RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
"Lizhong Jin" <lizho.jin@gmail.com> Tue, 08 April 2014 13:25 UTC
Return-Path: <lizho.jin@gmail.com>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com
(Postfix) with ESMTP id 78C8B1A03D4 for <l2vpn@ietfa.amsl.com>;
Tue, 8 Apr 2014 06:25:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001,
SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V9v9iIXhuaig for
<l2vpn@ietfa.amsl.com>; Tue, 8 Apr 2014 06:25:54 -0700 (PDT)
Received: from mail-pb0-x22c.google.com (mail-pb0-x22c.google.com
[IPv6:2607:f8b0:400e:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id
2FDCF1A03D1 for <l2vpn@ietf.org>; Tue, 8 Apr 2014 06:25:53 -0700 (PDT)
Received: by mail-pb0-f44.google.com with SMTP id rp16so1019243pbb.31 for
<l2vpn@ietf.org>; Tue, 08 Apr 2014 06:25:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=from:to:cc:references:in-reply-to:subject:date:message-id
:mime-version:content-type:content-transfer-encoding:thread-index
:content-language; bh=2Pe5tF+AJ7JVwuoTztMrfaD9dQYoVYsMM2VWOjPI8Yg=;
b=GRyCXrEhtBedoswqn3XP5gswrT6UbJc6WJQ7WnY+O2q9sGhtNp4H1teVW4CUa76aT3
1H3Z1gr+48hMBRHeaoCAtKU50DRocSArFOcjslKXMlpqJcHQU2REL7clE9WMWF0y8r8H
a8cxDnoP4qfq0s9hZsjDOOXZRWtha8ywL/tAiyxSePheZ8J9/V3bSBPQiQhxhFiUqh4c
wIUF63m7wtt8LiTyrQ85iwOeQ6adxzdYAD0a4b+z7++sNLH2p1OrPsOKYtl+WeUsCXsV
dBB4VEVDXwQ4AOVf/+A9tlR/4iy+9bTgDytBRjEItwJkWDroSFniXUQ2zu9YnC3CzjB4 YqFA==
X-Received: by 10.66.66.66 with SMTP id d2mr4719266pat.24.1396963553210;
Tue, 08 Apr 2014 06:25:53 -0700 (PDT)
Received: from LizhongPC ([114.62.223.166]) by mx.google.com with ESMTPSA id
cz3sm4680941pbc.9.2014.04.08.06.25.42 for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 08 Apr 2014 06:25:52 -0700 (PDT)
From: "Lizhong Jin" <lizho.jin@gmail.com>
To: <adrian@olddog.co.uk>,
<draft-ietf-l2vpn-vpls-inter-domain-redundancy.all@tools.ietf.org>
References: <0aaa01cf45f0$7d04ae00$770e0a00$@olddog.co.uk>
<53345952.a70e440a.2a29.4f84@mx.google.com>
<016601cf4c50$078c8ce0$16a5a6a0$@olddog.co.uk>
<011e01cf4cf0$28349370$789dba50$@gmail.com>
In-Reply-To: <011e01cf4cf0$28349370$789dba50$@gmail.com>
Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy
Date: Tue, 8 Apr 2014 21:25:39 +0800
Message-ID: <5343f8e0.a3b2440a.7ee6.ffffccc6@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQKieMH6bvwQq0oDr/K5WljRkwwysgG2FEXSAieGbsoB5zRVRZkzQqzQ
Content-Language: zh-cn
Archived-At: http://mailarchive.ietf.org/arch/msg/l2vpn/jQdOlSZp7e1PoqqaH7sB6LtmfsQ
Cc: l2vpn@ietf.org
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Layer 2 Virtual Private Networks <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>,
<mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn/>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>,
<mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 13:25:58 -0000
Hi Adrian, The draft authors suggest to separate "security" section into "management" and "security", and the new content is as below. Are you OK with the following changes? 6. Management Considerations When deploying the inter-domain redundancy mechanism described in this document, some manual operation/negotiation is required to be done correctly and securely. E.g., each node within one RG should be configured with same redundancy mode; the two operators should negotiate to configure same PW priority at two nodes. If the configuration consistency is broken, the inter-domain redundancy mechanism may not work properly. 7. Security Considerations Besides the security properties of [I-D.ietf-pwe3-iccp], [RFC4762] and [RFC6870], this document will have additional security consideration. ICCP is now deployed between two PEs or ASBRs, the two PEs or ASBRs should be connected by a well managed and highly monitored network. The LDP session could be secured with TCP Authentication Option [RFC5925]. This provides integrity and authentication for the ICCP messages. The LDP MD5 authentication key option, as described in section 2.9 of [RFC5036] MAY also be used. The attention of implementers and deployers is drawn to [RFC6941] and [RFC6952] with special attention to the recommendation to use TCP-AO [RFC5925] for enhanced security of LDP sessions. The activitiy on the inter-domain and intra-domain pseudowire may cause security threats or be exploited to create denial of service attackes. Excessive pseudowire state flapping (e.g., by malicious peer PE's implementation) may lead to excessive ICCP exchanges. Implementations SHOULD provide mechanisms to perform control-plane policing and mitigate such types of attacks. Regards Lizhong > -----Original Message----- > From: Lizhong Jin [mailto:lizho.jin@gmail.com] > Sent: Monday, March 31, 2014 10:47 PM > To: adrian@olddog.co.uk; draft-ietf-l2vpn-vpls-inter-domain- > redundancy.all@tools.ietf.org > Cc: l2vpn@ietf.org > Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain-redundancy > > Hi Adrian, > Thank you for the quick reply. See my reply inline below. > We will post a new version accordingly soon to reflect these comments. > > Regards > Lizhong > > > -----Original Message----- > > From: Adrian Farrel [mailto:adrian@olddog.co.uk] > > Sent: 2014年3月31日 3:41 > > To: 'Lizhong Jin'; draft-ietf-l2vpn-vpls-inter-domain- > > redundancy.all@tools.ietf.org > > Cc: l2vpn@ietf.org > > Subject: RE: AD review of draft-ietf-l2vpn-vpls-inter-domain- > redundancy > > > > Hi Lizhong, > > > > > Sorry for the late reply. Please see my reply inline below. > > > Please co-authors help to correct if I am wrong. > > > > [snip] > > > > > > I can't see how this is a BCP. I realise that RFC 2026 section 5 > is > > > > not really clearly written, but this is a technical spec that > > > > describes how to build a particular function in the network. > > > > Standards Track would be just fine (even though there are no bits > > > > and bytes defined) because you are defining procedures (using > 2119 > > > > language) that an implementation has to perform to make this > function > > work (i.e., interoperate). > > > > > > [Lizhong] thank you for pointing out this. We will change to > Standards > > > Track. > > > > Good. I hope the WG is paying attention! > [Lizhong] OK, we will post a new version accordingly. > > > > > > > Section 1 > > > > > > > > Please give a little more information about what the "solution" > is. > > > > You don't need to go into full detail, but you do need to give > some > > > > overview. Things I'd like to see covered... > > > > - motivation is to provide service protection mechanisms in the > event > > > > of edge node failure > > > > - basic mechanism is to provide edge node redundancy > > > > - solution is dependent on the use of ICCP (with reference) to > > > > coordinate between redundant edge nodes > > > > - no changes to any protocol message formats are needed for this > > > > solution and no new protocol options are defined > > > > - this solution is a description of how existing protocol > building > > > > blocks may be deployed to achieve the desired function, but > also > > > > defines implementation behavior necessary for the function to > work. > > > [Lizhong] accepted, and I try to rephrase as below: > > > In many existing Virtual Private LAN Service (VPLS) deployments > based > > > on [RFC4762], inter-domain connectivity has been deployed without > node > > > redundancy, or with node redundancy in a single domain. This > document > > > is to provide a service protection mechanism for inter-domain VPLS > > > based on [RFC4762]. The protection mechanism will provide edge node > > > redundancy and link redundancy in both domains. The domain in this > > > document refers to autonomous system (AS), or other administrative > > domains. > > > The solution relies on the use of ICCP [ietf-pwe3-iccp] to > coordinate > > > between redundant edge nodes, and use of Pseudowire (PW) > Preferential > > > Forwarding Status Bit [RFC 6870] to negotiate the PW status. There > is > > > no change to any protocol message formats and no new protocol > options > > > introduced. This solution is a description of reusing existing > > > protocol building blocks to achieve the desired function, but also > > > defines implementation behavior necessary for the function to work. > > > > Works for me. > [Lizhong] Thanks. > > > > [snip] > > > > > > Figure 2 might usefully be redrawn to show how PW3 and PW4 attach > to > > > > the PEs. > > > [Lizhong] do you mean the PW is broken to the PE in the figure? > Will fix > > > that. > > > Thanks. > > > > Yeah. PW3 should connect to PE3 etc. > [Lizhong] Thanks. > > > > > > Section 5 says > > > > > > > > For the inter-domain four-PW scenario, > > > > it is required for PEs to ensure that the same mode is > supported on > > > > the two ICCP peers in the same redundancy group (RG). > > > > > > > > But you don't say how this is achieved. > > > [Lizhong] will add: One method to ensure mode consistency is by > manual > > > operation. Other methods are also possible and is out of the scope > of > > > this document. > > > > I'm OK with that, but it is a bit thin. Operators are famous for not > > configuring > > the same thing at two ends of a link. > [Lizhong] I understand. At current stage, let's keep it simple. > > > > > > > Section 5.2 > > > > > > > > Before > > > > deploying this inter-domain VPLS, the operators MUST negotiate > to > > > > configure same PW high/low priority at two PW end-points. > > > > > > > > How do they do this? > > > [Lizhong] we check this with the operator. When they do inter-AS > > > connection, there will be some kind of contract to ensure the > > > interconnection. The PW priority could be one part of the > > > contract/negotiation. This is more of the operation method. Now I > think > > > we > > should not use RFC2119 word "MUST" here. > > > "should" would be a better word here. > > > > Yup, "should" is better, and maybe add "The inter-domain VPLS > relationship > > normally involves a contractual process between operators, and the > > configuration of PW roles forms part of this process." > [Lizhong] OK, thanks. > > > > > > > Section 5.3 > > > > > > > > In this use case, there are generally three options > > > > > > > > So, sometimes two options and sometimes four options? :-) Delete > > > > "generally", but also make clear what the three options are. > > > [Lizhong] it would be clear to say: In this use case, there are two > > > options to provide protection: 1:1 and 3:1 protection. > > > > OK > > > > [snip] > > > > > > Section 6 > > > > > > > > There seem to be some independent actions needed (operator > > > > negotiation, setting of mode). Are these security vulnerabilities? > > > > > > > > ICCP is being run on the Internet and not in a chassis. Does that > > > > make a difference to the security model? > > > [Lizhong] yes, more consideration is required. I try to change: > > > Besides of the security properties of [I-D.ietf-pwe3-iccp] and > > > [RFC4762], this draft will have additional security consideration. > > > When deploying the inter-domain redundancy mechanism described in > this > > > document, some manual operation/negotiation is required to be done > > > correctly and securely. E.g., each node within one RG should be > > > configured with same redundancy mode; the two operators should > > > negotiate to configure same PW priority at two nodes. If the > > > configuration consistency is broken, the inter-domain redundancy > > mechanism may not work properly. > > > Since ICCP is now deployed between two PEs or ASBRs, the LDP > session > > > could be secured with TCP Authentication Option [RFC5925]. This > > > provides integrity and authentication for the ICCP messages. The > LDP > > > MD5 authentication key option, as described in section 2.9 of > [RFC5036] > > MAY also be used. > > > > That is good except that MD5 is pretty much regarded as useless as a > > security > > tool these days. > > > > How about adding to the end of your text: > > > > "The attention of implementers and deployers is drawn to [RFC6941] > and > > [RFC6952] with special attention to the recommendation to use TCP-AO > > [RFC5925] for enhanced security of LDP sessions." > [Lizhong] OK, thanks. > > > > > Cheers, > > Adrian > >
- AD review of draft-ietf-l2vpn-vpls-inter-domain-r… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- Re: AD review of draft-ietf-l2vpn-vpls-inter-doma… Loa Andersson
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Lizhong Jin
- RE: AD review of draft-ietf-l2vpn-vpls-inter-doma… Adrian Farrel