PR03MB1716;
x-microsoft-antispam-prvs: <AM4PR03MB1716959FBE9098B048ECE8089D150@AM4PR03MB1716.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(97927398514766)(95692535739014)(21748063052155)(279101305709854);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123560025)(20161123564025)(20161123562025)(20161123555025)(6072148); SRVR:AM4PR03MB1716; BCL:0; PCL:0; RULEID:; SRVR:AM4PR03MB1716;
x-forefront-prvs: 0293D40691
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400002)(39450400003)(39400400002)(39410400002)(39840400002)(377454003)(252514010)(13464003)(85664002)(5890100001)(99286003)(6116002)(7416002)(15188155005)(33656002)(16799955002)(54896002)(790700001)(6506006)(55016002)(508600001)(9686003)(966004)(53936002)(5250100002)(102836003)(76176999)(6306002)(50986999)(6246003)(236005)(66066001)(3846002)(54356999)(606005)(8936002)(6436002)(8676002)(86362001)(189998001)(7736002)(53546009)(54906002)(5660300001)(74316002)(3280700002)(7906003)(7696004)(2950100002)(25786009)(110136004)(81166006)(6916009)(2900100001)(3660700001)(4326008)(38730400002)(229853002)(39060400002)(2906002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR03MB1716; H:AM4PR03MB1713.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR03MB171368B3A0BC936159ABE14A9D150AM4PR03MB1713eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ecitele.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2017 15:50:57.1892 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2c514a61-08de-4519-b4c0-921fef62c42a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR03MB1716
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/isis-wg/rB4lrMEZgHJIT0rT7dwZGRUD3mo>
Subject: Re: [Isis-wg] [Technical Errata Reported] RFC5309 (5007)
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Apr 2017 15:52:50 -0000

Les,

Lots of thanks for a prompt response.



As I see it, the difference between the P2P and LAN modes is essential for OSPF:

- If an OSPF interface is a LAN (broadcast) interface, there is a check of the same subnet for received Hello packets. If the received Hello packets do not pass this check, they are discarded and an error is reported via SNMP.

- However, if an OSPF interface is a P2P interface, then the subnet check on the Hello packets is bypassed  by design as defined in Section 10.5 of RFC 2328:



                     The generic input processing of OSPF packets will

        have checked the validity of the IP header and the OSPF packet

        header.  Next, the values of the Network Mask, HelloInterval,

        and RouterDeadInterval fields in the received Hello packet must

        be checked against the values configured for the receiving

        interface.  Any mismatch causes processing to stop and the

        packet to be dropped.  In other words, the above fields are

        really describing the attached network's configuration. However,

        there is one exception to the above rule: on point-to-point

        networks and on virtual links, the Network Mask in the received

        Hello Packet should be ignored.



I.e., having different subnets on two ends of a PPP link would not cause any problems for OSPF - the adjacency would be successfully recognized, it would progress to its FULL state, and unicast traffic would cross such a link without any problem.



But if we have a P2P-over-LAN link (which is the case for RFC 5309), the result would be quite different - unless the ARP implementations go beyond what 5309 says and relax the check for all such links, be they numbered or unnumbered.



Do I miss something substantial here?







Regards,

Sasha



Office: +972-39266302

Cell:      +972-549266302

Email:   Alexander.Vainshtein@ecitele.com





-----Original Message-----
From: Les Ginsberg (ginsberg) [mailto:ginsberg@cisco.com]
Sent: Sunday, April 30, 2017 5:19 PM
To: RFC Errata System <rfc-editor@rfc-editor.org>rg>; Naiming Shen (naiming) <naiming@cisco.com>om>; alex.zinin@alcatel-lucent.com; akatlas@gmail.com; db3546@att.com; Alvaro Retana (aretana) <aretana@cisco.com>om>; chopps@chopps.org; hannes@gredler.at
Cc: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>om>; isis-wg@ietf.org
Subject: RE: [Isis-wg] [Technical Errata Reported] RFC5309 (5007)



Alexander -



I am not speaking for the RFC authors, but regarding your point:



> o          Are assigned with IP addresses and subnet masks yielding different

> subnets



I fail to see why this issue is unique to (or associated with) running in P2P mode.



The unnumbered case is specifically mentioned because in such a case it can be expected that the next hop address will be a loopback address and therefore there will be no common subnet.

But in the numbered case whether you have one neighbor in P2P mode or many neighbors in multi-access mode the msimatched subnet issue is the same. Therefore I see no reason why these RFCs should discuss it.



???



   Les





> -----Original Message-----

> From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of RFC

> Errata System

> Sent: Sunday, April 30, 2017 1:16 AM

> To: Naiming Shen (naiming); alex.zinin@alcatel-lucent.com<mailto:alex.zinin@alcatel-lucent.com>;

> akatlas@gmail.com<mailto:akatlas@gmail.com>; db3546@att.com<mailto:db3546@att.com>; Alvaro Retana (aretana);

> chopps@chopps.org<mailto:chopps@chopps.org>; hannes@gredler.at<mailto:hannes@gredler.at>

> Cc: Alexander.Vainshtein@ecitele.com<mailto:Alexander.Vainshtein@ecitele.com>; isis-wg@ietf.org<mailto:isis-wg@ietf.org>;

> rfc-editor@rfc- editor.org

> Subject: [Isis-wg] [Technical Errata Reported] RFC5309 (5007)

>

> The following errata report has been submitted for RFC5309,

> "Point-to-Point Operation over LAN in Link State Routing Protocols".

>

> --------------------------------------

> You may review the report below and at:

> http://www.rfc-editor.org/errata_search.php?rfc=5309&eid=5007

>

> --------------------------------------

> Type: Technical

> Reported by: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com<mailto:Alexander.Vainshtein@ecitele.com>>

>

> Section: 4.3

>

> Original Text

> -------------

> For the ARP implementation (which checks that the subnet of the source

> address of the ARP request matches the local interface address), this

> check needs to be relaxed for the unnumbered p2p-over-lan circuits.

>

> Corrected Text

> --------------

> For the ARP implementation (which checks that the subnet of the source

> address of the ARP request matches the local interface address), this

> check needs to be relaxed for the p2p-over-lan circuits (both numbered

> and unnumbered).

>

> Notes

> -----

> Consider the following situation:

> 1.         Two routers, R1 and R2, are connected by a physical P2P  Ethernet

> link

> 2.         OSPFv2 is enabled on the interfaces representing the endpoints of

> this link.

> 3.      From the OSPF POV these interfaces:

> o          Are configured as P2P

> o          Belong to the same area

> o          Are assigned with IP addresses and subnet masks yielding different

> subnets

> 4.    ARP check mentioned in the problematic text is not relaxed.

>

> Under this conditions:

> -Both R1 and R2 will accept Hello messages sent by the other router

> (becase it ignores subnet in Hello messages received via P2P

> interfaces)

> - Adjacency between R1 and R2 will progress to FULL state (because all

> OSPFv2 messages will be sent with AllSPFRouters multicast IPv4

> address)

> - Unicast traffic sent by R1 to R2 (and vice versa) will be blackholed

> because ARP will not resolve addresses assigned to the corresponding interfaces.

>

> Instructions:

> -------------

> This erratum is currently posted as "Reported". If necessary, please

> use "Reply All" to discuss whether it should be verified or rejected.

> When a decision is reached, the verifying party can log in to change

> the status and edit the report, if necessary.

>

> --------------------------------------

> RFC5309 (draft-ietf-isis-igp-p2p-over-lan-06)

> --------------------------------------

> Title               : Point-to-Point Operation over LAN in Link State Routing

> Protocols

> Publication Date    : October 2008

> Author(s)           : N. Shen, Ed., A. Zinin, Ed.

> Category            : INFORMATIONAL

> Source              : IS-IS for IP Internets

> Area                : Routing

> Stream              : IETF

> Verifying Party     : IESG

>

> _______________________________________________

> Isis-wg mailing list

> Isis-wg@ietf.org<mailto:Isis-wg@ietf.org>

> https://www.ietf.org/mailman/listinfo/isis-wg

___________________________________________________________________________

This e-mail message is intended for the recipient only and contains information which is 
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this 
transmission in error, please inform us by e-mail, phone or fax, and then delete the original 
and all copies thereof.
___________________________________________________________________________