RE: WG LC: draft-ietf-l3vpn-2547bis-mcast-bgp

Thomas Morin <thomas.morin@orange-ftgroup.com> Mon, 15 December 2008 10:51 UTC

Return-Path: <l3vpn-bounces@ietf.org>
X-Original-To: l3vpn-archive@megatron.ietf.org
Delivered-To: ietfarch-l3vpn-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0C5E3A67F0; Mon, 15 Dec 2008 02:51:24 -0800 (PST)
X-Original-To: l3vpn@core3.amsl.com
Delivered-To: l3vpn@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 608FD3A67F0 for <l3vpn@core3.amsl.com>; Mon, 15 Dec 2008 02:51:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.157
X-Spam-Level:
X-Spam-Status: No, score=-3.157 tagged_above=-999 required=5 tests=[AWL=0.092, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cJgu0GjuSlHl for <l3vpn@core3.amsl.com>; Mon, 15 Dec 2008 02:51:22 -0800 (PST)
Received: from p-mail1.rd.francetelecom.com (p-mail1.rd.francetelecom.com [195.101.245.15]) by core3.amsl.com (Postfix) with ESMTP id D7F693A67B6 for <l3vpn@ietf.org>; Mon, 15 Dec 2008 02:51:21 -0800 (PST)
Received: from ftrdmel10.rd.francetelecom.fr ([10.193.117.156]) by ftrdsmtp2.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.1830); Mon, 15 Dec 2008 11:51:09 +0100
Received: from [10.193.15.34] ([10.193.15.34]) by ftrdmel10.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.1830); Mon, 15 Dec 2008 11:51:08 +0100
Subject: RE: WG LC: draft-ietf-l3vpn-2547bis-mcast-bgp
From: Thomas Morin <thomas.morin@orange-ftgroup.com>
To: "NAPIERALA, MARIA H, ATTLABS" <mnapierala@att.com>
In-Reply-To: <2F1DE4DFCFF32144B771BD2C246E6A200166D77C@misout7msgusr7e.ugd.att.com>
References: <F9AA9B4C-3FEA-4723-BBBD-7FF91270E07D@tcb.net> <2F1DE4DFCFF32144B 771BD2C246E6A200166D5CF@misout7msgusr7e.ugd.att.com> <EC8F87C1-E3AA-4606-A89A-4D02110355FA@multicasttech.com> <2F1DE4DFCFF32144B771BD2C246E6A200166D77C@misout7msgusr7e.ugd.att.com>
Content-Type: text/plain
Organization: France Telecom R&D - Orange Labs
Date: Mon, 15 Dec 2008 11:51:24 +0100
Message-Id: <1229338284.5286.23.camel@l-at11168.FTRD>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 15 Dec 2008 10:51:08.0331 (UTC) FILETIME=[092BB7B0:01C95EA3]
Cc: l3vpn@ietf.org, Danny McPherson <danny@tcb.net>
X-BeenThere: l3vpn@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <l3vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/l3vpn>
List-Post: <mailto:l3vpn@ietf.org>
List-Help: <mailto:l3vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=subscribe>
Sender: l3vpn-bounces@ietf.org
Errors-To: l3vpn-bounces@ietf.org

Hi Maria,

NAPIERALA, MARIA H, ATTLABS :
> >
> > Might there be situations where receivers want to set up a multicast
> > route for
> > source regardless of whether the source is currently active, to reduce
> > the time for source data to propagate ? So in that case this would be
> > legitimate.
> > 
> > Otherwise, joins to sources that are not active will generally stop.
> > Or are you worried about
> > DOS attacks ?
> 
> Yes, I think that triggering Source Active A-D routes when receiving
> (S,G) Joins without the knowledge that S is actually "active" creates a
> security issue. 

I don't agree with your formulation. Let's suppose that there is a
security issue due to spurious state being created because of an
inactive source "mistaken" as active.  Let's suppose we try to solve the
issue by avoiding inactive sources to create these states.  The
"attacker" on the customer side can still create the same states by
making the right number of source active.


> A single end-user PC can generate a lot of spurious
> IGMP (S,G) joins that could trigger lots of BGP updates and potentially
> useless S-PMSIs in VPN core.

Well, I'm lost here : since when do IGMP S,G joins create S-PMSI
routes ?  

It is true that IGMP activity (and PIM) on the customer side will create
state on the PEs, and that this has to be controlled in some kind of
way, but this is not specific to BGP, nor related to S-A A-D routes or
S-PMSI routes...


Now, if we take a broader perspective, I agree that we must ensure that
there are safeguards to avoid that customers could creates an unbounded
amount of states in the PEs (and RRs) :
- it applies to state in the PEs that is created directly based on state
on the PE-CE interfaces : (S,G) and (*,G) joins
  * we need safeguards to avoid too much states created on PEs based on
customer PIM activity 
  * it implies having the operator configure upper bounds on the amount
of multicast states in the VRFs
  * this is true independently of the protocol used for C-multicast
routing
- it also applies to states created "indirecly" based on customer
activit: Source-Active and S-PMSI A-D routes
  * we need safeguards to cover these
  * S-PMSI routes are created based on (a) customer activity and (b) PE
policy defined by the operator   --> there is a need to bound the
amount, and frequency of changes, of S-PMSI state   (this critical to
protect P routers, and is true independently of the protocol used to
signal S-PMSIs)
  * S-A A-D routes are also created based on customer activity:
      -> in the context of section 13, they are only created based on
Source Tree Join routes, so if these are properly bounded, it should be
fine  
      -> in the context of section 14, they are created based on RP
activity, or PIM registers, or MSDP : bounds would typically also setup
here
      -> if we want more solive boundaries, it seems to me that it makes
sense to suggest that implementation should provide a way to set an
upper bound to the number of S-A A-D routes that can be advertised from
a VRF

Cheers,

-Thomas


> > -----Original Message-----
> > From: Marshall Eubanks [mailto:tme@multicasttech.com]
> > Sent: Sunday, December 14, 2008 8:33 AM
> > To: NAPIERALA, MARIA H, ATTLABS
> > Cc: Danny McPherson; l3vpn@ietf.org
> > Subject: Re: WG LC: draft-ietf-l3vpn-2547bis-mcast-bgp
> > 
> > Dear Maria;
> > 
> > On Dec 12, 2008, at 4:17 PM, NAPIERALA, MARIA H, ATTLABS wrote:
> > 
> > > PIM-SM/RFC 4601 permits, quote, "a receiver to join a group and
> > > specify
> > > that it only wants to receive traffic for a group if that traffic
> > > comes
> > > from a particular source. If a receiver does this, and no other
> > > receiver
> > > on the LAN requires all the traffic for the group, then the DR may
> > > omit
> > > performing a (*,G) join to set up the shared tree, and instead issue
> > a
> > > source-specific (S,G) join only."
> > >
> > > Such behavior of end systems in PIM-SM means that a PE can receive
> > > Join
> > > (C-S, C-G) even for sources that are not active.
> > >
> > > Section 13.1 of draft-ietf-l3vpn-2547bis-mcast-bgp-05 requires that
> > > "whenever a PE creates an <C-S,C-G> state as a result of receiving a
> > > Source Tree Join C-multicast route for <C-S, C-G> from some other
> PE,
> > > the PE that creates the state MUST originate a Source Active A-D
> > > route."
> > >
> > > The procedure as described in section 13.1 might lead to useless S-
> > > PMSI
> > > creation for C-sources operating in sparse groups which are not
> > > active.
> > > This procedure should be enhanced to prevent triggering of S-PMSIs
> in
> > > such cases.
> > 
> > Might there be situations where receivers want to set up a multicast
> > route for
> > source regardless of whether the source is currently active, to reduce
> > the time for source data to propagate ? So in that case this would be
> > legitimate.
> > 
> > Otherwise, joins to sources that are not active will generally stop.
> > Or are you worried about
> > DOS attacks ?
> > 
> > Regards
> > Marshall
> > 
> > >
> > >
> > > Maria
> > >
> > >> -----Original Message-----
> > >> From: l3vpn-bounces@ietf.org [mailto:l3vpn-bounces@ietf.org] On
> > >> Behalf
> > >> Of Danny McPherson
> > >> Sent: Friday, November 21, 2008 8:52 AM
> > >> To: l3vpn@ietf.org
> > >> Subject: WG LC: draft-ietf-l3vpn-2547bis-mcast-bgp
> > >>
> > >>
> > >> Please consider today the start of a 2-week last call
> > >> for draft-ietf-l3vpn-2547bis-mcast-bgp, available here:
> > >>
> > >> http://tools.ietf.org/html/draft-ietf-l3vpn-2547bis-mcast-bgp-05
> > >>
> > >> Input on this draft's suitability for publication as an
> > >> Internet Standards Track document is solicited, feedback
> > >> ends December 9, 2008.
> > >>
> > >> Thanks in advance for your feedback!
> > >>
> > >> Danny & Marshall
>