IETF Logo Mail Archive

Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt

Tony Przygienda <tonysietf@gmail.com> Tue, 21 July 2015 16:54 UTC

Return-Path: <tonysietf@gmail.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA94D1A8EA9 for <isis-wg@ietfa.amsl.com>; Tue, 21 Jul 2015 09:54:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_24=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4mQcirzLLPa for <isis-wg@ietfa.amsl.com>; Tue, 21 Jul 2015 09:54:30 -0700 (PDT)
Received: from mail-ig0-x234.google.com (mail-ig0-x234.google.com [IPv6:2607:f8b0:4001:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 042F01A0197 for <isis-wg@ietf.org>; Tue, 21 Jul 2015 09:54:30 -0700 (PDT)
Received: by igbpg9 with SMTP id pg9so68349821igb.0 for <isis-wg@ietf.org>; Tue, 21 Jul 2015 09:54:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ckDD3M3AvZoTLnHC8HnuSwdu/hxHr1fzcDf4dHnpbqI=; b=m1YWEmnTMjMgUGBR5Ha3SFmU5cmN2QUV7fe0ggryasHcJJ5dStiQWUEAUJFWBJtaFx Ey52YOzcFkP7+TzPXDrhY/70ayU6m8iSosxL7cq0f/JM48KVfXC0qYSaOteEht9FfqjT B7l/9enTZnsPfgVhIJ7JXY05VAh8DxXv7bIwTaAPOXqC+Bn75XL6qEmrE0yPNTwth/F+ iDbj4z6ekOaGAx8t/DZbGgUbctjvtfN3ey4N+z5IUBPGH6KtNOXC2lYCgQhX+YLaWPQv MIH2RLFaoY30s9Q3GCB6XnObi+6KfZXpLOQGqJSji/SIHPTHX0A5nFD9Kfat86dXbzQ4 /wKQ==
MIME-Version: 1.0
X-Received: by 10.50.138.193 with SMTP id qs1mr26280780igb.2.1437497669390; Tue, 21 Jul 2015 09:54:29 -0700 (PDT)
Received: by 10.107.52.79 with HTTP; Tue, 21 Jul 2015 09:54:29 -0700 (PDT)
In-Reply-To: <20150721103028.GR620419@eidolon>
References: <770_1436211470_559AD90E_770_16843_1_36185c15-983d-4b98-8b77-109c5a808142@OPEXCLILMA2.corporate.adroot.infra.ftgroup> <20150721103028.GR620419@eidolon>
Date: Tue, 21 Jul 2015 09:54:29 -0700
Message-ID: <CA+wi2hPT-f1MDNVGA88Ve30DiMLHbTGZW6DgYNZayB+K1PjepQ@mail.gmail.com>
From: Tony Przygienda <tonysietf@gmail.com>
To: David Lamparter <equinox@diac24.net>
Content-Type: multipart/alternative; boundary="089e0122a5b8f31824051b65816b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/sSaxGRkZ4RJuLT_DBhCK5ZR1Z9Y>
Cc: "isis-wg@ietf.org list" <isis-wg@ietf.org>
Subject: Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 16:54:31 -0000

ok, quite creative approach in itself. I think the 'small window' will
completely defeat any attempt to make that work in generic terms.

We can't predict how quickly really the neighbor floods back when
CSNPs/PSNP'ed @ it's really as well a function of
fn(link speed [possibly shared with other people], #PDUs in neighbor
database, length of your queues to process stuff in ISIS, ...)

so we'd need some kind of formula as to 'what is reasonable'.

Now, there is no way to 'heal' such a problem, will will purge the LSP we
feel has been 'doctored' ? That just makes the problem worse.

Will we just ignore it and rely on retransmission ? That can partition the
network until the LSP truly ages out.

but I didn't think deeper, it's just quick stream-of-consciousness thing
here

--- tony


On Tue, Jul 21, 2015 at 3:30 AM, David Lamparter <equinox@diac24.net> wrote:

> On Mon, Jul 06, 2015 at 07:37:44PM +0000, bruno.decraene@orange.com wrote:
> > Please find below a draft describing the problem statement with regards
> to the possible corruption of the LSP lifetime.
> >
> https://tools.ietf.org/html/draft-decraene-isis-lsp-lifetime-problem-statement-00
>
> Just wondering - PSNP and CSNP packets have the lifetime and can be
> authenticated.  What we want to guard against is LSPDUs on a link that
> change the remaining lifetime of an unchanged LSP.  How about this:
>
> - create new capability "restrictive received LSPDU processing" to be
>   deployed on a per-circuit level
> - under new capability, prohibit processing LSPDUs whose lifetime is not
>   either in a small window of the expected value, or 0 / purging
> - if the lifetime of a LSP is supposed to actually change, the sending
>   system instead sends an (authenticated) PSNP
>
> Unfortunately, this only helps with a narrow attack scenario where there
> is an untrusted party on a link that can observe and send modified
> packets, but not modify them inflight or drop them.  Similarly, if there
> is corruption on the link that affects the first instance of a LSP, this
> doesn't help.
>
> Either way - just throwing this out as an idea.  More generically,
> keeping LSPDUs as they are, throwing around SNPs (probably with slightly
> changed per-circuit flooding semantics) might be part of a solution?
> Maybe this mail sparks a thought in someone :)
>
> Cheers,
>
>
> -David
>
> _______________________________________________
> Isis-wg mailing list
> Isis-wg@ietf.org
> https://www.ietf.org/mailman/listinfo/isis-wg
>

v2.23.0 | Report a Bug | By Email