Re: [Isis-wg] ISIS Authentication Problem

"Tony Li" <tony.li@tony.li> Thu, 29 January 2009 06:42 UTC

Return-Path: <isis-wg-bounces@ietf.org>
X-Original-To: isis-archive@megatron.ietf.org
Delivered-To: ietfarch-isis-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 390BA3A67F7; Wed, 28 Jan 2009 22:42:35 -0800 (PST)
X-Original-To: isis-wg@core3.amsl.com
Delivered-To: isis-wg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 249463A67F7 for <isis-wg@core3.amsl.com>; Wed, 28 Jan 2009 22:42:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.225
X-Spam-Level:
X-Spam-Status: No, score=-2.225 tagged_above=-999 required=5 tests=[AWL=-0.227, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_75=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cFSf2ag5xK6P for <isis-wg@core3.amsl.com>; Wed, 28 Jan 2009 22:42:32 -0800 (PST)
Received: from QMTA01.emeryville.ca.mail.comcast.net (qmta01.emeryville.ca.mail.comcast.net [76.96.30.16]) by core3.amsl.com (Postfix) with ESMTP id D5F633A67B1 for <isis-wg@ietf.org>; Wed, 28 Jan 2009 22:42:31 -0800 (PST)
Received: from OMTA03.emeryville.ca.mail.comcast.net ([76.96.30.27]) by QMTA01.emeryville.ca.mail.comcast.net with comcast id 9DW71b00L0b6N64A1JiEHP; Thu, 29 Jan 2009 06:42:14 +0000
Received: from TONYLTM9XP ([155.53.1.254]) by OMTA03.emeryville.ca.mail.comcast.net with comcast id 9Ji21b0025Up7oj8PJi4PR; Thu, 29 Jan 2009 06:42:12 +0000
From: Tony Li <tony.li@tony.li>
To: pranjalchakravarty@yahoo.co.in, isis-wg@ietf.org
References: <80109.81878.qm@web8406.mail.in.yahoo.com>
Date: Wed, 28 Jan 2009 22:42:03 -0800
Message-ID: <838C02CCF533412EA688DDF3C5A30535@ad.redback.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcmBsq1k7yTot4DVTOeDkp9P07TdcAAKZe7g
In-Reply-To: <80109.81878.qm@web8406.mail.in.yahoo.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Subject: Re: [Isis-wg] ISIS Authentication Problem
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: tony.li@tony.li
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0602618756=="
Sender: isis-wg-bounces@ietf.org
Errors-To: isis-wg-bounces@ietf.org

 
Hi Pranjal,
 
Well, it's not a protocol issue.  ;-)  Whether or not you consider it a bug
is more of an operational question.
 
>From the perspective of R2, nothing has gone wrong.  R2 is going to start
hearing new LSPs from R1, but those LSPs are going to contain the wrong
authentication information.  R2 then correctly _ignores_ the new, 'bad'
data.  
 
Note that it would be a bug if R2 was to perform any substantive action on
receipt of an incorrectly authenticated LSP.  Doing so would create a huge
DoS vector.
 
If your concern is password transitioning, an implementation is free to
accept multiple passwords on receipt.
 
Regards,
Tony
 


  _____  

From: isis-wg-bounces@ietf.org [mailto:isis-wg-bounces@ietf.org] On Behalf
Of Pranjal Chakravarty
Sent: Wednesday, January 28, 2009 5:41 PM
To: isis-wg@ietf.org
Subject: [Isis-wg] ISIS Authentication Problem



Hello I have a problem with ISIS area/domain authentication.
Suppose we have two Routers(maybe cisco)
We configure area authentication password in both routers
 
R1>area authentication sprint
R2>area authentication sprint
 
Now there is no problem both routres remain adjacent and both routers accept
others LSP and ISIS routes are present in both routers.
 
Now we change area authentication password in one of the routers.
 
R1>area authentication tata
 
Now in R1 Immediatly Other routers(R2's) LSP will be deleted from its
database and ISIS Routes that it learnt from R2 will be deleted.
 
But in router R2, LSP of R1 is not becoming lifetime zero and R2 is not
deleting ISIS routes which it learnt from R1 even though area password s are
diffrent now .
 
,The database gets cleared and ISIS routes are deleted only after we give
clear isis * command.in R2 Router.
 
Is it a problem ... 

  _____  

Explore your hobbies and interests. Click
<http://in.rd.yahoo.com/tagline_groups_6/*http://in.promos.yahoo.com/groups/
> here to begin.

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www.ietf.org/mailman/listinfo/isis-wg