IETF Logo Mail Archive

RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy

"Adrian Farrel" <adrian@olddog.co.uk> Thu, 10 April 2014 10:45 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9453F1A01D3 for <l2vpn@ietfa.amsl.com>; Thu, 10 Apr 2014 03:45:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n_zCM1p-vjPf for <l2vpn@ietfa.amsl.com>; Thu, 10 Apr 2014 03:45:22 -0700 (PDT)
Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) by ietfa.amsl.com (Postfix) with ESMTP id 516131A01BB for <l2vpn@ietf.org>; Thu, 10 Apr 2014 03:45:22 -0700 (PDT)
Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id s3AAjJpk017266; Thu, 10 Apr 2014 11:45:19 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id s3AAjHHH017246 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 10 Apr 2014 11:45:18 +0100
From: "Adrian Farrel" <adrian@olddog.co.uk>
To: "'Lizhong Jin'" <lizho.jin@gmail.com>, <draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org>
References: <0aaa01cf45f0$7d04ae00$770e0a00$@olddog.co.uk> <53345952.a70e440a.2a29.4f84@mx.google.com> <016601cf4c50$078c8ce0$16a5a6a0$@olddog.co.uk> <011e01cf4cf0$28349370$789dba50$@gmail.com> <5343f8e0.a3b2440a.7ee6.ffffccc6@mx.google.com>
In-Reply-To: <5343f8e0.a3b2440a.7ee6.ffffccc6@mx.google.com>
Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
Date: Thu, 10 Apr 2014 11:45:18 +0100
Message-ID: <028901cf54a9$f7634cc0$e629e640$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKieMH6bvwQq0oDr/K5WljRkwwysgG2FEXSAieGbsoB5zRVRQLDIuM8mSAiM8A=
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1017-20622.006
X-TM-AS-Result: No--37.343-10.0-31-10
X-imss-scan-details: No--37.343-10.0-31-10
X-TMASE-MatchedRID: a6VsEHZT/ZFDZFBd1jLr/rxygpRxo469t3aeg7g/usAiFs20Vxq/wrmR LdJVdEm/YKXU5x6vEGPkkTbfp2U50xyCaonaIG/AuIwLnB3Aqp0rHkgIan9a0WsSgW01iDQLvL4 BuAuBsSlvFeXz/P2+wkGsUll38aASMZpnc+6w+DTuykw7cfAoIG5N71UY7eq8uSIn8GC9fqs+mZ LuHsKcOpdEQabRybjEkfogCiAqT001cvnM9phj4RokisCyVCexzDlraXs8h+ZQnnYsWF8zq2pVo /joOvwExCwuvsHRtIQ7V2y6PpJnIrvuuksuYzsCZwDJZynfzStGvA4S70GhMmgT9IdN4mUOuaes YH+TAYxT7gKktTs+watVlfc245o23XkI6jWXY3RswYo64ufkVX4rryovYbmme+xt+hmLFRM4OJj GEod9DbNPCp/BU1u8R0SKTnZYmfsTCPmEbq0xeG/+RwWenb0YviRliDV2nywY0A95tjAn+7JVv1 3dZNfHPjmw6VWAfsbiXn352PuYAW94Ipa1otxohDqIQb7sQecT1RzDMx9VmLKeTtOdjMy6N/IPg HUHVfDwM1lgED/qJxgaZOJZCVBCa6E59IxHGX9+7IhLVmN+u3tjaUnUUncdInzOyTDR1uvLw0Kh HW39TeyXzLxaAGeG6B07gBpHiv1XKLar1IWcqlz+axQLnAVB2D/7bUIJlF1PtLhlThdPEFdWJfE qbx6MFLfDUO9Th15FcQlq8WbRMKwUHwBRC6Ff9Ib/6w+1lWRaCvPATPKcuU+u8oS4XkKMIiLw+j kqZLJ1yrGmWl5vjG5MrjdTavzWy6Bb6HVNE6aeAiCmPx4NwFkMvWAuahr8ooPRqITj5zirusVRy 4an8bxAi7jPoeEQftwZ3X11IV0=
Archived-At: http://mailarchive.ietf.org/arch/msg/l2vpn/8ci6bVL169O350I6ChfihuBA_gI
Cc: l2vpn@ietf.org
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Layer 2 Virtual Private Networks <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn/>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Apr 2014 10:45:25 -0000

Yes, good job.

Please post it.

Adrian

> -----Original Message-----
> From: Lizhong Jin [mailto:lizho.jin@gmail.com]
> Sent: 08 April 2014 14:26
> To: adrian@olddog.co.uk; draft-ietf-l2vpn-vpls-inter-domain-
> redundancy.all@tools.ietf.org
> Cc: l2vpn@ietf.org
> Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
> 
> Hi Adrian,
> The draft authors suggest to separate "security" section into "management" and
> "security", and the new content is as below. Are you OK with the following
> changes?
> 
> 6.  Management Considerations
> 
>    When deploying the inter-domain redundancy mechanism described in
>    this document, some manual operation/negotiation is required to be
>    done correctly and securely.  E.g., each node within one RG should be
>    configured with same redundancy mode; the two operators should
>    negotiate to configure same PW priority at two nodes.  If the
>    configuration consistency is broken, the inter-domain redundancy
>    mechanism may not work properly.
> 
> 
> 7.  Security Considerations
> 
>    Besides the security properties of [I-D.ietf-pwe3-iccp], [RFC4762]
>    and [RFC6870], this document will have additional security
>    consideration.
> 
>    ICCP is now deployed between two PEs or ASBRs, the two PEs or ASBRs
>    should be connected by a well managed and highly monitored network.
>    The LDP session could be secured with TCP Authentication Option
>    [RFC5925].  This provides integrity and authentication for the ICCP
>    messages.  The LDP MD5 authentication key option, as described in
>    section 2.9 of [RFC5036] MAY also be used.
> 
>    The attention of implementers and deployers is drawn to [RFC6941] and
>    [RFC6952] with special attention to the recommendation to use TCP-AO
>    [RFC5925] for enhanced security of LDP sessions.
> 
>    The activitiy on the inter-domain and intra-domain pseudowire may
>    cause security threats or be exploited to create denial of service
>    attackes.  Excessive pseudowire state flapping (e.g., by
>    malicious peer PE's implementation) may lead to excessive ICCP
>    exchanges.  Implementations SHOULD provide mechanisms to perform
>    control-plane policing and mitigate such types of attacks.
> 
> Regards
> Lizhong
> 
> > -----Original Message-----
> > From: Lizhong Jin [mailto:lizho.jin@gmail.com]
> > Sent: Monday, March 31, 2014 10:47 PM
> > To: adrian@olddog.co.uk; draft-ietf-l2vpn-vpls-inter-domain-
> > redundancy.all@tools.ietf.org
> > Cc: l2vpn@ietf.org
> > Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
> >
> > Hi Adrian,
> > Thank you for the quick reply. See my reply inline below.
> > We will post a new version accordingly soon to reflect these comments.
> >
> > Regards
> > Lizhong
> >
> > > -----Original Message-----
> > > From: Adrian Farrel [mailto:adrian@olddog.co.uk]
> > > Sent: 2014年3月31日 3:41
> > > To: 'Lizhong Jin'; draft-ietf-l2vpn-vpls-inter-domain-
> > > redundancy.all@tools.ietf.org
> > > Cc: l2vpn@ietf.org
> > > Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-
> > redundancy
> > >
> > > Hi Lizhong,
> > >
> > > > Sorry for the late reply. Please see my reply inline below.
> > > > Please co-authors help to correct if I am wrong.
> > >
> > > [snip]
> > >
> > > > > I can't see how this is a BCP. I realise that RFC 2026 section 5
> > is
> > > > > not really clearly written, but this is a technical spec that
> > > > > describes how to build a particular function in the network.
> > > > > Standards Track would be just fine (even though there are no bits
> > > > > and bytes defined) because you are defining procedures (using
> > 2119
> > > > > language) that an implementation has to perform to make this
> > function
> > > work (i.e., interoperate).
> > > >
> > > > [Lizhong] thank you for pointing out this. We will change to
> > Standards
> > > > Track.
> > >
> > > Good. I hope the WG is paying attention!
> > [Lizhong] OK, we will post a new version accordingly.
> >
> > >
> > > > > Section 1
> > > > >
> > > > > Please give a little more information about what the "solution"
> > is.
> > > > > You don't need to go into full detail, but you do need to give
> > some
> > > > > overview. Things I'd like to see covered...
> > > > > - motivation is to provide service protection mechanisms in the
> > event
> > > > >   of edge node failure
> > > > > - basic mechanism is to provide edge node redundancy
> > > > > - solution is dependent on the use of ICCP (with reference) to
> > > > >   coordinate between redundant edge nodes
> > > > > - no changes to any protocol message formats are needed for this
> > > > >   solution and no new protocol options are defined
> > > > > - this solution is a description of how existing protocol
> > building
> > > > >   blocks may be deployed to achieve the desired function, but
> > also
> > > > >   defines implementation behavior necessary for the function to
> > work.
> > > > [Lizhong] accepted, and I try to rephrase as below:
> > > > In many existing Virtual Private LAN Service (VPLS) deployments
> > based
> > > > on [RFC4762], inter-domain connectivity has been deployed without
> > node
> > > > redundancy, or with node redundancy in a single domain.  This
> > document
> > > > is to provide a service protection mechanism for inter-domain VPLS
> > > > based on [RFC4762]. The protection mechanism will provide edge node
> > > > redundancy and link redundancy in both domains.  The domain in this
> > > > document refers to autonomous system (AS), or other administrative
> > > domains.
> > > > The solution relies on the use of ICCP [ietf-pwe3-iccp] to
> > coordinate
> > > > between redundant edge nodes, and use of Pseudowire (PW)
> > Preferential
> > > > Forwarding Status Bit [RFC 6870] to negotiate the PW status. There
> > is
> > > > no change to any protocol message formats and no new protocol
> > options
> > > > introduced. This solution is a description of reusing existing
> > > > protocol building blocks to achieve the desired function, but also
> > > > defines implementation behavior necessary for the function to work.
> > >
> > > Works for me.
> > [Lizhong] Thanks.
> > >
> > > [snip]
> > >
> > > > > Figure 2 might usefully be redrawn to show how PW3 and PW4 attach
> > to
> > > > > the PEs.
> > > > [Lizhong] do you mean the PW is broken to the PE in the figure?
> > Will fix
> > > > that.
> > > > Thanks.
> > >
> > > Yeah. PW3 should connect to PE3 etc.
> > [Lizhong] Thanks.
> > >
> > > > > Section 5 says
> > > > >
> > > > >    For the inter-domain four-PW scenario,
> > > > >    it is required for PEs to ensure that the same mode is
> > supported on
> > > > >    the two ICCP peers in the same redundancy group (RG).
> > > > >
> > > > > But you don't say how this is achieved.
> > > > [Lizhong] will add: One method to ensure mode consistency is by
> > manual
> > > > operation. Other methods are also possible and is out of the scope
> > of
> > > > this document.
> > >
> > > I'm OK with that, but it is a bit thin. Operators are famous for not
> > > configuring
> > > the same thing at two ends of a link.
> > [Lizhong] I understand. At current stage, let's keep it simple.
> >
> > >
> > > > > Section 5.2
> > > > >
> > > > >    Before
> > > > >    deploying this inter-domain VPLS, the operators MUST negotiate
> > to
> > > > >    configure same PW high/low priority at two PW end-points.
> > > > >
> > > > > How do they do this?
> > > > [Lizhong] we check this with the operator. When they do inter-AS
> > > > connection, there will be some kind of contract to ensure the
> > > > interconnection. The PW priority could be one part of the
> > > > contract/negotiation. This is more of the operation method. Now I
> > think
> > > > we
> > > should not use RFC2119 word "MUST" here.
> > > > "should" would be a better word here.
> > >
> > > Yup, "should" is better, and maybe add "The inter-domain VPLS
> > relationship
> > > normally involves a contractual process between operators, and the
> > > configuration of PW roles forms part of this process."
> > [Lizhong] OK, thanks.
> >
> > >
> > > > > Section 5.3
> > > > >
> > > > >    In this use case, there are generally three options
> > > > >
> > > > > So, sometimes two options and sometimes four options? :-) Delete
> > > > > "generally", but also make clear what the three options are.
> > > > [Lizhong] it would be clear to say: In this use case, there are two
> > > > options to provide protection: 1:1 and 3:1 protection.
> > >
> > > OK
> > >
> > > [snip]
> > >
> > > > > Section 6
> > > > >
> > > > > There seem to be some independent actions needed (operator
> > > > > negotiation, setting of mode). Are these security vulnerabilities?
> > > > >
> > > > > ICCP is being run on the Internet and not in a chassis. Does that
> > > > > make a difference to the security model?
> > > > [Lizhong] yes, more consideration is required. I try to change:
> > > > Besides of the security properties of [I-D.ietf-pwe3-iccp] and
> > > > [RFC4762], this draft will have additional security consideration.
> > > > When deploying the inter-domain redundancy mechanism described in
> > this
> > > > document, some manual operation/negotiation is required to be done
> > > > correctly and securely. E.g., each node within one RG should be
> > > > configured with same redundancy mode; the two operators should
> > > > negotiate to configure same PW priority at two nodes. If the
> > > > configuration consistency is broken, the inter-domain redundancy
> > > mechanism may not work properly.
> > > > Since ICCP is now deployed between two PEs or ASBRs, the LDP
> > session
> > > > could be secured with TCP Authentication Option [RFC5925]. This
> > > > provides integrity and authentication for the ICCP messages. The
> > LDP
> > > > MD5 authentication key option, as described in section 2.9 of
> > [RFC5036]
> > > MAY also be used.
> > >
> > > That is good except that MD5 is pretty much regarded as useless as a
> > > security
> > > tool these days.
> > >
> > > How about adding to the end of your text:
> > >
> > > "The attention of implementers and deployers is drawn to [RFC6941]
> > and
> > > [RFC6952] with special attention to the recommendation to use TCP-AO
> > > [RFC5925] for enhanced security of LDP sessions."
> > [Lizhong] OK, thanks.
> >
> > >
> > > Cheers,
> > > Adrian
> > >

v2.8.7 | Report a Bug | By Email