Re: [lisp] Comments on draft-fuller-lisp-ms
Dino Farinacci <dino@cisco.com> Fri, 27 March 2009 05:18 UTC
Return-Path: <dino@cisco.com>
X-Original-To: lisp@core3.amsl.com
Delivered-To: lisp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56D923A67E6 for <lisp@core3.amsl.com>; Thu, 26 Mar 2009 22:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.544
X-Spam-Level:
X-Spam-Status: No, score=-6.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WADy4nZVlP8S for <lisp@core3.amsl.com>; Thu, 26 Mar 2009 22:18:15 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 2767E3A67D9 for <lisp@ietf.org>; Thu, 26 Mar 2009 22:18:15 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.38,431,1233532800"; d="scan'208";a="147387223"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-2.cisco.com with ESMTP; 27 Mar 2009 05:19:09 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n2R5J9o2016779; Thu, 26 Mar 2009 22:19:09 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id n2R5J9Wu002404; Fri, 27 Mar 2009 05:19:09 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Mar 2009 22:19:09 -0700
Received: from dhcp-51cf.meeting.ietf.org ([10.21.95.4]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Mar 2009 22:19:08 -0700
Message-Id: <183D755D-BFD8-4057-B634-8F8B0D539D34@cisco.com>
From: Dino Farinacci <dino@cisco.com>
To: Olivier.Bonaventure@uclouvain.be
In-Reply-To: <49CB94D6.7050003@uclouvain.be>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.4)
Date: Thu, 26 Mar 2009 22:19:08 -0700
References: <49CB94D6.7050003@uclouvain.be>
X-Mailer: Apple Mail (2.930.4)
X-OriginalArrivalTime: 27 Mar 2009 05:19:08.0743 (UTC) FILETIME=[8E4E4D70:01C9AE9B]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4351; t=1238131149; x=1238995149; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dino@cisco.com; z=From:=20Dino=20Farinacci=20<dino@cisco.com> |Subject:=20Re=3A=20[lisp]=20Comments=20on=20draft-fuller-l isp-ms |Sender:=20; bh=+fb91e7GI0aAYZjMMTZApEyJmg/0dJp0BtjHppKudTw=; b=tfS1Tr2hzpcMrAMSnqrv0Nyof8BeShPIIwslExo8P4CX8jTAsR2G3Fzd1D S3t6cv9Nz9V6wRj9vwgv3gWbg5tiXcoJWZmag+qciogpaX9NMZKHMuNq/dxZ Lgq58Q4tnzS1ix4buc+fVe4fhv03nVNuYb4YCIk1RUwA4w6LzbULw=;
Authentication-Results: sj-dkim-1; header.From=dino@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: lisp@ietf.org
Subject: Re: [lisp] Comments on draft-fuller-lisp-ms
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2009 05:18:16 -0000
> Hello, > > I had a look at draft draft-fuller-lisp-ms-00. > > My first comment is that this is a very good addition to the set of > LISP > documents, this will allow the implementation of simpler xTRs and also > allow people to experiment with mapping systems. I thus fully support > this direction on work. Thanks Olivier. > However, I have some concerns about the details and the solution > chosen > in the draft. > > First, concerning the map register message defined in > draft-farinacci-lisp-12 I completely agree that we need a method to > authenticate the map register messages. Using AH with MD5 and a key > shared between the ETR and the mapping server to authenticate the > mapping register appears more like a quick hack than an > implementation. It is simple and IPsec is suppose to be used for packet authentication. > Instead of using IPSec to authenticate the content of the map > register, > I would suggest that we consider adding authentication data inside the > map register at least. The authentication data should be flexible and > support different types of authentications. MD5 with a shared key > could > be a first example, but I think that we should also explore the > possibility of using certificates that certify a binding between an > EID > prefix and a keypair and use this keypair to sign the mapping > register. Since each side (the ETR side and the map-server side) needs explicit configuration, which aids in the security of both allowing the EID- prefix into the mapping system as well as authenticating the binding, you can also configure the HMAC used. In fact, it's just another element of a multi-tuple passphrase that can be used. > Second, the reliability of the transmission of the map register should > be discussed. As map register messages are sent in normal IP packets, > they may be dropped. One possibility could be that everytime an ETR > sends a map-register to a mapping server, it should after a timeout > send > a map-request to this server to check that the map register sent has > caused an update of the mapping server. Yes, we are considering this. > Third, concerning the map-server processing, draft-fuller-lisp-ms > explains that the map-server does not produce map replies, but only > forwards the map-requests to the appropriate ETRs. This implies that > the > map-server does not need to store all the mapping information (i.e. > rlocs, reachability, weight, priority, ...). In this case, then why > does > the ETR indicates all this information in the map register message ? Just so the implementation can remain simple and reuse code. Plus, if later we want the full mappings to be stored in the map-server, we already have the packet format supporting it. > Fourth, when an EID prefix is served by several ETRs, it seems > useful to > expect that the map-server will load balance the received request > among > the ETRs that it knows. Yes, we are planning on doing this. Plus we want each ETR at the site to register to more than one map-server for redundancy. > Fifth, the ability of sending a negative map reply (with an empty > locator set) is a useful addition. However, it may create risks of DoS It may be useful but we are proceeding with caution. There are many complications that may arise from it so it may be more cost than benefit. > attacks that would be useful to discuss in the security section. The > verification of the contents of the map reply (source port, nonce) is > very important. The draft suggest to send a negative map reply that > contains the largest possible EID prefix. If an ITR accepts a negative The largest possible prefix which would cover a non-EID-prefix. The point is to put the prefix in the map-cache, so when a packet matches it, that we can natively-forward the packet (to a non-LISP site). > reply containing 0.0.0.0/0, then it would consider that the entire > IPv4 > Internet is unreachable. No, it would consider the entire Internet as non-LISP capable. Dino > > > > Olivier > -- > http://inl.info.ucl.ac.be , UCLouvain, Belgium > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp
- [lisp] Comments on draft-fuller-lisp-ms Olivier Bonaventure
- Re: [lisp] Comments on draft-fuller-lisp-ms Dino Farinacci