Re: [L2tpext] WG last call for draft-ietf-l2tpext-failover-05.txt
Carlos Pignataro <cpignata@cisco.com> Sun, 14 August 2005 19:07 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4NpP-0003Xi-Fq; Sun, 14 Aug 2005 15:07:27 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4NpO-0003Xd-5K for l2tpext@megatron.ietf.org; Sun, 14 Aug 2005 15:07:26 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA07040 for <l2tpext@ietf.org>; Sun, 14 Aug 2005 15:07:24 -0400 (EDT)
Received: from bantam.cisco.com ([64.102.19.199] helo=av-tac-rtp.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E4OON-0002XD-5H for l2tpext@ietf.org; Sun, 14 Aug 2005 15:43:35 -0400
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost [127.0.0.1]) by av-tac-rtp.cisco.com (8.11.7p1+Sun/8.11.7) with ESMTP id j7EJ7GC19340; Sun, 14 Aug 2005 15:07:16 -0400 (EDT)
Received: from [192.168.123.127] (rtp-vpn2-118.cisco.com [10.82.240.118]) by rooster.cisco.com (8.11.7p1+Sun/8.11.7) with ESMTP id j7EJ7F720268; Sun, 14 Aug 2005 15:07:15 -0400 (EDT)
Message-ID: <42FF9660.9010306@cisco.com>
Date: Sun, 14 Aug 2005 15:07:12 -0400
From: Carlos Pignataro <cpignata@cisco.com>
Organization: cisco Systems, Inc.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.10) Gecko/20050716 Thunderbird/1.0.6 Mnenhy/0.7
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "da Silva, Ronald" <ronald.dasilva@twcable.com>
Subject: Re: [L2tpext] WG last call for draft-ietf-l2tpext-failover-05.txt
References: <8EC5131D7BE5494C839D543FF09944E802808FD2@PRVPVSMAIL04.corp.twcable.com>
In-Reply-To: <8EC5131D7BE5494C839D543FF09944E802808FD2@PRVPVSMAIL04.corp.twcable.com>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b6657e60309a1317174c9db2ae5f227
Content-Transfer-Encoding: 7bit
Cc: l2tpext@ietf.org
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/l2tpext>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
Sender: l2tpext-bounces@ietf.org
Errors-To: l2tpext-bounces@ietf.org
This looks like a very good document to me, please find a couple of comments/queries: 1. 2.2.1 Recovery tunnel establishment corresponding old tunnel. An endpoint SHOULD not send any control message on this tunnel, other than the messages to establish and tear down the tunnel itself. ***CP: I know this was updated with the "and tear down" to clarify about ***CP: StopCCN. Maybe just a nit, I wonder however if "establish, ***CP: keepalive and tear down" is more complete to include ZLB as well. ***CP: Or possibly simpler enumerate the allowed control messages: SCCRQ, ***CP: SCCRP, SCCCN, StopCCN, ZLB Ack and Explicit-Ack (for L2TPv3 ***CP: only). 2. Tunnel Recovery AVP for L2TPv3 tunnels: [snip] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Recover Tunnel Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Recover Remote Tunnel Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ***CP: s/Tunnel Id/Control Connection ID/ ***CP: Same clarification between tunnel id and control connection id in ***CP: the following 2 or 3 para (only mentions tunnel id). 3. Id and responds with an SCCRP. It MUST terminate the tunnel if: - Recover Tunnel Id or Remote Recover Tunnel Id is unknown. - Non failed endpoint did not indicate it was failover capable. - The L2TP version of recovery tunnel is different from the ***CP: What if the _failed_ endpoint did not indicate it was failover ***CP: capable when established the "old tunnel"? In such case: ***CP: 1. non-failed would not know peer's Recovery time, and any ***CP: assumption for it could result in extended downtime. ***CP: 2. is seems could open the door for a malicious party ***CP: impersonating a failed party? ***CP: So probably should/must terminate the recovery tunnel of the ***CP: failed endpoint did not indicate was failover capable? 4. tunnel. If, for any reason, the failed endpoint could not establish the recovery tunnel then it MUST silently clear the recovered tunnel and sessions within, assuming the recovery process has failed. Any control packet received on the recovered tunnel, before control channel reset, MUST be silently discarded. ***CP: The "recovered tunnel" in those 2 sentences is in fact the "old ***CP: tunnel" at this point, right? If the recovery tunnel ***CP: establishment fails then the old tunnel never makes it to ***CP: recovered, correct? 5. An endpoint MUST use tie breaker AVP (section 4.4.3 [L2TPv2] and section 5.4.3 [L2TPv3]) in the setup of the recovery tunnel ***CP: the "tie breaker AVP" would be the "Control Connection Tie ***CP: Breaker AVP" for L2TPv3; some other parts of the document make ***CP: the distinction between different named v2/v3 AVPs. 6. 2.2.1 Recovery tunnel establishment ***CP: What are the guidelines for including Failover Capability AVP in ***CP: the Recovery Tunnel SCCRQ/SCCRP establishment? MUST NOT be used? ***CP: Or use the values included in the Failover Capability AVP ***CP: for the Recovery Tunnel as applicable for the recovered tunnel, ***CP: to be used in a subsequent failure? 7. 2.1 Pre Failover Operation The D bit, when set indicates that an endpoint is capable of resetting Nr value based on received Ns value(s) from one or more 'out of order but in sequence' packets from the peer. This bit is applicable only for the sessions using sequence numbers on the data channel i.e. data channel failure on the system not 2.2.2 Control and Data Channel Reset numbers and if data channel has failed over. Failed endpoint resets its Ns value to zero, where as non failed endpoint could continue to use the Ns values it was using previously. To reset Nr values during failover, if an endpoint receives 'n' out of order but in sequence packets then it MUST set the Nr value based on the Ns value of the incoming packets, as suggested in Appendix C [L2TPv3]. The value of 'n' should be configurable. ***CP: Nit comment: I wonder if these paragraphs should say "expected ***CP: sequence number" instead of Nr and Sequence Number instead of Ns ***CP: for data channel, to make it clear is not the control connection ***CP: Nr/Ns for L2TPv3. Or note what Nr/Ns are referring to in L2Tpv3, ***CP: as sequencing fields do not have that name. 8. 2.3 Session State Synchronization Step2: Both endpoints SHOULD identify the sessions that might have been in inconsistent states, perhaps based on data channel inactivity. ***CP: Over what period is data channel inactivity measured? In any case ***CP: it may not be an accurate indicator of inconsistency, a silent ***CP: session may be consistent and a session receiving data packets ***CP: may be inconsistent. Shouldn't FSS for all sessions instead? 9. Step3: An endpoint sends Failover Session Query (FSQ) message, message type 21, to query the state of stale sessions on its peer. An FSQ message MUST include at least one Failover Session State (FSS) AVPs. An endpoint MAY send another FSQ message on the ***CP: It may be useful to make explicit what AVPs MAY/MUST in FSQ. MUST ***CP: Message Type, MAY Message Digest and MUST one or more Failover ***CP: Session State AVPs. Right? Additionally, in the FSS description, ***CP: it would be useful to specify that FSS can only be used in FSQ ***CP: and FSR messages. 10. Before all sessions are synchronized using FSQ/FSR mechanism, if an endpoint receives an ICRQ for a session it believe is already in established state, it MUST respond to such ICRQ with a CDN, setting Assigned/Local Session ID AVP ([L2TPv2] section 4.4.4, [L2TPv3] section 5.4.4) to its local session id, and clear the ***CP: The first line seems to be the first mention of FSR (the name ***CP: "Failover Session Response" is first introduced further down). It ***CP: would be useful to expand the name before and detail which AVPs ***CP: MAY/MUST in FSRs: MUST Message Type, MAY Message Digest and MUST ***CP: one or more Failover Session State AVPs. Correct? 11. 4.0 Security Considerations The failover mechanism described here leaves a some room (1 in 2^32) for an intruder to discover the old tunnel id of an existing tunnel ***CP: This probability number seems only for L2TPv2. More importantly ***CP: though, this section should include what to can be done to ***CP: minimize the exposure. At least, control message security ***CP: mechanisms must be considered, specifically for mutual endpoint ***CP: authentication (for tunnel establishment for v2 and also for ***CP: control message auth for v3). Additionally, an impersonator may ***CP: try to create a recovery tunnel clearing C and D bits to drop the ***CP: old tunnel/sessions. 12. Appendix A ***CP: The 4 Appendices are most useful !!! 13. - The mechanism should be backward compatible; i.e. it should not redefine existing behavior of [L2TP] compliant systems. ***CP: There's no [L2TP] reference, is that v2 only or both? 14. Appendix B from recovering multiple tunnels in parallel. It also allows an endpoint from sending multiple FSQs to recover quickly. ***CP: In addition, from including multiple FSSs in FSQ and FSR to ***CP: recover quickly. I hope these help ! --Carlos. Circa 7/31/2005 12:32 PM, da Silva, Ronald said the following: > This is the last call for draft-ietf-l2tpext-failover-05.txt. Please > review and send comments to this list. > > Last call will end August 15th, 2005. > > Thanks! > -ron > > _______________________________________________ > L2tpext mailing list > L2tpext@ietf.org > https://www1.ietf.org/mailman/listinfo/l2tpext > -- --Carlos. Escalation RTP - cisco Systems _______________________________________________ L2tpext mailing list L2tpext@ietf.org https://www1.ietf.org/mailman/listinfo/l2tpext
- [L2tpext] WG last call for draft-ietf-l2tpext-fai… da Silva, Ronald
- Re: [L2tpext] WG last call for draft-ietf-l2tpext… Carlos Pignataro
- Re: [L2tpext] WG last call for draft-ietf-l2tpext… Vipin Jain
- Re: [L2tpext] WG last call for draft-ietf-l2tpext… Carlos Pignataro
- Re: [L2tpext] WG last call for draft-ietf-l2tpext… Vipin Jain
- Re: [L2tpext] WG last call for draft-ietf-l2tpext… Carlos Pignataro
- Re: [L2tpext] WG last call for draft-ietf-l2tpext… Vipin Jain
- Re: [L2tpext] WG last call for draft-ietf-l2tpext… Carlos Pignataro